Web spider on software host
Closed this issue · 2 comments
This is a request for information issue
In the ASP index from www.p2plivecam.com, there is an IP address linked with downloading PCTools and the Android APK software. The address is 112.124.40.254:808 and appears to be a Chinese IPCamera software upgrade management platform.
The test I would like to be run is:
$ nmap -sS -sU -T4 -vvv -p 1-65535 112.124.40.254
$ nmap -F -T4 -A -vvv --script all 112.124.40.254
This will require root privileges.
Is there any chance that this will cause damage/in some way alter the code executing on the camera?
No.
Does this test prelude/follow up on others? If so, what? No idea.
Scan 1 nmap -sS -sU -T4 -vvv -p 1-65535 112.124.40.254
results:
Interesting results:
PORT STATE SERVICE REASON
808/tcp open ccproxy-http syn-ack ttl 100
10220/tcp open unknown syn-ack ttl 101
10230/tcp open unknown syn-ack ttl 101
45342/tcp open unknown syn-ack ttl 101
45514/tcp open cloudcheck syn-ack ttl 64
Every single UDP port was listed as open|filtered
with it's corresponding service. Sample:
1/udp open|filtered tcpmux no-response
2/udp open|filtered compressnet no-response
3/udp open|filtered compressnet no-response
4/udp open|filtered unknown no-response
5/udp open|filtered rje no-response
--clip--
65530/udp open|filtered unknown no-response
65531/udp open|filtered unknown no-response
65532/udp open|filtered unknown no-response
65533/udp open|filtered unknown no-response
65534/udp open|filtered unknown no-response
65535/udp open|filtered unknown no-response
Scan 2 nmap -F -T4 -A -vvv --script all 112.124.40.254
results:
| IP: fd00:f81d:f8e:6122:785e:8809:25bf:45 MAC: 00:cd:fe:e2:50:0d IFACE: wlan0
| IP: fd00:f81d:f8e:6122:8ca8:ac9c:b5f8:2d81 MAC: 9c:e3:3f:31:8e:d4 IFACE: wlan0
| IP: 2001:48f8:3035:128d:bce7:4927:4fb3:a2b9 MAC: 00:cd:fe:e2:50:0d IFACE: wlan0
| IP: fe80::1897:2bd6:832b:704a MAC: 00:cd:fe:e2:50:0d IFACE: wlan0
| IP: fe80::fa1d:fff:fe8e:6122 MAC: f8:1d:0f:8e:61:22 IFACE: wlan0
| IP: fe80::5a6d:8fff:fe77:1401 MAC: 58:6d:8f:77:14:01 IFACE: wlan1
| IP: 2001:48f8:3035:128d:c554:4078:f500:f37b MAC: 9c:e3:3f:31:8e:d4 IFACE: wlan0
|_ Use --script-args=newtargets to add the results as targets
| targets-ipv6-multicast-mld:
| IP: fe80::5a6d:8fff:fe77:1401 MAC: 58:6d:8f:77:14:01 IFACE: wlan1
|
|_ Use --script-args=newtargets to add the results as targets
Initiating Ping Scan at 21:13
Scanning 112.124.40.254 [4 ports]
Completed Ping Scan at 21:13, 0.30s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:13
Completed Parallel DNS resolution of 1 host. at 21:14, 5.90s elapsed
DNS resolution of 1 IPs took 5.90s. Mode: Async [#: 4, OK: 0, NX: 1, DR: 0, SF: 0, TR: 3, CN: 0]
Initiating SYN Stealth Scan at 21:14
Scanning 112.124.40.254 [100 ports]
Completed SYN Stealth Scan at 21:14, 26.06s elapsed (100 total ports)
Initiating Service scan at 21:14
Initiating OS detection (try #1) against 112.124.40.254
Retrying OS detection (try #2) against 112.124.40.254
Initiating Traceroute at 21:14
Completed Traceroute at 21:14, 3.18s elapsed
Initiating Parallel DNS resolution of 18 hosts. at 21:14
Completed Parallel DNS resolution of 18 hosts. at 21:14, 5.81s elapsed
DNS resolution of 18 IPs took 5.81s. Mode: Async [#: 4, OK: 6, NX: 12, DR: 0, SF: 0, TR: 28, CN: 0]
NSE: Script scanning 112.124.40.254.
NSE: Starting runlevel 1 (of 4) scan.
Initiating NSE at 21:14
NSE: [ip-geolocation-maxmind 112.124.40.254] You must specify a Maxmind database file with the maxmind_db argument.
NSE: [ip-geolocation-maxmind 112.124.40.254] Download the database from http://dev.maxmind.com/geoip/legacy/geolite/
Completed NSE at 21:15, 21.29s elapsed
NSE: Starting runlevel 2 (of 4) scan.
Initiating NSE at 21:15
Completed NSE at 21:15, 0.00s elapsed
NSE: Starting runlevel 3 (of 4) scan.
Initiating NSE at 21:15
Completed NSE at 21:15, 0.00s elapsed
NSE: Starting runlevel 4 (of 4) scan.
Initiating NSE at 21:15
Completed NSE at 21:15, 0.00s elapsed
Nmap scan report for 112.124.40.254
Host is up, received echo-reply ttl 101 (0.26s latency).
All 100 scanned ports on 112.124.40.254 are filtered because of 100 no-responses
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.70%E=4%D=2/7%OT=%CT=%CU=%PV=N%DS=21%DC=T%G=N%TM=5C5CF43F%P=x86_64-pc-linux-gnu)
U1(R=N)
IE(R=N)
Network Distance: 21 hops
Host script results:
|_asn-query: No Answers
| dns-blacklist:
| ATTACK
| all.bl.blocklist.de - FAIL
| SPAM
| all.spamrats.com - FAIL
| spam.dnsbl.sorbs.net - FAIL
| bl.spamcop.net - FAIL
| l2.apews.org - FAIL
| sbl.spamhaus.org - FAIL
| dnsbl.inps.de - FAIL
| list.quorum.to - FAIL
| bl.nszones.com - FAIL
| PROXY
| socks.dnsbl.sorbs.net - FAIL
| dnsbl.tornevall.org - FAIL
| http.dnsbl.sorbs.net - FAIL
| misc.dnsbl.sorbs.net - FAIL
|_ tor.dan.me.uk - FAIL
|_dns-brute: Can't guess domain of "112.124.40.254"; use dns-brute.domain script argument.
|_fcrdns: FAIL (No PTR record)
|_firewalk: None found
| hostmap-ip2hosts:
|_ hosts: Error: found no hostnames but not the marker for "no hostnames found" (pattern error?)
|_hostmap-robtex: ERROR: Script execution failed (use -d to debug)
| ip-geolocation-geoplugin:
|_112.124.40.254
|_tor-consensus-checker: ERROR: Script execution failed (use -d to debug)
|_traceroute-geolocation: ERROR: Script execution failed (use -d to debug)
| unusual-port:
|_ WARNING: this script depends on Nmap's service/version detection (-sV)
|_whois-domain: You should provide a domain name.
| whois-ip: Record found at whois.apnic.net
| inetnum: 112.124.0.0 - 112.127.255.255
| netname: ALISOFT
| descr: Aliyun Computing Co., LTD
| country: CN
| person: Li Jia
|_email: jiali.jl@alibaba-inc.com
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 5.91 ms 192.168.0.1
2 16.47 ms 10.11.128.1
3 16.56 ms 24-220-255-126-static.midco.net (24.220.255.126)
4 18.57 ms 24-220-255-51-static.midco.net (24.220.255.51)
5 18.62 ms 24-220-6-224-static.midco.net (24.220.6.224)
6 150.38 ms mini-b1-link.telia.net (62.115.152.104)
7 150.43 ms kanc-b1-link.telia.net (62.115.123.241)
8 150.47 ms sjo-b21-link.telia.net (213.155.132.180)
9 150.47 ms 218.30.54.181
10 150.57 ms 202.97.62.5
11 225.12 ms 202.97.71.197
12 223.49 ms 202.97.90.30
13 251.28 ms 202.97.94.238
14 238.87 ms 202.97.55.18
15 251.22 ms 220.191.200.26
16 228.81 ms 122.224.214.78
17 242.64 ms 42.120.247.97
18 ... 20
21 215.15 ms 112.124.40.254
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 4) scan.
Initiating NSE at 21:15
Completed NSE at 21:15, 0.00s elapsed
NSE: Starting runlevel 2 (of 4) scan.
Initiating NSE at 21:15
Completed NSE at 21:15, 0.00s elapsed
NSE: Starting runlevel 3 (of 4) scan.
Initiating NSE at 21:15
Completed NSE at 21:15, 0.00s elapsed
NSE: Starting runlevel 4 (of 4) scan.
Initiating NSE at 21:15
Completed NSE at 21:15, 0.00s elapsed
Post-scan script results:
|_ip-geolocation-map-bing: Need to specify an API key, get one at https://www.bingmapsportal.com/.
|_ip-geolocation-map-google: Need to specify an API key, get one at https://developers.google.com/maps/documentation/static-maps/.
|_ip-geolocation-map-kml: Need to specify a path for the map.
|_reverse-index:
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 105.36 seconds
Raw packets sent: 368 (19.396KB) | Rcvd: 40 (2.926KB)