Hi all,
I took one of crazy and ran a scan on Backdoor server IP 212.7.28.65
See the log
root@bt:~# nmap -sV -f -O -T5 -A -vv -v 212.7.208.65
Starting Nmap 6.01 ( http://nmap.org ) at 2012-09-05 01:39 BRT
NSE: Loaded 93 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Initiating Ping Scan at 01:39
Scanning 212.7.208.65 [4 ports]
Completed Ping Scan at 01:39, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 01:39
Completed Parallel DNS resolution of 1 host. at 01:39, 5.51s elapsed
DNS resolution of 1 IPs took 5.52s. Mode: Async [#: 3, OK: 0, NX: 1, DR: 0, SF: 0, TR: 3, CN: 0]
Initiating SYN Stealth Scan at 01:39
Scanning 212.7.208.65 [1000 ports]
Completed SYN Stealth Scan at 01:40, 5.73s elapsed (1000 total ports)
Initiating Service scan at 01:40
Initiating OS detection (try #1) against 212.7.208.65
Retrying OS detection (try #2) against 212.7.208.65
Initiating Traceroute at 01:40
Completed Traceroute at 01:40, 3.02s elapsed
Initiating Parallel DNS resolution of 15 hosts. at 01:40
Completed Parallel DNS resolution of 15 hosts. at 01:40, 5.83s elapsed
DNS resolution of 15 IPs took 5.83s. Mode: Async [#: 3, OK: 11, NX: 3, DR: 1, SF: 4, TR: 28, CN: 0]
NSE: Script scanning 212.7.208.65.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 01:40
Completed NSE at 01:40, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Nmap scan report for 212.7.208.65
Host is up (0.20s latency).
Scanned at 2012-09-05 01:39:50 BRT for 24s
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
80/tcp filtered http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=6.01%E=4%D=9/5%OT=%CT=1%CU=%PV=N%DS=16%DC=T%G=N%TM=5046D7AE%P=i686-pc-linux-gnu)
SEQ(CI=Z)
T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
U1(R=N)
IE(R=N)
Network Distance: 16 hops
TRACEROUTE (using port 143/tcp)
HOP RTT ADDRESS
1 0.75 ms 192.168.0.1
2 13.91 ms 10.65.128.1
3 13.51 ms 201.17.0.7
4 11.64 ms embratel...
5 120.51 ms ebt-
6 130.02 ms ebt-
7 ...
8 225.00 ms ae-7.r05.nycmny01.us.bb.gin.ntt.net (129.250.3.161)
9 145.82 ms ae-1.r22.nycmny01.us.bb.gin.ntt.net (129.250.4.172)
10 232.50 ms as-1.r22.londen03.uk.bb.gin.ntt.net (129.250.3.255)
11 199.65 ms ae-0.r23.londen03.uk.bb.gin.ntt.net (129.250.4.86)
12 228.34 ms ae-3.r22.amstnl02.nl.bb.gin.ntt.net (129.250.5.198)
13 227.66 ms ae-1.r02.amstnl02.nl.bb.gin.ntt.net (129.250.2.113)
14 227.48 ms xe-0-5-0-2.r02.amstnl02.nl.ce.gin.ntt.net (81.20.69.78)
15 217.36 ms te9-2.sr8.evo.leaseweb.net (62.212.80.114)
16 216.38 ms 212.7.208.65
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.85 seconds
Raw packets sent: 1066 (50.348KB) | Rcvd: 1029 (42.012KB)
Now I know the server cmo play with him (laughs)
Let's go to war (laughs)
hugsNow I know the server cmo play with him (laughs)
Let's go to war (laughs)
hugs