network

Offsec - Slort - Apr 22nd 2023

1337 Sheets
1337 Sheets
·
Offsec - Slort - Apr 22nd 2023

Target given: [LAB_IP]

Nmap on target: sudo nmap -sC -sV -v -p- [LAB_IP] (-sC Common scripts; -sV service Versions; -v verbose (start seeing data to research results sooner); -p- all ports)

Takes some time since it runs through a lot of scripts

Nmap scan report for [LAB_IP]

Host is up (0.00032s latency).

Not shown: 65520 closed tcp ports (conn-refused)

PORT      STATE SERVICE       VERSION

21/tcp    open  ftp           FileZilla ftpd 0.9.41 beta

| ftp-syst:

|_  SYST: UNIX emulated by FileZilla

135/tcp   open  msrpc         Microsoft Windows RPC

139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn

445/tcp   open  microsoft-ds?

3306/tcp  open  mysql?

| fingerprint-strings:

|   NULL:

|_    Host '[LAB_IP]' is not allowed to connect to this MariaDB server

4443/tcp  open  http          Apache httpd 2.4.43 ((Win64) OpenSSL/1.1.1g PHP/7.4.6)

| http-title: Welcome to XAMPP

|_Requested resource was http://[LAB_IP]:4443/dashboard/

|_http-server-header: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6

5040/tcp  open  unknown

7680/tcp  open  pando-pub?

8080/tcp  open  http          Apache httpd 2.4.43 ((Win64) OpenSSL/1.1.1g PHP/7.4.6)

|_http-server-header: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6

|_http-open-proxy: Proxy might be redirecting requests

| http-title: Welcome to XAMPP

|_Requested resource was http://[LAB_IP]:8080/dashboard/

49664/tcp open  msrpc         Microsoft Windows RPC

49665/tcp open  msrpc         Microsoft Windows RPC

49666/tcp open  msrpc         Microsoft Windows RPC

49667/tcp open  msrpc         Microsoft Windows RPC

49668/tcp open  msrpc         Microsoft Windows RPC

49669/tcp open  msrpc         Microsoft Windows RPC

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port3306-TCP:V=7.93%I=7%D=4/22%Time=6443DF93%P=x86_64-pc-linux-gnu%r(NU

SF:LL,4C,"H\0\0\x01\xffj\x04Host\x20'192.168.49.53'\x20is\x20not\x20all

SF:owed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server");

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:

| smb2-security-mode:

|   311:

|_    Message signing enabled but not required

| smb2-time:

|   date: 2023-04-22T13:25:08

|_  start_date: N/A

Results show that it's a windows device due to all the msrpc ports open.

Also 445 is SMB

Zenith AI analysis:

FileZilla FTP Server 0.9.41 beta (Port 21):

FileZilla version 0.9.41 is a beta version, which means it might not be stable and may contain undiscovered vulnerabilities. It is advisable to update to a stable version.

Microsoft Windows RPC (Ports 135, 49664-49669):

Remote Procedure Call (RPC) services are known to have potential vulnerabilities that can be exploited, such as buffer overflows, DoS attacks, or unauthorized access.

NetBIOS-ssn (Port 139) and Microsoft-ds (Port 445):

These services are used for file sharing and are associated with the SMB protocol. Vulnerabilities in these services can lead to unauthorized access or information disclosure, such as the EternalBlue exploit.