Target:

[LAB_IP]

Prep

Open Resources

General Mind Map: https://xmind.app/m/QsNUEz/

Confirm docker is installed and set rustscan as an alias or add to bashrc / fish config due to it being able to scan all ports and services in 10 seconds

alias rustscan='sudo docker run -it --rm --name rustscan rustscan/rustscan:2.1.1 -a'

Create directory for target and enter it

mkdir ClamAV
cd ClamAV

Prep a nc listener

nc -nlvp 4444

Confirm ip address

hostname -I

Recon

Start with a quick open port scan

rustscan [LAB_IP]

PORT      STATE SERVICE      REASON
22/tcp    open  ssh          syn-ack
25/tcp    open  smtp         syn-ack
80/tcp    open  http         syn-ack
139/tcp   open  netbios-ssn  syn-ack
199/tcp   open  smux         syn-ack
445/tcp   open  microsoft-ds syn-ack
60000/tcp open  unknown      syn-ack

Quick OS check

sudo nmap -O --top-ports 1000 -v -T4 [LAB_IP] -oN osType.nmap

No exact OS matches for host

Follow up with a service scan on those open ports

sudo nmap -sC -sV -p22,25,80,139,199,445,60000 -v -T5 [LAB_IP] -oN services.nmap