Printable View
Olá a todos, preciso de uma pequena ajuda com o meu modem/router é um Hitron BVW-3653 fornecido pelo meu ISP, este equipamento tem por defeito 3 contas de utilizador, uma para administração remota, uma de admin e outra que fornecem aos clientes.
Já consegui eliminar as 2 primeiras mas estou com um problema, o equipamento tem páginas escondidas para aceder às configurações avançadas mas não as consigo descobrir :(
Tem maneira de descobrir quais são?
Obrigado pela ajuda:)
Bom. Isso não tem muito haver com o Backtrack 4. Tá mais para segurança e monitoramento, do que pentest (Backtrack 4).
Mas você pode usar o Backtrack para isso também. No caso, você pode tentar fazer um portscan ou uma scanning por vulnerabilidades. Se você detectar com o firwmare ser um linux, por exemplo, talvez você consegui conectar por ssh e putty e ter acesso interno ao router, nas profundezas do firmware instalado e rodando. De lá você consegue dar comandos de linux, por exemplo, explorar os processos /proc.
Fiz isso nesta dica no site Viva o Linux - A maior comunidade Linux da Am
e Adicionei um post agora em:
http://www.backtrack-linux.org/forum...via-putty.html
Obrigado mas o problema é mesmo pentest, o router corre sobre bsd, com plantaforma desenvolvida pela Jungo, o SSH e o Telnet fazem parte do S.O. mas não estão activos.
Já tentei o teu tutorial para usar o Hydra a tentar descobrir a pass do user remoto, mas sem exito.
Já tentei executardepois de me logar no equipamento mas apenas me faz o download da pagina de login.Code:wget -r 192.168.1.1
O interface de admin é parece-me que é Ajax, haverá algum exploit CGI para aceder ao que não se vê?
Mais uma vez obrigado:)
Faz um portscan com NMAP e posta aqui o fingerprint.
Podemos tentar ver o que esta executando.
Isto é o que aparece:
Continua...Code:root@bt:~# nmap -v -A 192.168.1.1
Starting Nmap 5.00 ( http://nmap.org ) at 2010-05-02 23:10 WEST
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 23:10
Scanning 192.168.1.1 [1 port]
Completed ARP Ping Scan at 23:10, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:10
Completed Parallel DNS resolution of 1 host. at 23:10, 0.01s elapsed
Initiating SYN Stealth Scan at 23:10
Scanning zonhub.home (192.168.1.1) [1000 ports]
Discovered open port 80/tcp on 192.168.1.1
Discovered open port 445/tcp on 192.168.1.1
Discovered open port 443/tcp on 192.168.1.1
Discovered open port 8080/tcp on 192.168.1.1
Discovered open port 139/tcp on 192.168.1.1
Discovered open port 5000/tcp on 192.168.1.1
Discovered open port 8443/tcp on 192.168.1.1
Completed SYN Stealth Scan at 23:10, 6.09s elapsed (1000 total ports)
Initiating Service scan at 23:10
Scanning 7 services on zonhub.home (192.168.1.1)
Completed Service scan at 23:10, 27.85s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against zonhub.home (192.168.1.1)
NSE: Script scanning 192.168.1.1.
NSE: Starting runlevel 1 scan
Initiating NSE at 23:10
Completed NSE at 23:10, 0.81s elapsed
NSE: Starting runlevel 2 scan
Initiating NSE at 23:10
Completed NSE at 23:10, 10.06s elapsed
NSE: Script Scanning completed.
Host zonhub.home (192.168.1.1) is up (0.0035s latency).
Interesting ports on zonhub.home (192.168.1.1):
Not shown: 993 closed ports
PORT STATE SERVICE VERSION
80/tcp open http?
|_ html-title: Consola de gest\xC3\xA3o do ZON HUB
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
443/tcp open ssl/https?
|_ sslv2: server still supports SSLv2
|_ html-title: Consola de gest\xC3\xA3o do ZON HUB
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
5000/tcp open upnp?
8080/tcp open http-proxy?
8443/tcp open ssl/https-alt?
|_ sslv2: server still supports SSLv2
|_ html-title: Consola de gest\xC3\xA3o do ZON HUB
5 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=5.00%I=7%D=5/2%Time=4BDDF84B%P=i686-pc-linux-gnu%r(GetRequ
SF:est,2AA7,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/html\r\nSet-C
SF:ookie:\x20rg_cookie_session_id=1296481755;\x20path=/;\x20expires=Fri,\x
SF:2001\x20Jan\x202038\x2000:00:00\x20GMT\r\nCache-Control:\x20no-cache,no
SF:-store\r\nPragma:\x20no-cache\r\nExpires:\x20Sun,\x2002\x20May\x202010\
SF:x2022:10:19\x20GMT\r\nDate:\x20Sun,\x2002\x20May\x202010\x2022:10:19\x2
SF:0GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\nP3P:\x20CP=\
SF:"NOI\x20NID\x20ADMa\x20OUR\x20LEG\x20DSP\x20COR\"\r\n\r\n<!---\x20Page\
SF:(page_wl_mgt_blocked\)=\[\]\x20---><HTML><HEAD><META\x20HTTP-EQUIV=\"Co
SF:ntent-Type\"\x20CONTENT=\"text/html;\x20charset=UTF-8\"><META\x20HTTP-E
SF:QUIV=\"EXPIRES\"\x20CONTENT=\"Sun,\x2002\x20May\x202010\x2022:10:19\x20
SF:GMT\"><META\x20HTTP-EQUIV=\"CACHE-CONTROL\"\x20CONTENT=\"NO-CACHE\"><ME
SF:TA\x20HTTP-EQUIV=\"PRAGMA\"\x20CONTENT=\"NO-CACHE\"><META\x20HTTP-EQUIV
SF:=\"Page-Enter\"\x20CONTENT=\"blendTrans\(Duration=0\.3\)\"><META\x20HTT
SF:P-EQUIV=\"Page-Exit\"\x20CONTENT=\"blendTrans\(Duration=0\.3\)\"><link\
SF:x20rel=\"shortcut\x20icon\"\x20href=\"images/zon_favicon\.ico\"\x20type
SF:=\"image/x-icon\"><TITLE>Consola\x20de\x20gest\xc3\xa3o\x20do\x20ZON\x2
SF:0HUB</TITLE><STYLE\x20type=\"text/css\">")%r(HTTPOptions,19A,"HTTP/1\.0
SF:\x20501\x20Not\x20Implemented\r\nContent-Type:\x20text/html\r\nCache-Co
SF:ntrol:\x20public,max-age=8640\r\nPragma:\x20cache\r\nExpires:\x20Sun,\x
SF:2002\x20May\x202010\x2022:40:19\x20GMT\r\nDate:\x20Sun,\x2002\x20May\x2
SF:02010\x2022:10:19\x20GMT\r\nLast-Modified:\x20Sun,\x2002\x20May\x202010
SF:\x2022:10:19\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\
SF:r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemented</title>
SF:\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20Not\x20Impl
SF:emented<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n")%r(RTSPRequest,
SF:19A,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nContent-Type:\x20text/ht
SF:ml\r\nCache-Control:\x20public,max-age=8640\r\nPragma:\x20cache\r\nExpi
SF:res:\x20Sun,\x2002\x20May\x202010\x2022:40:19\x20GMT\r\nDate:\x20Sun,\x
SF:2002\x20May\x202010\x2022:10:19\x20GMT\r\nLast-Modified:\x20Sun,\x2002\
SF:x20May\x202010\x2022:10:19\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnect
SF:ion:\x20close\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Imple
SF:mented</title>\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\
SF:x20Not\x20Implemented<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n");
Code:==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=5.00%T=SSL%I=7%D=5/2%Time=4BDDF852%P=i686-pc-linux-gnu%r(
SF:GetRequest,2AA6,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/html\r
SF:\nSet-Cookie:\x20rg_cookie_session_id=996312737;\x20path=/;\x20expires=
SF:Fri,\x2001\x20Jan\x202038\x2000:00:00\x20GMT\r\nCache-Control:\x20no-ca
SF:che,no-store\r\nPragma:\x20no-cache\r\nExpires:\x20Sun,\x2002\x20May\x2
SF:02010\x2022:10:26\x20GMT\r\nDate:\x20Sun,\x2002\x20May\x202010\x2022:10
SF::26\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\nP3P:\x
SF:20CP=\"NOI\x20NID\x20ADMa\x20OUR\x20LEG\x20DSP\x20COR\"\r\n\r\n<!---\x2
SF:0Page\(page_wl_mgt_blocked\)=\[\]\x20---><HTML><HEAD><META\x20HTTP-EQUI
SF:V=\"Content-Type\"\x20CONTENT=\"text/html;\x20charset=UTF-8\"><META\x20
SF:HTTP-EQUIV=\"EXPIRES\"\x20CONTENT=\"Sun,\x2002\x20May\x202010\x2022:10:
SF:26\x20GMT\"><META\x20HTTP-EQUIV=\"CACHE-CONTROL\"\x20CONTENT=\"NO-CACHE
SF:\"><META\x20HTTP-EQUIV=\"PRAGMA\"\x20CONTENT=\"NO-CACHE\"><META\x20HTTP
SF:-EQUIV=\"Page-Enter\"\x20CONTENT=\"blendTrans\(Duration=0\.3\)\"><META\
SF:x20HTTP-EQUIV=\"Page-Exit\"\x20CONTENT=\"blendTrans\(Duration=0\.3\)\">
SF:<link\x20rel=\"shortcut\x20icon\"\x20href=\"images/zon_favicon\.ico\"\x
SF:20type=\"image/x-icon\"><TITLE>Consola\x20de\x20gest\xc3\xa3o\x20do\x20
SF:ZON\x20HUB</TITLE><STYLE\x20type=\"text/css\">\n")%r(GenericLines,18E,"
SF:HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nCac
SF:he-Control:\x20public,max-age=8640\r\nPragma:\x20cache\r\nExpires:\x20S
SF:un,\x2002\x20May\x202010\x2022:40:26\x20GMT\r\nDate:\x20Sun,\x2002\x20M
SF:ay\x202010\x2022:10:26\x20GMT\r\nLast-Modified:\x20Sun,\x2002\x20May\x2
SF:02010\x2022:10:26\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20c
SF:lose\r\n\r\n<html>\n<head>\n\x20\x20<title>400\x20Bad\x20Request</title
SF:>\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h2>400\x20Bad\x20Req
SF:uest<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n")%r(HTTPOptions,19A
SF:,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nContent-Type:\x20text/html\
SF:r\nCache-Control:\x20public,max-age=8640\r\nPragma:\x20cache\r\nExpires
SF::\x20Sun,\x2002\x20May\x202010\x2022:40:26\x20GMT\r\nDate:\x20Sun,\x200
SF:2\x20May\x202010\x2022:10:26\x20GMT\r\nLast-Modified:\x20Sun,\x2002\x20
SF:May\x202010\x2022:10:26\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection
SF::\x20close\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemen
SF:ted</title>\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20
SF:Not\x20Implemented<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n");
Code:==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8080-TCP:V=5.00%I=7%D=5/2%Time=4BDDF84C%P=i686-pc-linux-gnu%r(GetRe
SF:quest,21F0,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/html\r\nSet
SF:-Cookie:\x20rg_cookie_session_id=1237308872;\x20path=/;\x20expires=Fri,
SF:\x2001\x20Jan\x202038\x2000:00:00\x20GMT\r\nCache-Control:\x20no-cache,
SF:no-store\r\nPragma:\x20no-cache\r\nExpires:\x20Sun,\x2002\x20May\x20201
SF:0\x2022:10:19\x20GMT\r\nDate:\x20Sun,\x2002\x20May\x202010\x2022:10:19\
SF:x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\nP3P:\x20CP
SF:=\"NOI\x20NID\x20ADMa\x20OUR\x20LEG\x20DSP\x20COR\"\r\n\r\n<!---\x20Pag
SF:e\(page_wl_mgt_blocked\)=\[\]\x20---><HTML><HEAD><META\x20HTTP-EQUIV=\"
SF:Content-Type\"\x20CONTENT=\"text/html;\x20charset=UTF-8\"><META\x20HTTP
SF:-EQUIV=\"EXPIRES\"\x20CONTENT=\"Sun,\x2002\x20May\x202010\x2022:10:19\x
SF:20GMT\"><META\x20HTTP-EQUIV=\"CACHE-CONTROL\"\x20CONTENT=\"NO-CACHE\"><
SF:META\x20HTTP-EQUIV=\"PRAGMA\"\x20CONTENT=\"NO-CACHE\"><META\x20HTTP-EQU
SF:IV=\"Page-Enter\"\x20CONTENT=\"blendTrans\(Duration=0\.3\)\"><META\x20H
SF:TTP-EQUIV=\"Page-Exit\"\x20CONTENT=\"blendTrans\(Duration=0\.3\)\"><lin
SF:k\x20rel=\"shortcut\x20icon\"\x20href=\"images/zon_favicon\.ico\"\x20ty
SF:pe=\"image/x-icon\"><TITLE>Consola\x20de\x20gest\xc3\xa3o\x20do\x20ZON\
SF:x20HUB</TITLE><STYLE\x20type=\"text/css\">")%r(HTTPOptions,19A,"HTTP/1\
SF:.0\x20501\x20Not\x20Implemented\r\nContent-Type:\x20text/html\r\nCache-
SF:Control:\x20public,max-age=8640\r\nPragma:\x20cache\r\nExpires:\x20Sun,
SF:\x2002\x20May\x202010\x2022:40:20\x20GMT\r\nDate:\x20Sun,\x2002\x20May\
SF:x202010\x2022:10:20\x20GMT\r\nLast-Modified:\x20Sun,\x2002\x20May\x2020
SF:10\x2022:10:20\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20clos
SF:e\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemented</titl
SF:e>\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20Not\x20Im
SF:plemented<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n")%r(RTSPReques
SF:t,19A,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nContent-Type:\x20text/
SF:html\r\nCache-Control:\x20public,max-age=8640\r\nPragma:\x20cache\r\nEx
SF:pires:\x20Sun,\x2002\x20May\x202010\x2022:40:20\x20GMT\r\nDate:\x20Sun,
SF:\x2002\x20May\x202010\x2022:10:20\x20GMT\r\nLast-Modified:\x20Sun,\x200
SF:2\x20May\x202010\x2022:10:20\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConne
SF:ction:\x20close\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Imp
SF:lemented</title>\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h2>50
SF:1\x20Not\x20Implemented<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n"
SF:);
Será que dá para passar por cima das restriçoes?Code:==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8443-TCP:V=5.00%T=SSL%I=7%D=5/2%Time=4BDDF85E%P=i686-pc-linux-gnu%r
SF:(GenericLines,18E,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent-Type:\
SF:x20text/html\r\nCache-Control:\x20public,max-age=8640\r\nPragma:\x20cac
SF:he\r\nExpires:\x20Sun,\x2002\x20May\x202010\x2022:40:38\x20GMT\r\nDate:
SF:\x20Sun,\x2002\x20May\x202010\x2022:10:38\x20GMT\r\nLast-Modified:\x20S
SF:un,\x2002\x20May\x202010\x2022:10:38\x20GMT\r\nAccept-Ranges:\x20bytes\
SF:r\nConnection:\x20close\r\n\r\n<html>\n<head>\n\x20\x20<title>400\x20Ba
SF:d\x20Request</title>\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h
SF:2>400\x20Bad\x20Request<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n"
SF:)%r(GetRequest,2AA6,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/ht
SF:ml\r\nSet-Cookie:\x20rg_cookie_session_id=718573960;\x20path=/;\x20expi
SF:res=Fri,\x2001\x20Jan\x202038\x2000:00:00\x20GMT\r\nCache-Control:\x20n
SF:o-cache,no-store\r\nPragma:\x20no-cache\r\nExpires:\x20Sun,\x2002\x20Ma
SF:y\x202010\x2022:10:38\x20GMT\r\nDate:\x20Sun,\x2002\x20May\x202010\x202
SF:2:10:38\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\nP3
SF:P:\x20CP=\"NOI\x20NID\x20ADMa\x20OUR\x20LEG\x20DSP\x20COR\"\r\n\r\n<!--
SF:-\x20Page\(page_wl_mgt_blocked\)=\[\]\x20---><HTML><HEAD><META\x20HTTP-
SF:EQUIV=\"Content-Type\"\x20CONTENT=\"text/html;\x20charset=UTF-8\"><META
SF:\x20HTTP-EQUIV=\"EXPIRES\"\x20CONTENT=\"Sun,\x2002\x20May\x202010\x2022
SF::10:38\x20GMT\"><META\x20HTTP-EQUIV=\"CACHE-CONTROL\"\x20CONTENT=\"NO-C
SF:ACHE\"><META\x20HTTP-EQUIV=\"PRAGMA\"\x20CONTENT=\"NO-CACHE\"><META\x20
SF:HTTP-EQUIV=\"Page-Enter\"\x20CONTENT=\"blendTrans\(Duration=0\.3\)\"><M
SF:ETA\x20HTTP-EQUIV=\"Page-Exit\"\x20CONTENT=\"blendTrans\(Duration=0\.3\
SF:)\"><link\x20rel=\"shortcut\x20icon\"\x20href=\"images/zon_favicon\.ico
SF:\"\x20type=\"image/x-icon\"><TITLE>Consola\x20de\x20gest\xc3\xa3o\x20do
SF:\x20ZON\x20HUB</TITLE><STYLE\x20type=\"text/css\">\n")%r(HTTPOptions,19
SF:A,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nContent-Type:\x20text/html
SF:\r\nCache-Control:\x20public,max-age=8640\r\nPragma:\x20cache\r\nExpire
SF:s:\x20Sun,\x2002\x20May\x202010\x2022:40:38\x20GMT\r\nDate:\x20Sun,\x20
SF:02\x20May\x202010\x2022:10:38\x20GMT\r\nLast-Modified:\x20Sun,\x2002\x2
SF:0May\x202010\x2022:10:38\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnectio
SF:n:\x20close\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Impleme
SF:nted</title>\n</head>\n<body\x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x2
SF:0Not\x20Implemented<h2>\n\x20\x20<p>\n\x20\x20\n</body>\n</html>\n");
MAC Address: 00:05:CA:87:B2:45 (Hitron Technology)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.28
Uptime guess: 1.330 days (since Sat May 1 15:15:20 2010)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=198 (Good luck!)
IP ID Sequence Generation: All zeros
Host script results:
| nbstat: NetBIOS name: ZONDRIVE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Name: ZONDRIVE<00> Flags: <unique><active>
| Name: ZONDRIVE<03> Flags: <unique><active>
| Name: ZONDRIVE<20> Flags: <unique><active>
| Name: \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| Name: HOME<1d> Flags: <unique><active>
| Name: HOME<1e> Flags: <group><active>
|_ Name: HOME<00> Flags: <group><active>
| smb-os-discovery: Unix
| LAN Manager: Samba 3.0.28
| Name: HOME\Unknown
|_ System time: 2010-05-02 23:10:43 UTC+0
Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 47.53 seconds
Raw packets sent: 1135 (50.700KB) | Rcvd: 1123 (45.660KB)
Obrigado!
No começo do seu fingerprint aparece:
SF-Port80-TCP:V=5.00%I=7%D=5/2%Time=4BDDF84B%P=i686-pc-linux-gnu%r(GetRequ
SF:est,2AA7,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:
e depois mais abaixo:
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.28
Se o fingerprint não estiver errado, consideramos que é um linux.
As seguintes portas estão abertas:
80/tcp open http?
|_ html-title: Consola de gest\xC3\xA3o do ZON HUB
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
443/tcp open ssl/https?
|_ sslv2: server still supports SSLv2
|_ html-title: Consola de gest\xC3\xA3o do ZON HUB
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
5000/tcp open upnp?
8080/tcp open http-proxy?
8443/tcp open ssl/https-alt?
Por padrão, SSH está na 22, que não está sendo usada/aberta no momento. Talvez o serviço de SSH não esteja rodando ou não nessa porta.
Repare, que por exemplo:
80/tcp open http?
Há uma interrogação na frente do http, (http?), isso que dizer que o NMAP não detectou 100% que aquele serviço é por exemplo HTTP ou há mais de um serviço que pode talvez executar nesta porta. Então ele fica com dúvida, será que é fulano ou siclano, dono do serviço dessa porta?
A única que ele deu certeza é daemon do Samba, em:
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)
Não aparece interrogação.
Você já tentou conectar por putty, no serviço SSH, por tentativa sabendo que pode nem ser este serviço?
Eu perguntando, para nós esclarecermos todas as possibilidades, por SSH.
Senão der certo, posta aqui de novo.
Tenho outras idéias.
Oi, estou a tentar entrar via SSH e Telnet em todas as portas marcadas como funcionais mas obtenho sempre a mesma resposta " Server Unexpectedly Closed Network Connection".
Obtenho isto tanto no putty como na consola :(
Obrigado pela paciencia :D