Results 1 to 6 of 6

Thread: nmap with proxychains/tor showing all ports on target machine as closed

  1. #1
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    14

    Default nmap with proxychains/tor showing all ports on target machine as closed

    I'm currently running BackTrack 5 R1 with proxychains, tor and privoxy configured. However, when running a scan with nmap through proxychains, the target machine shows all ports as closed. When I run the same nmap scan without proxychains, the target machine shows open ports.

    Is there something I don't have configured correctly? When I browse the web tor works without any issues.

    Below are the scans I ran. (x's being the IP address of target machine)

    Code:
    proxychains  nmap -sTV -PN -n -p21,22,25,80,139,445 xx.xx.xx.xx
    Code:
    proxychains  nmap -sTV -PN -n  xx.xx.xx.xx

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: nmap with proxychains/tor showing all ports on target machine as closed

    Do you have a proxy setup in order to use proxychains ? Also try only -sT -PN flags
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    14

    Default Re: nmap with proxychains/tor showing all ports on target machine as closed

    I don't have any proxy's in the proxychains.conf file, I just left it as the default so that it would use TOR. Is that how it works or am I mistaken? My proxychains.conf file is below, although I've changed nothing in it.

    Code:
      GNU nano 2.2.2                         File: /etc/proxychains.conf                                                         
    
    # proxychains.conf  VER 3.1
    #
    #        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
    #
    
    # The option below identifies how the ProxyList is treated.
    # only one option should be uncommented at time,
    # otherwise the last appearing option will be accepted
    #
    #dynamic_chain
    #
    # Dynamic - Each connection will be done via chained proxies
    # all proxies chained in the order as they appear in the list
    # at least one proxy must be online to play in chain
    # (dead proxies are skipped)
    # otherwise EINTR is returned to the app
    #
    strict_chain
    #
    # Strict - Each connection will be done via chained proxies
    # all proxies chained in the order as they appear in the list
    # all proxies must be online to play in chain
    # otherwise EINTR is returned to the app
    #
    #random_chain
    #
    # Random - Each connection will be done via random proxy
    # (or proxy chain, see  chain_len) from the list.
    # this option is good to test your IDS :)
    
    # Make sense only if random_chain
    #chain_len = 2
    
    # Quiet mode (no output from library)
    
    # Proxy DNS requests - no leak for DNS data
    proxy_dns
    
    # Some timeouts in milliseconds
    tcp_read_time_out 15000
    tcp_connect_time_out 8000
    
    # ProxyList format
    #       type  host  port [user pass]
    #       (values separated by 'tab' or 'blank')
    # 
    # 
    #        Examples:
    #
    #               socks5  192.168.67.78   1080    lamer   secret
    #               http    192.168.89.3    8080    justu   hidden
    #               socks4  192.168.1.49    1080
    #               http    192.168.39.93   8080
    # 
    #
    #       proxy types: http, socks4, socks5
    #        ( auth types supported: "basic"-http  "user/pass"-socks )
    # 
    [ProxyList]
    # add proxy here ...
    # meanwile
    # defaults set to "tor"
    socks4  127.0.0.1 9050

    I ran the following command to scan my entire network and it showed that all 256 possible IP addresses were up but all ports were closed.

    Code:
    proxychains  nmap -sT -PN -n  10.1.1.*

    There is only two other computers on my network so the results I'm getting are wrong. When I run nmap without proxychains, the results are correct. Additionally, if I run the command below, my web browsing goes through the TOR network as it should.

    Code:
    proxychains firefox

  4. #4
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: nmap with proxychains/tor showing all ports on target machine as closed

    Have you tried

    Code:
    proxyresolv
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: nmap with proxychains/tor showing all ports on target machine as closed

    ....target machine shows all ports as closed.
    Unless I missed something your two nmap commands didn't do "all" ports. They did: 1)A specific selection of ports, and 2) The default popular 1000.
    In addition you've only tried TCP connect scans, try SYN or something else. Lastly are you certain that the target is actually offering some type of service that you can reach using your proxychains config?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: nmap with proxychains/tor showing all ports on target machine as closed

    Try setting up your own proxy server and test it through that.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Similar Threads

  1. Nmap filtered ports from BT4 virtual machine
    By hyrasx in forum Beginners Forum
    Replies: 4
    Last Post: 12-25-2010, 05:01 PM
  2. Replies: 3
    Last Post: 09-25-2010, 08:33 PM
  3. NMAP: Interesting ports on 192.168.2.7
    By virusc in forum OLD Newbie Area
    Replies: 4
    Last Post: 04-01-2009, 12:12 PM
  4. Ports are filtered(Nmap)
    By cleanwithit2008 in forum OLD Newbie Area
    Replies: 11
    Last Post: 07-19-2008, 07:57 PM
  5. Metasploit/what to do when all ports are closed
    By imthehell in forum OLD Newbie Area
    Replies: 4
    Last Post: 05-05-2008, 01:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •