#Enumeration

Target: [LAB_IP]

##Nmap

I forgot that -A does all the scans I need to switching to that for boxes

kali  🏡  OSCP  Amaterasu

→  nmap -p- -A --open -T4 [LAB_IP] -oN amaterasu_nmap.txt                                                    15:38:26

Starting Nmap 7.93 ( https://nmap.org ) at 2023-06-27 15:38 GMT

Nmap scan report for [LAB_IP]

Host is up (0.052s latency).

Not shown: 65510 filtered tcp ports (no-response), 21 closed tcp ports (conn-refused)

Some closed ports may be reported as filtered due to --defeat-rst-ratelimit

PORT      STATE SERVICE VERSION

21/tcp    open  ftp     vsftpd 3.0.3

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

|_Can't get directory listing: TIMEOUT

| ftp-syst:

|   STAT:

| FTP server status:

|      Connected to [LAB_IP]

|      Logged in as ftp

|      TYPE: ASCII

|      No session bandwidth limit

|      Session timeout in seconds is 300

|      Control connection is plain text

|      Data connections will be plain text

|      At session startup, client count was 3

|      vsFTPd 3.0.3 - secure, fast, stable

|_End of status

25022/tcp open  ssh     OpenSSH 8.6 (protocol 2.0)

| ssh-hostkey:

|   256 [HASH_REDACTED] (ECDSA)

|_  256 [HASH_REDACTED] (ED25519)

33414/tcp open  unknown

| fingerprint-strings:

|   GetRequest, HTTPOptions:

|     HTTP/1.1 404 NOT FOUND

|     Server: Werkzeug/2.2.3 Python/3.9.13

|     Date: Tue, 27 Jun 2023 15:41:04 GMT

|     Content-Type: text/html; charset=utf-8

|     Content-Length: 207

|     Connection: close

|    

|    

|    

|    

Not Found

|    

The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

|   Help:

|     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

|     "http://www.w3.org/TR/html4/strict.dtd">

|    

|    

|    

|    

|    

|    

|    

Error response

|    

Error code: 400

|    

Message: Bad request syntax ('HELP').

|    

Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax or unsupported method.

|    

|    

|   RTSPRequest:

|     <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

|     "http://www.w3.org/TR/html4/strict.dtd">

|    

|    

|    

|    

|    

|    

|    

Error response

|    

Error code: 400

|    

Message: Bad request version ('RTSP/1.0').

|    

Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax or unsupported method.

|    

|_   

40080/tcp open  http    Apache httpd 2.4.53 ((Fedora))

|_http-server-header: Apache/2.4.53 (Fedora)

| http-methods:

|_  Potentially risky methods: TRACE

|_http-title: My test page

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port33414-TCP:V=7.93%I=7%D=6/27%Time=649B0304%P=x86_64-pc-linux-gnu%r(G

SF:etRequest,184,"HTTP/1.1\x20404\x20NOT\x20FOUND\r\nServer:\x20Werkzeug/

SF:2.2.3\x20Python/3.9.13\r\nDate:\x20Tue,\x2027\x20Jun\x202023\x2015:

SF:41:04\x20GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent

SF:-Length:\x20207\r\nConnection:\x20close\r\n\r\n<!doctype\x20html>\n<htm

SF:l\x20lang=en>\n\n

Not\x20Found</h1

SF:>\n

The\x20requested\x20URL\x20was\x20not\x20found\x20on\x20the\x20se

SF:rver.\x20If\x20you\x20entered\x20the\x20URL\x20manually\x20please\x20c

SF:heck\x20your\x20spelling\x20and\x20try\x20again.

\n")%r(HTTPOptions

SF:,184,"HTTP/1.1\x20404\x20NOT\x20FOUND\r\nServer:\x20Werkzeug/2.2.3\x

SF:20Python/3.9.13\r\nDate:\x20Tue,\x2027\x20Jun\x202023\x2015:41:04\x20

SF:GMT\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\

SF:x20207\r\nConnection:\x20close\r\n\r\n<!doctype\x20html>\n<html\x20lang

SF:=en>\n\n

Not\x20Found

The

SF:\x20requested\x20URL\x20was\x20not\x20found\x20on\x20the\x20server.\x2

SF:0If\x20you\x20entered\x20the\x20URL\x20manually\x20please\x20check\x20y

SF:our\x20spelling\x20and\x20try\x20again.

SF:OCTYPE\x20HTML\x20PUBLIC\x20"-//W3C//DTD\x20HTML\x204.01//EN"\n\x20\

SF:x20\x20\x20\x20\x20\x20\x20"http://www\.w3\.org/TR/html4/strict\.dtd\"

SF:>\n\n\x20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20\x20<met

SF:a\x20http-equiv="Content-Type"\x20content="text/html;charset=utf-8"

SF:>\n\x20\x20\x20\x20\x20\x20\x20\x20\n\x

SF:20\x20\x20\x20\n\x20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20

SF:\x20\x20

Error\x20response

SF:Error\x20code:\x20400

Message:\

SF:x20Bad\x20request\x20version\x20('RTSP/1.0').

SF:\x20\x20\x20\x20

Error\x20code\x20explanation:\x20HTTPStatus.BAD_REQ

SF:UEST\x20-\x20Bad\x20request\x20syntax\x20or\x20unsupported\x20method.<

SF:/p>\n\x20\x20\x20\x20\n\n")%r(Help,1EF,"<!DOCTYPE\x20HTML

SF:\x20PUBLIC\x20"-//W3C//DTD\x20HTML\x204.01//EN"\n\x20\x20\x20\x20\x2

SF:0\x20\x20\x20"http://www\.w3\.org/TR/html4/strict\.dtd\">\n\n\x2

SF:0\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\x20http-equi

SF:v="Content-Type"\x20content="text/html;charset=utf-8">\n\x20\x20\x2

SF:0\x20\x20\x20\x20\x20\n\x20\x20\x20\x20

SF:\n\x20\x20\x20\x20\n\x20\x20\x20\x20\x20\x20\x20\x20

Er

SF:ror\x20response

Error\x20code:

SF:\x20400

Message:\x20Bad\x20requ

SF:est\x20syntax\x20('HELP').

E

SF:rror\x20code\x20explanation:\x20HTTPStatus.BAD_REQUEST\x20-\x20Bad\x20

SF:request\x20syntax\x20or\x20unsupported\x20method.

SF:0\n\n");

Service Info: OS: Unix

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 231.54 seconds

21 - Will check this out manually