# Nmap 7.93 scan initiated Tue Aug 15 18:02:40 2023 as: nmap -sT -Pn -sC -vv -oX lab.xml -oN lab.txt 192.168.56.105 Nmap scan report for 192.168.56.105 Host is up, received user-set (0.0049s latency). Scanned at 2023-08-15 18:02:40 UTC for 53s Not shown: 982 filtered tcp ports (no-response) PORT STATE SERVICE REASON 21/tcp open ftp syn-ack |_ftp-anon: Anonymous FTP login allowed (FTP code 230) | ftp-syst: | STAT: | localhost FTP server status: | Version wu-2.6.2(1) Tue Jul 14 17:34:17 UTC 2020 | Connected to 192.168.56.1 | Logged in anonymously | TYPE: ASCII, FORM: Nonprint; STRUcture: File; transfer MODE: Stream | No data connection | 0 data bytes received in 0 files | 0 data bytes transmitted in 0 files | 0 data bytes total in 0 files | 48 traffic bytes received in 0 transfers | 639 traffic bytes transmitted in 0 transfers | 736 traffic bytes total in 0 transfers |_End of status 22/tcp open ssh syn-ack | ssh-hostkey: | 2048 26cf188e78102a5911a634623320188d (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD1oD7YMlP2nd0E8+kQMJGZDg0WTPPPl74AeE/+OV7rQ2gYwtiDVhVPGOt/Pne10ddH2mC1HgvAWXJgedKaVc9O1pKEZsT77+lumcUNx1J1maIOYIgco7b1hAaX6xMIKjXt8hiUPd4xbbTb6T7w4xFZG/YO0exlJzPTLt7H4fWAurWS6/pt2OyjvYeFYStiEkiKFBLTTxcDujakicAkDthkAsP+VQCZv5yYYQZGfh3vJ4ul0GrjbFcLIhHqEgOCZmKl5fUkbGQ+j35IDlTN9vLXqpW86n63D5779Hprq2dMk3kveBhULLpqoLIzJJruBZ/K4mqWMgIzAwaINGUSK1dD | 256 034f9737c0a31f46cce278ca9d64b554 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHzOQ0mAXzTDdkpJVaHFQbLPuzCtwP+cVSZv00t3noVIvaA21JSePsLaS346B9I7LR9QoSIQ9YhneVRdvt9buXc= | 256 9aec27f59215d007ce9a28050c4d1bc7 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzCX7kYKg4fT/iNnmdSmNYqVeTsAjJNsOVHTIE+Pj0D 23/tcp open telnet syn-ack 25/tcp open smtp syn-ack | smtp-commands: localhost Hello nmap.scanme.org [192.168.56.1], SIZE 52428800, 8BITMIME, PIPELINING, CHUNKING, PRDR, HELP |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP 53/tcp open domain syn-ack | dns-nsid: |_ bind.version: 9.8.1 80/tcp open http syn-ack |_http-favicon: Unknown favicon MD5: DA62EE8EC2A2E0659D873123F5D30A41 | http-methods: | Supported Methods: OPTIONS GET HEAD POST DELETE TRACE PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK |_ Potentially risky methods: DELETE TRACE PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK | http-robots.txt: 41 disallowed entries (40 shown) | /private /admin /secretstuff /debugvpn.txt /README.txt | /includes/ /misc/ /modules/ /profiles/ /scripts/ /themes/ | /CHANGELOG.txt /cron.php /INSTALL.mysql.txt /INSTALL.pgsql.txt | /INSTALL.sqlite.txt /install.php /INSTALL.txt /LICENSE.txt | /MAINTAINERS.txt /update.php /UPGRADE.txt /xmlrpc.php /admin/ | /comment/reply/ /filter/tips/ /node/add/ /search/ /user/register/ | /user/password/ /user/login/ /user/logout/ /?q=admin/ | /?q=comment/reply/ /?q=filter/tips/ /?q=node/add/ /?q=search/ |_/?q=user/password/ /?q=user/register/ /?q=user/login/ | http-webdav-scan: | Allowed Methods: OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK | Server Date: Tue, 15 Aug 2023 18:03:33 GMT | Server Type: Apache/2.4.20 (Debian) | WebDAV type: Apache DAV | Directory Listing: | / | /DavLock | /CHANGELOG.txt | /COPYRIGHT.txt | /INSTALL.mysql.txt | /INSTALL.pgsql.txt | /INSTALL.sqlite.txt | /INSTALL.txt | /LICENSE.txt | /MAINTAINERS.txt | /README | /UPGRADE.txt | /admin/ | /authorize.php | /ca.crt | /config/ | /cpg1414/ | /cron.php | /debugvpn.txt | /favicon.ico | /html/ | /includes/ | /index.php | /install.php | /logs/ | /misc/ | /modules/ | /phpinfo.php | /ponyapp/ | /private/ | /profiles/ | /robots.txt | /scripts/ | /sites/ | /sqldump.sql | /themes/ | /update.php | /vpn/ | /web.config | /www2/ |_ /xmlrpc.php | http-ls: Volume / | maxfiles limit reached (10) | SIZE TIME FILENAME | 73K 2013-02-20 20:32 CHANGELOG.txt | 1.4K 2013-02-20 20:32 COPYRIGHT.txt | 12K 2023-08-15 18:03 DavLock | 1.4K 2013-02-20 20:32 INSTALL.mysql.txt | 1.8K 2013-02-20 20:32 INSTALL.pgsql.txt | 1.3K 2013-02-20 20:32 INSTALL.sqlite.txt | 17K 2013-02-20 20:32 INSTALL.txt | 18K 2011-09-17 21:50 LICENSE.txt | 8.0K 2013-02-20 20:32 MAINTAINERS.txt | 804 2020-06-25 16:20 README |_ |_http-title: Index of / |_http-svn-info: ERROR: Script execution failed (use -d to debug) 111/tcp open rpcbind syn-ack | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/udp rpcbind | 100000 3,4 111/tcp6 rpcbind | 100000 3,4 111/udp6 rpcbind | 100003 3,4 2049/tcp nfs | 100003 3,4 2049/tcp6 nfs | 100003 3,4 2049/udp nfs | 100003 3,4 2049/udp6 nfs | 100005 1,2,3 33206/udp6 mountd | 100005 1,2,3 50040/tcp mountd | 100005 1,2,3 57417/udp mountd | 100005 1,2,3 60446/tcp6 mountd | 100021 1,3,4 33922/tcp nlockmgr | 100021 1,3,4 48494/udp6 nlockmgr | 100021 1,3,4 51612/udp nlockmgr | 100021 1,3,4 60235/tcp6 nlockmgr | 100227 3 2049/tcp nfs_acl | 100227 3 2049/tcp6 nfs_acl | 100227 3 2049/udp nfs_acl |_ 100227 3 2049/udp6 nfs_acl 139/tcp open netbios-ssn syn-ack 389/tcp open ldap syn-ack 443/tcp open https syn-ack | ssl-cert: Subject: commonName=webserver01/organizationName=Hacker House/stateOrProvinceName=HackerHouse/countryName=UK/localityName=Paper St/organizationalUnitName=Leet hax/emailAddress=root@webserver01 | Issuer: commonName=webserver01/organizationName=Hacker House/stateOrProvinceName=HackerHouse/countryName=UK/localityName=Paper St/organizationalUnitName=Leet hax/emailAddress=root@webserver01 | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2017-02-18T11:44:38 | Not valid after: 2018-02-18T11:44:38 | MD5: abcbdf8f7a05331ec2de362b7f645aaf | SHA-1: 939557fad60169a3d9338aaceae02555b28b6109 | -----BEGIN CERTIFICATE----- | MIIEAzCCAuugAwIBAgIJAOh7hnOrD55UMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD | VQQGEwJVSzEUMBIGA1UECAwLSGFja2VySG91c2UxETAPBgNVBAcMCFBhcGVyIFN0 | MRUwEwYDVQQKDAxIYWNrZXIgSG91c2UxETAPBgNVBAsMCExlZXQgaGF4MRQwEgYD | VQQDDAt3ZWJzZXJ2ZXIwMTEfMB0GCSqGSIb3DQEJARYQcm9vdEB3ZWJzZXJ2ZXIw | MTAeFw0xNzAyMTgxMTQ0MzhaFw0xODAyMTgxMTQ0MzhaMIGXMQswCQYDVQQGEwJV | SzEUMBIGA1UECAwLSGFja2VySG91c2UxETAPBgNVBAcMCFBhcGVyIFN0MRUwEwYD | VQQKDAxIYWNrZXIgSG91c2UxETAPBgNVBAsMCExlZXQgaGF4MRQwEgYDVQQDDAt3 | ZWJzZXJ2ZXIwMTEfMB0GCSqGSIb3DQEJARYQcm9vdEB3ZWJzZXJ2ZXIwMTCCASIw | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQa25gsR3xbIcufa90Sy/XUZI61 | 5B/8UHZActs9ot6sRCte92X+zydqO93lJRG4Ib9BLnjI54m6B1Y/gHRHj5/45l2l | AUOoLwYFK87uhU/4lqVeXUBiBJqc4xxDnCNC2WjkMru0t4jlNiTIIVqforlcEdla | jFmWILje+z+GRC7BrnQbkX6g5pfiljdmyI5jjouWOZsxlXMJfcNmMpVXDgAxCqRM | z+JPgo4fQQLRUxCzOfOCG5OdvD2Ip6BQzYRZ3/zUVVgCUvRZOGIbuU3rF2q1M6AK | qZ1eKzeXe/cB0A38ZgEwcquiLCoUnnJwnHkR608acYFFlxuR0hDtrdIb1J0CAwEA | AaNQME4wHQYDVR0OBBYEFJwvcYNFTP6ps46oqhcaNn2fCak8MB8GA1UdIwQYMBaA | FJwvcYNFTP6ps46oqhcaNn2fCak8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL | BQADggEBAIWHbSKAgfMlPI449YQ6xz4Ul/O+t13alsYqkEKMy4p0LmK+dLU0UlGk | 1h0V4IoEgmeIN9PPt307urHiXVu4U+E7Nmn2Kjyg1uMHEldIBQorVoNXd5auQXWV | nLHDZycSMFvUKmf593KYgAYoFDUVIJHtW5qcSY/O8ggElcOptWYYD03zSIq/ytqm | SCqjCu5AbU/Pz8EzTJOLZd5WNr41AM530QEcWsHQXVYpNqWFvjPdz+PyBCeKiHsm | teclnMyXk3kxweI3J1zJWARb/8ANgCnKrRMk1DIqCOlO57lN1A64hRZaT4c0eZuJ | lpJLH391+ymTRkY/bOvBIlIO5j44JbA= |_-----END CERTIFICATE----- |_ssl-date: TLS randomness does not represent time |_http-title: Ministry of Pony | Friendship is magic | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-favicon: Unknown favicon MD5: DA62EE8EC2A2E0659D873123F5D30A41 |_http-generator: Drupal 7 (http://drupal.org) | http-robots.txt: 41 disallowed entries (40 shown) | /private /admin /secretstuff /debugvpn.txt /README.txt | /includes/ /misc/ /modules/ /profiles/ /scripts/ /themes/ | /CHANGELOG.txt /cron.php /INSTALL.mysql.txt /INSTALL.pgsql.txt | /INSTALL.sqlite.txt /install.php /INSTALL.txt /LICENSE.txt | /MAINTAINERS.txt /update.php /UPGRADE.txt /xmlrpc.php /admin/ | /comment/reply/ /filter/tips/ /node/add/ /search/ /user/register/ | /user/password/ /user/login/ /user/logout/ /?q=admin/ | /?q=comment/reply/ /?q=filter/tips/ /?q=node/add/ /?q=search/ |_/?q=user/password/ /?q=user/register/ /?q=user/login/ 445/tcp open microsoft-ds syn-ack 873/tcp open rsync syn-ack 2049/tcp open nfs_acl syn-ack 3128/tcp open squid-http syn-ack 3306/tcp open mysql syn-ack | mysql-info: | Protocol: 10 | Version: 5.0.51a-24+lenny2 | Thread ID: 58 | Capabilities flags: 43564 | Some Capabilities: Support41Auth, SupportsCompression, ConnectWithDatabase, SupportsTransactions, SwitchToSSLAfterHandshake, LongColumnFlag, Speaks41ProtocolNew | Status: Autocommit |_ Salt: ?LABg_&<>bRU2;qIVW/& 5432/tcp open postgresql syn-ack | ssl-cert: Subject: commonName=localhost.localdomain | Subject Alternative Name: DNS:localhost.localdomain | Issuer: commonName=localhost.localdomain | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2020-07-14T17:25:50 | Not valid after: 2030-07-12T17:25:50 | MD5: 627478dde562fca7b9581df75630295c | SHA-1: c7ec8934bb1ee3bc06a1c362b4ac3576c46d776b | -----BEGIN CERTIFICATE----- | MIIC8jCCAdqgAwIBAgIJAMCIJ9DxeOW4MA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV | BAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjAeFw0yMDA3MTQxNzI1NTBaFw0zMDA3 | MTIxNzI1NTBaMCAxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIw | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/u0K28NynK90x4LJ/ckZLn860S | Ns7cpePfWUG0DQoZgl0mbiuSzA52Kv6HsuhBY5aI+bAKNkrJjHhIs2ng3PgIzMgx | ZGmcfkcKaWhdmFm5+2rQzLEdfxjE0dGQ+QNMAgWguORKOCKGr8C9ba8XFc5U3BCP | TxMxyFOsPbnQMUpGOnhBJNhp2AcmnjV3kF6H0wo98Q1JGYEDztAbIzJewSKacUod | /+gsbIZ9njCZxGKf4wQhCYvVARDby8M05WW08yVn8bh2vS/Sinw5qNXLbyMeHLgX | H3k7zl0T4Fida8RB0pTm3AwHf7D444yn/wJMf6sfxc4yH7twVAxAG1etnEkCAwEA | AaMvMC0wCQYDVR0TBAIwADAgBgNVHREEGTAXghVsb2NhbGhvc3QubG9jYWxkb21h | aW4wDQYJKoZIhvcNAQELBQADggEBABbqzM75hxZ4usB3zhxTh0RirV1JVC7VQtFQ | 0gq4Vvo/7Q6+1Z+3gnKpSrHZz2xERpakEcVSq92VTQyNk8Z1LhQZ0wQpONaGvSRd | ybDK9xdKR5wrwF5QTpmjKFW9ieTMsxWnW5ATfQfPaIui399vSXgZNrQrFoVcos2p | GL6GGYCsRfwnLmikS3fL0co7TAYJWyIElIScXarIbTVo84EQqJlAnlzvIR8PsXoQ | ne7RjQIyTiro4DiubaT8xoyy8p1+ulvET86YclbKWqm5cEJh03jy5lqiBTyDDUgk | 5tFuiEO+AEJXcFDD77iDtKDNfQnNgPBR3ICyGFoyndoqv1AaTJg= |_-----END CERTIFICATE----- |_ssl-date: TLS randomness does not represent time 8080/tcp open http-proxy syn-ack | http-methods: | Supported Methods: GET HEAD POST PUT DELETE OPTIONS |_ Potentially risky methods: PUT DELETE |_http-open-proxy: Proxy might be redirecting requests |_http-title: Apache Tomcat 10000/tcp open snet-sensor-mgmt syn-ack Host script results: | smb2-time: | date: 2023-08-15T18:02:47 |_ start_date: N/A | smb2-security-mode: | 311: |_ Message signing enabled but not required |_clock-skew: mean: 0s, deviation: 1s, median: 0s | smb-security-mode: | account_used: guest | authentication_level: user | challenge_response: supported |_ message_signing: disabled (dangerous, but default) | p2p-conficker: | Checking for Conficker.C or higher... | Check 1 (port 12437/tcp): CLEAN (Couldn't connect) | Check 2 (port 24599/tcp): CLEAN (Couldn't connect) | Check 3 (port 16778/udp): CLEAN (Timeout) | Check 4 (port 49867/udp): CLEAN (Timeout) |_ 0/4 checks are positive: Host is CLEAN or ports are blocked | smb-os-discovery: | OS: Windows 6.1 (Samba 4.5.0-Debian) | Computer name: localhost | NetBIOS computer name: HACKLAB01\x00 | Domain name: \x00 | FQDN: localhost |_ System time: 2023-08-15T18:02:47+00:00 | nbstat: NetBIOS name: HACKLAB01, NetBIOS user: <unknown>, NetBIOS MAC: 000000000000 (Xerox) | Names: | HACKLAB01<00> Flags: <unique><active> | HACKLAB01<03> Flags: <unique><active> | HACKLAB01<20> Flags: <unique><active> | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active> | EVILCORP<00> Flags: <group><active> | EVILCORP<1d> Flags: <unique><active> | EVILCORP<1e> Flags: <group><active> | Statistics: | 0000000000000000000000000000000000 | 0000000000000000000000000000000000 |_ 0000000000000000000000000000 Read data files from: /usr/bin/../share/nmap # Nmap done at Tue Aug 15 18:03:33 2023 -- 1 IP address (1 host up) scanned in 53.55 seconds