TryHackMe - Kenobi - Oct 29th 2023
Target IP - [TARGET_IP] (Given)
Recon
nmap --top-ports 3000 -T5 [TARGET_IP] --open //Probably could do 5-10k PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2049/tcp open nfs
nmap -sC -sV --script vuln -p21,22,80,111,139,445,2049 --open -oN kenobi-nmap-run1 [TARGET_IP]
Nmap 7.94 scan initiated Mon Oct 30 21:19:40 2023 as: nmap -sC -sV --script vuln -p21,22,80,111,139,445,2049 --open -oN kenobi-nmap-run1 [TARGET_IP]
Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | 224.0.0.251 | After NULL UDP avahi packet DoS (CVE-2011-1002). |_ Hosts are all up (not vulnerable). Nmap scan report for [TARGET_IP] Host is up (0.10s latency).
PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.5 | vulners: | cpe:/a:proftpd:proftpd:1.3.5: | SAINT:FD1752E124A72FD3A26EEB9B315E8382 10.0 https://vulners.com/saint/SAINT:FD1752E124A72FD3A26EEB9B315E8382 EXPLOIT | SAINT:950EB68D408A40399926A4CCAD3CC62E 10.0 https://vulners.com/saint/SAINT:950EB68D408A40399926A4CCAD3CC62E EXPLOIT | SAINT:63FB77B9136D48259E4F0D4CDA35E957 10.0 https://vulners.com/saint/SAINT:63FB77B9136D48259E4F0D4CDA35E957 EXPLOIT | SAINT:1B08F4664C428B180EEC9617B41D9A2C 10.0 https://vulners.com/saint/SAINT:1B08F4664C428B180EEC9617B41D9A2C EXPLOIT | PROFTPD_MOD_COPY 10.0 https://vulners.com/canvas/PROFTPD_MOD_COPY EXPLOIT | PACKETSTORM:162777 10.0 https://vulners.com/packetstorm/PACKETSTORM:162777 EXPLOIT | PACKETSTORM:132218 10.0 https://vulners.com/packetstorm/PACKETSTORM:132218 EXPLOIT | PACKETSTORM:131567 10.0 https://vulners.com/packetstorm/PACKETSTORM:131567 EXPLOIT | PACKETSTORM:131555 10.0 https://vulners.com/packetstorm/PACKETSTORM:131555 EXPLOIT | PACKETSTORM:131505 10.0 https://vulners.com/packetstorm/PACKETSTORM:131505 EXPLOIT | EDB-ID:49908 10.0 https://vulners.com/exploitdb/EDB-ID:49908 EXPLOIT | CVE-2015-3306 10.0 https://vulners.com/cve/CVE-2015-3306 | 1337DAY-ID-36298 10.0 https://vulners.com/zdt/1337DAY-ID-36298 EXPLOIT | 1337DAY-ID-23720 10.0 https://vulners.com/zdt/1337DAY-ID-23720 EXPLOIT | 1337DAY-ID-23544 10.0 https://vulners.com/zdt/1337DAY-ID-23544 EXPLOIT | SSV:61050 5.0 https://vulners.com/seebug/SSV:61050 EXPLOIT | CVE-2021-46854 5.0 https://vulners.com/cve/CVE-2021-46854 | CVE-2020-9272 5.0 https://vulners.com/cve/CVE-2020-9272 | CVE-2019-19272 5.0 https://vulners.com/cve/CVE-2019-19272 | CVE-2019-19271 5.0 https://vulners.com/cve/CVE-2019-19271 | CVE-2019-19270 5.0 https://vulners.com/cve/CVE-2019-19270 | CVE-2019-18217 5.0 https://vulners.com/cve/CVE-2019-18217 | CVE-2016-3125 5.0 https://vulners.com/cve/CVE-2016-3125 | CVE-2013-4359 5.0 https://vulners.com/cve/CVE-2013-4359 |_ CVE-2017-7418 2.1 https://vulners.com/cve/CVE-2017-7418 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 (Ubuntu Linux; protocol 2.0) | vulners: | cpe:/a:openbsd:openssh:7.2p2: | PACKETSTORM:140070 7.8 https://vulners.com/packetstorm/PACKETSTORM:140070 EXPLOIT | EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 7.8 https://vulners.com/exploitpack/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 EXPLOIT | EDB-ID:40888 7.8 https://vulners.com/exploitdb/EDB-ID:40888 EXPLOIT | CVE-2016-8858 7.8 https://vulners.com/cve/CVE-2016-8858 | CVE-2016-6515 7.8 https://vulners.com/cve/CVE-2016-6515 | 1337DAY-ID-26494 7.8 https://vulners.com/zdt/1337DAY-ID-26494 EXPLOIT | SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 EXPLOIT | PRION:CVE-2023-35784 7.5 https://vulners.com/prion/PRION:CVE-2023-35784 | PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661 EXPLOIT | CVE-2023-35784 7.5 https://vulners.com/cve/CVE-2023-35784 | CVE-2016-10009 7.5 https://vulners.com/cve/CVE-2016-10009 | 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 EXPLOIT | SSV:92582 7.2 https://vulners.com/seebug/SSV:92582 EXPLOIT | CVE-2016-10012 7.2 https://vulners.com/cve/CVE-2016-10012 | CVE-2015-8325 7.2 https://vulners.com/cve/CVE-2015-8325 | SSV:92580 6.9 https://vulners.com/seebug/SSV:92580 EXPLOIT | CVE-2016-10010 6.9 https://vulners.com/cve/CVE-2016-10010 | 1337DAY-ID-26577 6.9 https://vulners.com/zdt/1337DAY-ID-26577 EXPLOIT | EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 EXPLOIT | EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 EXPLOIT | EDB-ID:46516 5.8 https://vulners.com/exploitdb/EDB-ID:46516 EXPLOIT | EDB-ID:46193 5.8 https://vulners.com/exploitdb/EDB-ID:46193 EXPLOIT | CVE-2019-6111 5.8 https://vulners.com/cve/CVE-2019-6111 | 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328 EXPLOIT | 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009 EXPLOIT | SSV:91041 5.5 https://vulners.com/seebug/SSV:91041 EXPLOIT | PACKETSTORM:140019 5.5 https://vulners.com/packetstorm/PACKETSTORM:140019 EXPLOIT | PACKETSTORM:136234 5.5 https://vulners.com/packetstorm/PACKETSTORM:136234 EXPLOIT | EXPLOITPACK:F92411A645D85F05BDBD274FD222226F 5.5 https://vulners.com/exploitpack/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F EXPLOIT | EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 5.5 https://vulners.com/exploitpack/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 EXPLOIT | EXPLOITPACK:1902C998CBF9154396911926B4C3B330 5.5 https://vulners.com/exploitpack/EXPLOITPACK:1902C998CBF9154396911926B4C3B330 EXPLOIT | EDB-ID:40858 5.5 https://vulners.com/exploitdb/EDB-ID:40858 EXPLOIT | EDB-ID:40119 5.5 https://vulners.com/exploitdb/EDB-ID:40119 EXPLOIT | EDB-ID:39569 5.5 https://vulners.com/exploitdb/EDB-ID:39569 EXPLOIT | CVE-2016-3115 5.5 https://vulners.com/cve/CVE-2016-3115 | SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM EXPLOIT | PRION:CVE-2023-27567 5.0 https://vulners.com/prion/PRION:CVE-2023-27567 | PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621 EXPLOIT | EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0 https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 EXPLOIT | EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0 https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 EXPLOIT | EDB-ID:45939 5.0 https://vulners.com/exploitdb/EDB-ID:45939 EXPLOIT | EDB-ID:45233 5.0 https://vulners.com/exploitdb/EDB-ID:45233 EXPLOIT | CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919 | CVE-2018-15473 5.0 https://vulners.com/cve/CVE-2018-15473 | CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906 | CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708 | 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 EXPLOIT | CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617 | PRION:CVE-2023-29323 4.3 https://vulners.com/prion/PRION:CVE-2023-29323 | EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF 4.3 https://vulners.com/exploitpack/EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF EXPLOIT | EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF 4.3 https://vulners.com/exploitpack/EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF EXPLOIT | EDB-ID:40136 4.3 https://vulners.com/exploitdb/EDB-ID:40136 EXPLOIT | EDB-ID:40113 4.3 https://vulners.com/exploitdb/EDB-ID:40113 EXPLOIT | CVE-2023-29323 4.3 https://vulners.com/cve/CVE-2023-29323 | CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 | CVE-2016-6210 4.3 https://vulners.com/cve/CVE-2016-6210 | 1337DAY-ID-25440 4.3 https://vulners.com/zdt/1337DAY-ID-25440 EXPLOIT | 1337DAY-ID-25438 4.3 https://vulners.com/zdt/1337DAY-ID-25438 EXPLOIT | CVE-2019-6110 4.0 https://vulners.com/cve/CVE-2019-6110 | CVE-2019-6109 4.0 https://vulners.com/cve/CVE-2019-6109 | CVE-2018-20685 2.6 https://vulners.com/cve/CVE-2018-20685 | SSV:92581 2.1 https://vulners.com/seebug/SSV:92581 EXPLOIT | CVE-2016-10011 2.1 https://vulners.com/cve/CVE-2016-10011 | PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 EXPLOIT | PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261 EXPLOIT | PACKETSTORM:138006 0.0 https://vulners.com/packetstorm/PACKETSTORM:138006 EXPLOIT | PACKETSTORM:137942 0.0 https://vulners.com/packetstorm/PACKETSTORM:137942 EXPLOIT | MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- 0.0 https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- EXPLOIT |_ 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 EXPLOIT 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | vulners: | cpe:/a:apache:http_server:2.4.18: | PACKETSTORM:171631 7.5 https://vulners.com/packetstorm/PACKETSTORM:171631 EXPLOIT | CVE-2023-25690 7.5 https://vulners.com/cve/CVE-2023-25690 | CVE-2022-31813 7.5 https://vulners.com/cve/CVE-2022-31813 | CVE-2022-23943 7.5 https://vulners.com/cve/CVE-2022-23943 | CVE-2022-22720 7.5 https://vulners.com/cve/CVE-2022-22720 | CVE-2021-44790 7.5 https://vulners.com/cve/CVE-2021-44790 | CVE-2021-39275 7.5 https://vulners.com/cve/CVE-2021-39275 | CVE-2021-26691 7.5 https://vulners.com/cve/CVE-2021-26691 | CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679 | CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169 | CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167 | CNVD-2022-73123 7.5 https://vulners.com/cnvd/CNVD-2022-73123 | CNVD-2022-03225 7.5 https://vulners.com/cnvd/CNVD-2022-03225 | CNVD-2021-102386 7.5 https://vulners.com/cnvd/CNVD-2021-102386 | 5C1BB960-90C1-5EBF-9BEF-F58BFFDFEED9 7.5 https://vulners.com/githubexploit/5C1BB960-90C1-5EBF-9BEF-F58BFFDFEED9 EXPLOIT | 1337DAY-ID-38427 7.5 https://vulners.com/zdt/1337DAY-ID-38427 EXPLOIT | EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB 7.2 https://vulners.com/exploitpack/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB EXPLOIT | EDB-ID:46676 7.2 https://vulners.com/exploitdb/EDB-ID:46676 EXPLOIT | CVE-2019-0211 7.2 https://vulners.com/cve/CVE-2019-0211 | 1337DAY-ID-32502 7.2 https://vulners.com/zdt/1337DAY-ID-32502 EXPLOIT | FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 6.8 https://vulners.com/githubexploit/FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 EXPLOIT | CVE-2021-40438 6.8 https://vulners.com/cve/CVE-2021-40438 | CVE-2020-35452 6.8 https://vulners.com/cve/CVE-2020-35452 | CVE-2018-1312 6.8 https://vulners.com/cve/CVE-2018-1312 | CVE-2017-15715 6.8 https://vulners.com/cve/CVE-2017-15715 | CVE-2016-5387 6.8 https://vulners.com/cve/CVE-2016-5387 | CNVD-2022-03224 6.8 https://vulners.com/cnvd/CNVD-2022-03224 | 8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 6.8 https://vulners.com/githubexploit/8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 EXPLOIT | 4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 6.8 https://vulners.com/githubexploit/4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 EXPLOIT | 4373C92A-2755-5538-9C91-0469C995AA9B 6.8 https://vulners.com/githubexploit/4373C92A-2755-5538-9C91-0469C995AA9B EXPLOIT | 0095E929-7573-5E4A-A7FA-F6598A35E8DE 6.8 https://vulners.com/githubexploit/0095E929-7573-5E4A-A7FA-F6598A35E8DE EXPLOIT | OSV:BIT-2023-31122 6.4 https://vulners.com/osv/OSV:BIT-2023-31122 | CVE-2022-28615 6.4 https://vulners.com/cve/CVE-2022-28615 | CVE-2021-44224 6.4 https://vulners.com/cve/CVE-2021-44224 | CVE-2019-10082 6.4 https://vulners.com/cve/CVE-2019-10082 | CVE-2017-9788 6.4 https://vulners.com/cve/CVE-2017-9788 | CVE-2019-0217 6.0 https://vulners.com/cve/CVE-2019-0217 | CVE-2022-22721 5.8 https://vulners.com/cve/CVE-2022-22721 | CVE-2020-1927 5.8 https://vulners.com/cve/CVE-2020-1927 | CVE-2019-10098 5.8 https://vulners.com/cve/CVE-2019-10098 | 1337DAY-ID-33577 5.8 https://vulners.com/zdt/1337DAY-ID-33577 EXPLOIT | CVE-2022-36760 5.1 https://vulners.com/cve/CVE-2022-36760 | SSV:96537 5.0 https://vulners.com/seebug/SSV:96537 EXPLOIT | EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D 5.0 https://vulners.com/exploitpack/EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D EXPLOIT | EXPLOITPACK:2666FB0676B4B582D689921651A30355 5.0 https://vulners.com/exploitpack/EXPLOITPACK:2666FB0676B4B582D689921651A30355 EXPLOIT | EDB-ID:42745 5.0 https://vulners.com/exploitdb/EDB-ID:42745 EXPLOIT | EDB-ID:40909 5.0 https://vulners.com/exploitdb/EDB-ID:40909 EXPLOIT | CVE-2023-31122 5.0 https://vulners.com/cve/CVE-2023-31122 | CVE-2022-37436 5.0 https://vulners.com/cve/CVE-2022-37436 | CVE-2022-30556 5.0 https://vulners.com/cve/CVE-2022-30556 | CVE-2022-29404 5.0 https://vulners.com/cve/CVE-2022-29404 | CVE-2022-28614 5.0 https://vulners.com/cve/CVE-2022-28614 | CVE-2022-26377 5.0 https://vulners.com/cve/CVE-2022-26377 | CVE-2022-22719 5.0 https://vulners.com/cve/CVE-2022-22719 | CVE-2021-34798 5.0 https://vulners.com/cve/CVE-2021-34798 | CVE-2021-33193 5.0 https://vulners.com/cve/CVE-2021-33193 | CVE-2021-26690 5.0 https://vulners.com/cve/CVE-2021-26690 | CVE-2020-1934 5.0 https://vulners.com/cve/CVE-2020-1934 | CVE-2019-17567 5.0 https://vulners.com/cve/CVE-2019-17567 | CVE-2019-0220 5.0 https://vulners.com/cve/CVE-2019-0220 | CVE-2019-0196 5.0 https://vulners.com/cve/CVE-2019-0196 | CVE-2018-17199 5.0 https://vulners.com/cve/CVE-2018-17199 | CVE-2018-17189 5.0 https://vulners.com/cve/CVE-2018-17189 | CVE-2018-1333 5.0 https://vulners.com/cve/CVE-2018-1333 | CVE-2018-1303 5.0 https://vulners.com/cve/CVE-2018-1303 | CVE-2017-9798 5.0 https://vulners.com/cve/CVE-2017-9798 | CVE-2017-15710 5.0 https://vulners.com/cve/CVE-2017-15710 | CVE-2016-8743 5.0 https://vulners.com/cve/CVE-2016-8743 | CVE-2016-8740 5.0 https://vulners.com/cve/CVE-2016-8740 | CVE-2016-4979 5.0 https://vulners.com/cve/CVE-2016-4979 | CVE-2006-20001 5.0 https://vulners.com/cve/CVE-2006-20001 | CNVD-2022-73122 5.0 https://vulners.com/cnvd/CNVD-2022-73122 | CNVD-2022-53584 5.0 https://vulners.com/cnvd/CNVD-2022-53584 | CNVD-2022-53582 5.0 https://vulners.com/cnvd/CNVD-2022-53582 | CNVD-2022-03223 5.0 https://vulners.com/cnvd/CNVD-2022-03223 | 1337DAY-ID-28573 5.0 https://vulners.com/zdt/1337DAY-ID-28573 EXPLOIT | CVE-2020-11985 4.3 https://vulners.com/cve/CVE-2020-11985 | CVE-2019-10092 4.3 https://vulners.com/cve/CVE-2019-10092 | CVE-2018-1302 4.3 https://vulners.com/cve/CVE-2018-1302 | CVE-2018-1301 4.3 https://vulners.com/cve/CVE-2018-1301 | CVE-2018-11763 4.3 https://vulners.com/cve/CVE-2018-11763 | CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975 | CVE-2016-1546 4.3 https://vulners.com/cve/CVE-2016-1546 | 4013EC74-B3C1-5D95-938A-54197A58586D 4.3 https://vulners.com/githubexploit/4013EC74-B3C1-5D95-938A-54197A58586D EXPLOIT | 1337DAY-ID-33575 4.3 https://vulners.com/zdt/1337DAY-ID-33575 EXPLOIT | CVE-2018-1283 3.5 https://vulners.com/cve/CVE-2018-1283 | CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612 |_ PACKETSTORM:152441 0.0 https://vulners.com/packetstorm/PACKETSTORM:152441 EXPLOIT |http-stored-xss: Couldn't find any stored XSS vulnerabilities. |http-server-header: Apache/2.4.18 (Ubuntu) | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 | http-enum: | /admin.html: Possible admin folder | /robots.txt: Robots file |_http-csrf: Couldn't find any CSRF vulnerabilities. |http-dombased-xss: Couldn't find any DOM based XSS. 111/tcp open rpcbind 2-4 (RPC #100000) | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/udp rpcbind | 100000 3,4 111/tcp6 rpcbind | 100000 3,4 111/udp6 rpcbind | 100003 2,3,4 2049/tcp nfs | 100003 2,3,4 2049/tcp6 nfs | 100003 2,3,4 2049/udp nfs | 100003 2,3,4 2049/udp6 nfs | 100005 1,2,3 34402/udp6 mountd | 100005 1,2,3 35970/udp mountd | 100005 1,2,3 42115/tcp6 mountd | 100005 1,2,3 45035/tcp mountd | 100021 1,3,4 35551/tcp nlockmgr | 100021 1,3,4 36651/tcp6 nlockmgr | 100021 1,3,4 38722/udp6 nlockmgr | 100021 1,3,4 39727/udp nlockmgr | 100227 2,3 2049/tcp nfs_acl | 100227 2,3 2049/tcp6 nfs_acl | 100227 2,3 2049/udp nfs_acl | 100227 2,3 2049/udp6 nfs_acl 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 2049/tcp open nfs 2-4 (RPC #100003) Service Info: Host: KENOBI; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel