A FEW WORDS ABOUT NMAP

In this topic I would like to share a few words about the command “NMAP” with you. NMAP is the short name of NetWork Mapper. NMAP is a security tool that used for network exploration, security scanning and auditing. With the help of NMAP command we can scan large networks and single hosts.

In case of system administration NMAP is a very useful tool and with the help of NMAP command we can find out following things,

* Ip address of computers which are running on our local network

* Operating system of target machine

* Open ports in target machine

* We can also find if the system is infected with malware or virus etc…

In following section I would like to share some useful options along with nmap command,

1] Detecting server operating system.
++++++++++++++++++++++++++++++++++++++

* nmap -O -v localhost

* nmap -O -v Server ip address

Sample outputs:
++++++++++++++

[root@manu manu]# nmap -v -O –osscan-guess localhost

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-02-23 00:05 IST
Initiating SYN Stealth Scan against manu.manusabu.com (127.0.0.1) [1680 ports] at 00:05
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 111/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Discovered open port 709/tcp on 127.0.0.1
The SYN Stealth Scan took 0.07s to scan 1680 total ports.
For OSScan assuming port 22 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 22 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 22 is open, 1 is closed, and neither are firewalled
Host manu.manusabu.com (127.0.0.1) appears to be up … good.
Interesting ports on manu.manusabu.com (127.0.0.1):
Not shown: 1675 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
709/tcp open entrustmanager
3306/tcp open mysql
Device type: general purpose|printer
Running (JUST GUESSING) : Linux 2.4.X|2.5.X|2.6.X|2.3.X (95%), Lexmark embedded (91%)
Aggressive OS guesses: Linux 2.4.7 – 2.6.11 (95%), Linux 2.5.25 – 2.6.8 or Gentoo 1.2 Linux 2.4.19 rc1-rc7 (95%), Linux 2.6.0-test10 (x86) (95%), Linux 2.6.0-test9 – 2.6.0 (x86) (95%), Linux 2.6.3 – 2.6.7 (X86) (95%), Linux 2.6.6 (95%), Linux 2.6.7 – 2.6.8 (95%), Linux 2.4.18 (95%), Gentoo 1.2 linux (Kernel 2.4.19-gentoo-rc5) (93%), Linux 2.4.0 – 2.5.20 (93%)
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-redhat-linux-gnu%D=2/23%Tm=5127BA6E%O=22%C=1)
TSeq(Class=RI%gcd=1%SI=4C61D7%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=1%SI=4C61EC%IPID=Z%TS=1000HZ)
TSeq(Class=RI%gcd=1%SI=4C61CA%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.100 days (since Fri Feb 22 21:42:02 2013)
TCP Sequence Prediction: Class=random positive increments
Difficulty=5005770 (Good luck!)
IPID Sequence Generation: All zeros

Nmap finished: 1 IP address (1 host up) scanned in 9.593 seconds
Raw packets sent: 1725 (77.424KB) | Rcvd: 3467 (147.688KB)

2] To find host interfaces and routes
+++++++++++++++++++++++++++++++++++

* nmap –iflist

Sample out put:
+++++++++++++++
[root@manu manu]# nmap –iflist

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-02-23 00:14 IST
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MAC
lo (lo) 127.0.0.1/8 loopback up
eth0 (eth0) 192.168.1.100/24 ethernet up 00:1C:C0:AB:68:74

**************************ROUTES**************************
DST/MASK DEV GATEWAY
192.168.1.0/0 eth0
169.254.0.0/0 eth0
0.0.0.0/0 eth0 192.168.1.1

3] For scanning a list of networks from a file( in case of ipv4)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Here you need to create a text file say ma.txt and then need to add the network ranges that you would like to scan in that text file with the help of your favorite text editor.

[root@manu manu]# cat /manu/ma.txt
192.168.1.1/24
192.168.5.0/24
10.1.1.1
localhost

* nmap -iL /manu/ma.txt

4] Scanning A range or a singe ip address
++++++++++++++++++++++++++++++++++++++++

You can scan a range of ip address using

* nmap 192.168.1.1-20

* nmap 192.168.1.*

If you want to scan a large number of networks and want to avoid a particular ip address from that range then use following option along with nmap

* nmap 192.168.1.0/24 –exclude 192.168.1.5

For scanning a network and find out which servers and devices are up and runningplease use following one

nmap -sP 192.168.1.1/24

Following command help us to findout open port in a system

* nmap -T5 ipaddress

sample output
+++++++++++++

[root@manu manu]# nmap -T5 192.168.1.100

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-02-23 00:40 IST
Interesting ports on 192.168.1.100:
Not shown: 1676 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
709/tcp open entrustmanager
3306/tcp open mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.125 seconds

5] Scan for IP protocol
++++++++++++++++++++++

Following type of scan allows you to determine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines:

* nmap -sO server ip address

Sample out put:
++++++++++++++

[root@manu manu]# nmap -sO 192.168.1.100

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-02-23 00:47 IST
Interesting protocols on 192.168.1.100:
Not shown: 250 closed protocols
PROTOCOL STATE SERVICE
1 open icmp
2 open|filtered igmp
6 open tcp
17 open udp
41 open|filtered ipv6
255 open|filtered unknown

Nmap finished: 1 IP address (1 host up) scanned in 1.264 seconds

6] Finding remote services (server / daemon) version number
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

* nmap -sV 192.168.1.100

Sample outputs:
++++++++++++++

[root@manu manu]# nmap -sV 192.168.1.100

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-02-23 00:55 IST
Interesting ports on 192.168.1.100:
Not shown: 1676 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
111/tcp open rpcbind 2 (rpc #100000)
709/tcp open status 1 (rpc #100024)
3306/tcp open mysql MySQL (unauthorized)

Nmap finished: 1 IP address (1 host up) scanned in 11.268 seconds

PHP selector In cloud linux

PHP Selector is a CloudLinux component that sits on top of CageFS. It allows each users in cpanel to select PHP version & module based on their needs ( currently 5.2, 5.3, 5.4 and 5.5). PHP Selector requires account to have CageFS enabled to work.

For PHP selector installation cagefs and lvemanger should be installed on clouldlinux sever

To install CageFS:

$ yum install cagefs
$ /usr/sbin/cagefsctl –init

That last command will create skeleton directory that might be around 7GB in size. If you don’t have enough disk space in /usr/share, use following commands to have cagefs-skeleton being placed in a different location:

$ mkdir /home/cagefs-skeleton
$ ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton

On cPanel servers, if you will be placing skeleton into /home directory, you must configure the following option in:

cPanel WHM WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directories

Change the value to blank (not default “home”)

Without changing this option, cPanel will create new accounts in incorrect places.

To install lvemanager

$ yum install lvemanager

The installation of PHP Selector

yum groupinstall alt-php
yum update cagefs lvemanager
cagefsctl –update

It is better to run above commands in screen.

You can change default version of php and its modules through whm>cloud linux lve manger > selector .

For changing version of php for a cpanel account rather than native php on server it can be do via cpanel>php selector

PhpFox: Admin and member areas blank after login

If you were facing blank page related issues on your PhpFox site when you are trying to access your admincp or member areas then you can try following methods to debug this issue:

1 You need to enable PhpFox debugging mode. It can be do via

create a file with name dev.sett.php file and add following contents to it

http://phpfoxdemo.ceofox.com/faqs/view/17/enabling-debug-mode/

Then upload it to the /include/setting folder.Refresh your browser and you should see what the script has to say.
If you didn’t get any suspicious messages through above steps then you can try to repair your database. Because sometimes it will do the tricks 😉