nmap

  ___                        
 ( _ ) _ __ ___   __ _ _ __  
 / _ \| '_ ` _ \ / _` | '_ \ 
| (_) | | | | | | (_| | |_) |
 \___/|_| |_| |_|\__,_| .__/ 
                      |_|    
          adot8 <3

[+] Scanning 192.168.160.136 [65535 TCP ports]


[+] Enumerating 192.168.160.136 [22,25,80,389,443,5667]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-20 05:56 CDT
Nmap scan report for 192.168.160.136
Host is up (0.042s latency).

PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 b8:8c:40:f6:5f:2a:8b:f7:92:a8:81:4b:bb:59:6d:02 (RSA)
|   256 e7:bb:11:c1:2e:cd:39:91:68:4e:aa:01:f6:de:e6:19 (ECDSA)
|_  256 0f:8e:28:a7:b7:1d:60:bf:a6:2b:dd:a3:6d:d1:4e:a4 (ED25519)
25/tcp   open  smtp       Postfix smtpd
| ssl-cert: Subject: commonName=ubuntu
| Not valid before: 2020-09-08T17:59:00
|_Not valid after:  2030-09-06T17:59:00
|_ssl-date: TLS randomness does not represent time
|_smtp-commands: ubuntu, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN
80/tcp   open  http       Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Nagios XI
389/tcp  open  ldap       OpenLDAP 2.2.X - 2.3.X
443/tcp  open  ssl/http   Apache httpd 2.4.18 ((Ubuntu))
|_http-title: Nagios XI
| tls-alpn: 
|_  http/1.1
|_http-server-header: Apache/2.4.18 (Ubuntu)
| ssl-cert: Subject: commonName=192.168.1.6/organizationName=Nagios Enterprises/stateOrProvinceName=Minnesota/countryName=US
| Not valid before: 2020-09-08T18:28:08
|_Not valid after:  2030-09-06T18:28:08
|_ssl-date: TLS randomness does not represent time
5667/tcp open  tcpwrapped
Service Info: Host:  ubuntu; OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.68 seconds

[+] Enumerating 192.168.160.136 for vulnerabilities [22,25,80,389,443,5667]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-20 05:57 CDT
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 192.168.160.136
Host is up (0.049s latency).

PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
| smtp-vuln-cve2010-4344: 
|_  The SMTP server is not Exim: NOT VULNERABLE
| ssl-dh-params: 
|   VULNERABLE:
|   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use anonymous
|       Diffie-Hellman key exchange only provide protection against passive
|       eavesdropping, and are vulnerable to active man-in-the-middle attacks
|       which could completely compromise the confidentiality and integrity
|       of any data exchanged over the resulting session.
|     Check results:
|       ANONYMOUS DH GROUP 1
|             Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: Unknown/Custom-generated
|             Modulus Length: 2048
|             Generator Length: 8
|             Public Key Length: 2048
|     References:
|_      https://www.ietf.org/rfc/rfc2246.txt
80/tcp   open  http
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.160.136
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://192.168.160.136:80/nagiosxi/login.php?redirect=/nagiosxi/index.php%3F&noauth=1
|     Form id: loginform
|     Form action: /nagiosxi/login.php
|     
|     Path: http://192.168.160.136:80/nagiosxi/login.php?redirect=/nagiosxi/index.php%3F&noauth=1
|     Form id: loginform
|     Form action: /nagiosxi/login.php
|     
|     Path: http://192.168.160.136:80/nagiosxi/login.php
|     Form id: loginform
|_    Form action: /nagiosxi/login.php
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-fileupload-exploiter: 
|   
|     Couldn't find a file-type field.
|   
|_    Couldn't find a file-type field.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
389/tcp  open  ldap
443/tcp  open  https
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.160.136
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: https://192.168.160.136:443/nagiosxi/login.php?redirect=/nagiosxi/index.php%3F&noauth=1
|     Form id: loginform
|     Form action: /nagiosxi/login.php
|     
|     Path: https://192.168.160.136:443/nagiosxi/login.php?redirect=/nagiosxi/index.php%3F&noauth=1
|     Form id: loginform
|     Form action: /nagiosxi/login.php
|     
|     Path: https://192.168.160.136:443/nagiosxi/includes/js/views.js?1555548979
|     Form id: addview_form
|     Form action: "+ajax_helper_url+"
|     
|     Path: https://192.168.160.136:443/nagiosxi/includes/js/views.js?1555548979
|     Form id: editview_form
|     Form action: "+ajax_helper_url+"
|     
|     Path: https://192.168.160.136:443/nagiosxi/includes/js/views.js?1555548979
|     Form id: addview_form
|     Form action: "+ajax_helper_url+"
|     
|     Path: https://192.168.160.136:443/nagiosxi/includes/js/dashlets.js?1555548979
|     Form id: addtodashboard_form
|_    Form action: "+ajax_helper_url+"
| http-fileupload-exploiter: 
|   
|_    Couldn't find a file-type field.
5667/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 349.64 seconds

[+] Scanning 192.168.160.136 [1000 UDP ports]
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-20 06:02 CDT
Initiating Ping Scan at 06:02
Scanning 192.168.160.136 [4 ports]
Completed Ping Scan at 06:02, 0.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 06:02
Completed Parallel DNS resolution of 1 host. at 06:02, 0.01s elapsed
Initiating UDP Scan at 06:02
Scanning 192.168.160.136 [100 ports]
Increasing send delay for 192.168.160.136 from 0 to 50 due to 11 out of 15 dropped probes since last increase.
Increasing send delay for 192.168.160.136 from 50 to 100 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 192.168.160.136 from 100 to 200 due to 11 out of 12 dropped probes since last increase.
Completed UDP Scan at 06:03, 36.32s elapsed (100 total ports)
Nmap scan report for 192.168.160.136
Host is up (0.067s latency).
Not shown: 61 open|filtered udp ports (no-response)
PORT      STATE  SERVICE
69/udp    closed tftp
80/udp    closed http
111/udp   closed rpcbind
135/udp   closed msrpc
137/udp   closed netbios-ns
139/udp   closed netbios-ssn
161/udp   closed snmp
177/udp   closed xdmcp
427/udp   closed svrloc
443/udp   closed https
518/udp   closed ntalk
593/udp   closed http-rpc-epmap
626/udp   closed serialnumberd
1025/udp  closed blackjack
1026/udp  closed win-rpc
1027/udp  closed unknown
1029/udp  closed solid-mux
1434/udp  closed ms-sql-m
1701/udp  closed L2TP
1718/udp  closed h225gatedisc
1719/udp  closed h323gatestat
1812/udp  closed radius
1900/udp  closed upnp
2000/udp  closed cisco-sccp
4500/udp  closed nat-t-ike
9200/udp  closed wap-wsp
20031/udp closed bakbonenetvault
31337/udp closed BackOrifice
32768/udp closed omad
32771/udp closed sometimes-rpc6
49152/udp closed unknown
49154/udp closed unknown
49181/udp closed unknown
49182/udp closed unknown
49191/udp closed unknown
49193/udp closed unknown
49200/udp closed unknown
49201/udp closed unknown
65024/udp closed unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 36.58 seconds
           Raw packets sent: 655 (40.164KB) | Rcvd: 42 (3.685KB)

[+] Completed!