Hello,

I wanted to look back at the Kali system, I gave it a try yesterday on a USB as a live disk, and I had my old xp system with service pack 1 on it, and I installed the Ethernet driver software for the hardware on it, and then decided to just check out some clips on youtube, while many show examples of find their xp system connected, they use fake setups, virtual machines.

Anyway, I followed the example of iconfig, found the connection, but then the response was all ports found, 1,000 or something, and ignored was the repeated conclusion.

No idea about that.

I used a Dell optiplex 780 and just used the Live, and connected to the wifi, so the XP system was connected to the box using just an Ethernet, could that be a problem with this type of network test. I'd guess that would be a no.

A couple of clips mention finding a port that may be open so that is a vulnerability. I wanted to see how accurate that is, and yes there was no firewall on.

Thank you

Maybe you got a firewall in the way, or selected the wrong IP. Does XP have a firewall on by default? This is a WinNT Terminal Server.

I used two clips on youtube, and followed their steps, I can't of gone off course. The firewall isn't active. The system has been on that drive for two years, so this is the first it has had the Eithernet drivers installed on it.

One used something called Armitage, which wasn't available on the kali.

https://youtu.be/whCCkKmUFdQ?t=149

An another clip was simply about finding a system on the network, so I obviously found the Ethernet connected system, and followed the steps of the IP type in and np pn- and so on, I tried all that, and the result was ports found, but ignored the was error.

I haven't a clue. I last tried Kali seven years ago, my reason for joining here in the first place. I then gave up with the idea. I did try a clip, but the metasploit task didn't work.

I have at least gotten somewhere with this try this time around, looks like it went nowhere.

The difference then is, I had windows XP service pack 3, no antivirus, and I think the firewall was on, but I'm sure at that time I wouldn't of switched that off, that is basic 101 for security and ports, even if one is pretty clueless on the subject.

What are you trying to do exactly?

The file sharing method used by XP has been deprecated due to insufficient security. As a result, it has been disabled by default on most Linux distributions since some time in 2019.

Are you talking about Remote Desktop? If so, then there are steps you'll have to take to get it working.

Can you please clarify the meaning of this sentence? Both machines need to connected to the router.

I use a optiplex 780 to connect using wifi to the modem box. I don't have Ethernet for it.

So the other computer I have Ethernet for, it isn't in the same room.

I'm simply trying to find the XP system connected to the connection, and see what ports are open as the tutorial clips on youtube have shown, some aren't very good since they aren't actual systems in the physical sense. Just Virtual machines on a computer somewhere.

I tried another video as I noted in my first post which simply was about find a computer on an Ethernet connection connected to a network, and the whole task returned with ports found, 1,000 or something and ignored ports. And that was it.

Real vs VM... they're still machines connected to a router. It shouldn't make any difference. You should be able to follow those instructions with physical boxes and get identical results.

Test #1 = Can the XP box see the LAN? Does it have the right driver for the network card, etc?

Test #2 = Can the machines ping each other? If not, then you need to fix that before doing anything else.

Yes, the system is a Dimension, so it has the network driver for it.

Is that what the Default gateway is for? I recall one video showed that, but it may be the IP, the video there I linked show that.

I then tried this video on simply find the system.

Ping wasn't something I had tried.

https://youtu.be/K7y_-JtpZ7I?t=128

This clip.

With respect, you should probably learn the basics of computer networking before progressing.

2 members found this post helpful.

try this link: https://www.youtube.com/watch?v=aZssqDGT5_s

but yes as others said, learn networking first, start OSI model first.

getting the grasp of the fundamentals goes a long way, it makes life easier as you progress.

remember, we all learn to crawl first before we learn to walk. start from that idea.

That video seem rubbish, all sign language.

The difference there is nmap A- IP

Where as I just typed nmap Ip and then the Pn- or sv- options, and got a result.

I did do networking at college, but it was the most pointless subject, I didn't care at all about it. My idea of this was from a article in the Guardian newspaper, something to do with the founder of what we know now as Meta.

It isn't that difficult surely trying to find the system, a few commands, bala bing. Beyond that you can enter a port or door into the computer. And that is that. I think the problem was, when I tried it seven years ago, I just watched a silent clip just type in some command, and that was it and I couldn't go anywhere with it. I thought well, I tried that.

https://youtu.be/aZssqDGT5_s?t=1154

Then sv- at ninetween mins.

https://youtu.be/aZssqDGT5_s?t=1229

postgresql no idea on what that is.

From having seen the other clip, metasploit, was about just connecting it and viewing the system. Armitage that clip.

And yet here you are, asking questions about it.
From the information you've given, it is still unascertained as to whether the machine you're trying to reach has a functioning network connection.

1 members found this post helpful.

I guess that just happens to be curiousity.

I did install the network drivers for the Dell system. I tried the tutorial's, and the same result is ignored ports. I also tried this when the system was off, gave the same result. So that was a big change. But the network does work, otherwise I couldn't vist the one website I have up, which as no javascript only html/php page. Using Internet explorer 6.

Here is the result of the first try using the example videos.

1
$ nmap (IP) Pn-
Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-17 19:33 UTC
Failed to resolve "Pn-".
Failed to resolve "Pn-".
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.06 seconds


2
└─$ nmap IP
Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-17 19:32 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.09 seconds

3

$ nmap IP -sv
Nmap 7.93 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[robeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports sequentially - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--noninteractive: Disable runtime interactions via keyboard
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn IP
nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
Scantype v not supported

┌──(kali㉿kali)-[~]
└─$ nmap -v -A IP
Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-17 19:36 UTC
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:36
Completed NSE at 19:36, 0.00s elapsed
Initiating NSE at 19:36
Completed NSE at 19:36, 0.00s elapsed
Initiating NSE at 19:36
Completed NSE at 19:36, 0.00s elapsed
Initiating Ping Scan at 19:36
Scanning IP [2 ports]
Completed Ping Scan at 19:36, 0.00s elapsed (1 total hosts)
Nmap scan report for IP [host down]
NSE: Script Post-scanning.
Initiating NSE at 19:36
Completed NSE at 19:36, 0.00s elapsed
Initiating NSE at 19:36
Completed NSE at 19:36, 0.00s elapsed
Initiating NSE at 19:36
Completed NSE at 19:36, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.84 seconds

And the last one

4

└─$ ping IP
PING IP (IP) 56(84) bytes of data.

That is that.

If you're more visual, using youtube and such Wireshark could be open during all this?

One of many stickies : https://www.linuxquestions.org/quest...ad-4175614092/

...have fun!

Attached Thumbnails

 

I thought about trying the wireless adapter connected to the network. It won't make any difference, I would presume.

I don't know, I gave it ago using those clips, and for what ever reason.

wireshark?

Youtube, where? I used the terminal and typed the above nmap then the Ip and then tried the different options. I haven't clue. It doesn't work, it doesn't work. I did shut down the xp system, and that was the same result.

I can forget about windows 7.