pentesting Porteus systems with nmap - P4.0-i586 vs. P5.0-x86-64

Post#1 by **Rava** » 28 Aug 2022, 10:28

Since I can no go online via my main x86-64 and Port 5.0 as long as I want via WLAN sharing via LAN from a i586 Port 4.0 sub-notebook - see here [Solved via Networkmanager] masquerading and sharing via iptables - and I can go independently online via Android Samsung S4 and USB-tethering (but only during a small time frame or else I damage my S4 rechargeable battery) I now can perform pentests (penetration tests) via nmap on both machines, targetting the other.
While both use the same WLAN, both will be seen as different machines and will be assigned different IP addresses. (It does not work when you try to scan your own machine via the internet access that machine itself uses even when using a 2nd machine that shares the same internet via a router or my method as mentioned above - a scan does technically work, but the results are questionable. Only a scan from a different machine using a different internet IP gives accurate results.)

So, there is a almost current x86-64 nmap - I will try it out of it works okay in 5.0 XFCE.
See here for the most recent x86-64 for 5.0 nmap: npentesting Porteus systems with nmap - P4.0-i586 vs.PP5.0-x86-64map-7.92-x86_64-1.xzm md5sum 02a76632aa094ef7a9fb803a15cdaebf - Nmap-7.92 for Porteus 5.0-x86_64

And the newest i586 for Porteus 4.0 seems to be outdated, but I see no real issue there, the pentest can be done even when using a slightly outdated nmap.
See here for the most recent i586 for 4.0 nmap: Nmap-6.25 for Porteus - dated 2013-04-12 20:25
I have to test if it works on i586 P4.0 at all (sadly, both are by wread and seems he usually not states for which Porteus version the module is made for - right the moment he posts it or a few months after it it is obviously which version it must be for, but who recalls the versions that was the recent one when it's 0 or 7 or 11 years ago. At least me not.)

Or does one disagree and there are new security threats only a very recent nmap can check for?

Post#2 by **beny** » 28 Aug 2022, 11:47

the v4 are based on 14.2 so this is a link for nmap:
https://slakfinder.org/index.php?act=se ... e=#results
and this is for the slack15 v5 i586:
https://slakfinder.org/index.php?act=se ... e=#results

Post#3 by **Rava** » 28 Aug 2022, 23:20

beny wrote: ↑
28 Aug 2022, 11:47
the v4 are based on 14.2 so this is a link for nmap:
https://slakfinder.org/index.php?act=se ... e=#results
and this is for the slack15 v5 i586:
https://slakfinder.org/index.php?act=se ... e=#results

Thanks, made the i586-P4.0

Code: Select all

root@porteus:/bin/linux/nmap/i586-P4.0# txz2xzm nmap-7.12-i586-1.txz 
Verifying package nmap-7.12-i586-1.txz.
Installing package nmap-7.12-i586-1.txz:
PACKAGE DESCRIPTION:
# nmap (network scanner)
#
# Nmap ("Network Mapper") is an open soi586-P4.0urce utility for network
# exploration or security auditing.  It was designed to rapidly scan
# large networks, although it works fine against single hosts.  Nmap
# uses raw IP packets in novel ways to determine what hosts are
# available on the network, what services (ports) they are offering,
# what operating system (and OS version) they are running, what type of
# packet filters/firewalls are in use, and dozens of other
# characteristics.  Nmap runs on most types of computers, and both
# console and graphical versions are available.
Executing install script for nmap-7.12-i586-1.txz.
Package nmap-7.12-i586-1.txz installed.
Creating /bin/linux/nmap/i586-P4.0/nmap-7.12-i586-1.xzm

root@porteus:/bin/linux/nmap/i586-P4.0# l
total 11744
drwxr-xr-x 2 guest    4096 2022-08-29 01:13 .
drwxr-xr-x 3 guest    4096 2022-08-29 01:13 ..
-rw-r--r-- 1 guest 5671384 2022-08-29 01:13 nmap-7.12-i586-1.txz
-rw-r--r-- 1 root  6320128 2022-08-29 01:14 nmap-7.12-i586-1.xzm

Now to move it from my x86-64-P5.0 to i586-P4.0 and test it there.
*using Arnie's deep voice* I'll be back…

Post#4 by **Rava** » 30 Aug 2022, 04:32

Thanks to beny and wread

I finally got both the i586-Port4.0 and the x86-64-Port5.0 nmap's running.
See here nmap-7.12-i586 for Porteus 4.0
and here Nmap-7.92 for Porteus 5.0-x86_64
____________________________________

but I have issues with the x86-64 zenmap: - system is XFCE 4.12 x86-64 port 5.0

Code: Select all

guest@porteus:~$ python
Python 3.9.12 (main, Mar 24 2022, 14:31:07) 
[GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> quit()
guest@porteus:~$ zenmap
bash: /usr/bin/zenmap: /usr/bin/python2: bad interpreter: No such file or directory
guest@porteus:~$ fw zenmap
/usr/bin/zenmap: Python script, ASCII text executable
guest@porteus:~$ head /usr/bin/zenmap
#!/usr/bin/python2
# -*- coding: utf-8 -*-

# ***********************IMPORTANT NMAP LICENSE TERMS************************
# *                                                                         *
# * The Nmap Security Scanner is (C) 1996-2020 Insecure.Com LLC ("The Nmap  *
# * Project"). Nmap is also a registered trademark of the Nmap Project.     *
# *                                                                         *
# * This program is distributed under the terms of the Nmap Public Source   *
# * License (NPSL). The exact license text applying to a particular Nmap    *

Now, can I fix that without having to install /usr/bin/python2 binary?
When I have Python 3.9.12 then that python should give downwards compatibility to a script needing python2.

Let's try a quick and dirty hack:

Code: Select all

root@porteus:~# cd /usr/bin/
root@porteus:/usr/bin# l python*
lrwxrwxrwx 1 root    16 2022-07-23 11:21 python -> /usr/bin/python3
lrwxrwxrwx 1 root     9 2022-07-23 11:20 python3 -> python3.9
lrwxrwxrwx 1 root    16 2022-07-23 11:20 python3-config -> python3.9-config
-rwxr-xr-x 1 root 14392 2022-07-23 11:21 python3.9
-rwxr-xr-x 1 root  3067 2022-03-24 20:31 python3.9-config
root@porteus:/usr/bin# ln -s python3.9 python2
root@porteus:/usr/bin# l python2
lrwxrwxrwx 1 root 9 2022-08-30 06:21 python2 -> python3.9

and try again:

Code: Select all

guest@porteus:/usr/bin$ zenmap
  File "/usr/bin/zenmap", line 114
    except ImportError, e:
                      ^
SyntaxError: invalid syntax

Any ideas how to fix that (without installing a python2 binary)

Added in 3 minutes 38 seconds:
And for now the issue with zenmap on i586-P4.0 is even worse:

Code: Select all

guest@porteus:~$ zenmap
Could not import the zenmapGUI.App module: 'No module named gtk'.
I checked in these directories:
    /usr/bin
    /usr/lib/python27.zip
    /usr/lib/python2.7
    /usr/lib/python2.7/plat-linux2
    /usr/lib/python2.7/lib-tk
    /usr/lib/python2.7/lib-old
    /usr/lib/python2.7/lib-dynload
    /usr/lib/python2.7/site-packages
    /usr/lib/python2.7/site-packages
If you installed Zenmap in another directory, you may have to add the
modules directory to the PYTHONPATH environment variable.
guest@porteus:~$

Post#5 by **Rava** » 30 Aug 2022, 13:26

Since I not get zenmap to run, I do some easy tests from one Porteus PC to the other, both use a different open WLAN access - since both are notebooks/sub-notebooks I can get them where such free WLAN sits around.

_____________________________________

IP of i586 is xxx.xxx.xxx.206

This is x86-64 nmap run from my x86-64 Porteus 5.0 to scan my i586-P4-0 system.

Code: Select all

root@porteus:/# nmap -v xxx.xxx.xxx.206
Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-30 15:03 CEST
Initiating Ping Scan at 15:03
Scanning xxx.xxx.xxx.206 [4 ports]
Completed Ping Scan at 15:03, 3.02s elapsed (1 total hosts)
Nmap scan report for xxx.xxx.xxx.206 [host down]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.13 seconds
           Raw packets sent: 8 (304B) | Rcvd: 0 (0B)

So, we go by the tip

Code: Select all

root@porteus:/# nmap -v  -Pn xxx.xxx.xxx.206
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-30 15:03 CEST
Initiating Parallel DNS resolution of 1 host. at 15:03
Completed Parallel DNS resolution of 1 host. at 15:03, 0.00s elapsed
Initiating SYN Stealth Scan at 15:03
Scanning ???????????.kabel-deutschland.de (xxx.xxx.xxx.206) [1000 ports]
SYN Stealth Scan Timing: About 35.10% done; ETC: 15:04 (0:01:01 remaining)
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Completed SYN Stealth Scan at 15:05, 120.36s elapsed (1000 total ports)
Nmap scan report for ?????????.kabel-deutschland.de (xxx.xxx.xxx.206)
Host is up (6.1s latency).
Not shown: 996 filtered tcp ports (port-unreach), 2 filtered tcp ports (no-response)
PORT      STATE  SERVICE
14441/tcp closed unknown
14442/tcp closed unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 120.49 seconds
           Raw packets sent: 1597 (70.268KB) | Rcvd: 1541 (86.216KB)

As you can see… nothing much so see.
Unlike the x86-64 Porteus firewall, the i586-P4.0 one runs with its default settings.

Post#6 by **Rava** » 30 Aug 2022, 13:31

Now for the scanning of the x86-64 Porteus 5.0 system, done by the (slightly older) nmap run from the i586-P4.0 system:
___________________________________

IP of the x86-64 Port 5.0 is ???.???.???.177 - so, the nmap on i586 will scan the IP of "???.???.???.177"

First I edited the target IP to xxx.xxx.xxx.177 - and then I switched that to *.177 - so when you see*.177 that means the edited target IP of xxx.xxx.xxx.177

I have no idea where this "100.xxx.xxx.12" is from. Is it some IP that my internet provider uses as some kind of internal subnet?
That IP then I shortened to 100.*.12

Code: Select all

root@porteus:/# nmap -v xxx.xxx.xxx.177

Starting Nmap 7.12 ( https://nmap.org ) at 2022-08-30 14:56 CEST
Initiating Ping Scan at 14:56
Scanning xxx.xxx.xxx.177 [4 ports]
sendto in send_ip_packet_sd: sendto(4, packet, 28, 0, xxx.xxx.xxx.177, 16) => Operation not permitted
Offending packet: ICMP [100.xxx.xxx.12 > *.177 Echo request (type=8/code=0) id=5558 seq=0] IP [ttl=39 id=47644 iplen=28 ]
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, *.177, 16) => Operation not permitted
Offending packet: ICMP [100.*.12 > *.177 Timestamp request (type=13/code=0) id=23007 seq=0 orig=0 recv=0 trans=0] IP [ttl=56 id=63942 iplen=40 ]
sendto in send_ip_packet_sd: sendto(4, packet, 40, 0, *.177, 16) => Operation not permitted
Offending packet: ICMP [100.*.12 > *.177 Timestamp request (type=13/code=0) id=31392 seq=0 orig=0 recv=0 trans=0] IP [ttl=41 id=24793 iplen=40 ]
sendto in send_ip_packet_sd: sendto(4, packet, 28, 0, *.177, 16) => Operation not permitted
Offending packet: ICMP [100.*.12 > *.177 Echo request (type=8/code=0) id=26403 seq=0] IP [ttl=48 id=53298 iplen=28 ]
Completed Ping Scan at 14:56, 3.02s elapsed (1 total hosts)
Nmap scan report for *.177 [host down]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.59 seconds
           Raw packets sent: 4 (168B) | Rcvd: 0 (0B)

Now, again for the nmap -Pn -v scan:

Code: Select all

root@porteus:/# nmap -Pn -v xxx.xxx.xxx.177

Starting Nmap 7.12 ( https://nmap.org ) at 2022-08-30 14:57 CEST
Initiating Parallel DNS resolution of 1 host. at 14:57
Completed Parallel DNS resolution of 1 host. at 14:57, 0.03s elapsed
Initiating SYN Stealth Scan at 14:57
Scanning ?????????????.kabel-deutschland.de (*.177) [1000 ports]
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > *.177:8080 S ttl=57 id=21036 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > 178.*.177:1025 S ttl=39 id=31684 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > *.177:113 S ttl=38 id=58278 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > *.177:139 S ttl=53for id=38382 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > *.177:135 S ttl=50 id=47906 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > *.177:5900 S ttl=39 id=12812 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, 178.24.251.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > *.177:1720 S ttl=50 id=43636 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47724 > *.177:995 S ttl=58 id=12321 iplen=44  seq=3266507848 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47725 > *.177:995 S ttl=39 id=35846 iplen=44  seq=3266573385 win=1024 <mss 1460>
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, *.177, 16) => Operation not permitted
Offending packet: TCP 100.*.12:47725 > *.177:1720 S ttl=54 id=62435 iplen=44  seq=3266573385 win=1024 <mss 1460>
Omitting future Sendto error messages now that 10 have been shown.  Use -d2 if you really want to see them.
SYN Stealth Scan Timing: About 17.50% done; ETC: 15:00 (for0:02:26 remaining)
SYN Stealth Scan Timing: About 36.15% done; ETC: 15:00 (0:01:50 remaining)
SYN Stealth Scan Timing: About 55.15% done; ETC: 15:00 (0:01:16 remaining)
SYN Stealth Scan Timing: About 74.15% done; ETC: 15:00 (0:00:44 remaining)
Completed SYN Stealth Scan at 15:00, 173.97s elapsed (1000 total ports)
Nmap scan report for ipb218fbb1.dynamic.kabel-deutschland.de (*.177)
Host is up (5.9s latency).
All 1000 scanned ports on ??????????.kabel-deutschland.de (*.177) are filtered

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 174.20 seconds
           Raw packets sent: 12 (528B) | Rcvd: 12 (672B)

As you can see, there is more visible from my x86-64 Port5.0 system than is visible from my i586-P4.0 one.
Reason might be I had to open two more ports because interlink (my email program, see the posts in x86-64 modules sub-forum) need 587 for SMTP and 993 for SSL IMAP.

This is the output of my firewall info from the x86-64 machine:

Code: Select all

root@porteus:/# /etc/rc.d/rc.FireWall status
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot ???.???.???.177opt in     out     source               destination         
  753 60728 ACCEPT     all  --  lo     any     anywhere             anywhere            
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:domain
 1335  154K ACCEPT     udp  --  any    any     anywhere             anywhere             udp spt:domain
 910K 1085M ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:ftp-data state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:ftp state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:ssh state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt???.???.???.177:smtp state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:http state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:pop3 state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:imap state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:https state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:submission state ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp spt:imaps state ESTABLISHED
    3   234 LOG_DROP   all  --  any    any     anywhere             anywhere            

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG_DROP   all  --  any    any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 5325 packets, 227K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  753 60728 ACCEPT     all  --  any    lo      anywhere             anywhere            
 1589  105K ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:domain
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp spt:domain
    1    44 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ftp-data state NEW,ESTABLISHED
   66  2904 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ftp state NEW,ESTABLISHED
   66  2904 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh state NEW,ESTABLISHED
   66  2904 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:smtp state NEW,ESTABLISHED
 4699  278K ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http state NEW,ESTABLISHED
   66  2904 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:pop3 state NEW,ESTABLISHED
   66  2904 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:imap state NEW,ESTABLISHED
 488K   28M ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https state NEW,ESTABLISHED
  192 20995 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:submission state NEW,ESTABLISHED
 9736  618K ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:imaps state NEW,ESTABLISHED

Chain LOG_DROP (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    3   234 DROP       all  --  any    any     anywhere             anywhere

Post#7 by **Testuser** » 31 Dec 2022, 17:38

Rava wrote: ↑
30 Aug 2022, 04:35
and try again:
Code: Select all
guest@porteus:/usr/bin$ zenmap
  File "/usr/bin/zenmap", line 114
    except ImportError, e:
                      ^
SyntaxError: invalid syntax
Any ideas how to fix that (without installing a python2 binary)

Still could not find any solution in my machine as well

Rava wrote: ↑

30 Aug 2022, 04:35

And for now the issue with zenmap on i586-P4.0 is even worse:

Code: Select all

guest@porteus:~$ zenmap
Could not import the zenmapGUI.App module: 'No module named gtk'.
I checked in these directories:
    /usr/bin
    /usr/lib/python27.zip
    /usr/lib/python2.7
    /usr/lib/python2.7/plat-linux2
    /usr/lib/python2.7/lib-tk
    /usr/lib/python2.7/lib-old
    /usr/lib/python2.7/lib-dynload
    /usr/lib/python2.7/site-packages
    /usr/lib/python2.7/site-packages
If you installed Zenmap in another directory, you may have to add the
modules directory to the PYTHONPATH environment variable.
guest@porteus:~$

For this error, I beleive it can fixed after installing these three packages, python-cairo_1.16.2-2ubuntu2_amd64, python-gobject-2_2.28.6-14ubuntu1_amd64, and python-gtk2_2.24.0-5.1ubuntu2_amd64.