Recon
$ nmap -p- --min-rate=1000 -Pn 192.168.166.42 -v
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 21:42 CDT
Initiating Parallel DNS resolution of 1 host. at 21:42
Completed Parallel DNS resolution of 1 host. at 21:42, 0.02s elapsed
Initiating Connect Scan at 21:42
Scanning 192.168.166.42 [65535 ports]
Discovered open port 80/tcp on 192.168.166.42
Discovered open port 445/tcp on 192.168.166.42
Discovered open port 199/tcp on 192.168.166.42
Discovered open port 139/tcp on 192.168.166.42
Discovered open port 25/tcp on 192.168.166.42
Discovered open port 22/tcp on 192.168.166.42
Discovered open port 60000/tcp on 192.168.166.42
Increasing send delay for 192.168.166.42 from 0 to 5 due to max_successful_tryno increase to 4
Increasing send delay for 192.168.166.42 from 5 to 10 due to max_successful_tryno increase to 5
Increasing send delay for 192.168.166.42 from 10 to 20 due to 18 out of 59 dropped probes since last increase.
Increasing send delay for 192.168.166.42 from 20 to 40 due to 18 out of 58 dropped probes since last increase.
Completed Connect Scan at 21:43, 49.28s elapsed (65535 total ports)
Nmap scan report for 192.168.166.42
Host is up (0.043s latency).
Not shown: 65528 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
139/tcp open netbios-ssn
199/tcp open smux
445/tcp open microsoft-ds
60000/tcp open unknown
$ nmap -sC -sV -T5 -Pn -p 22,25,80,139,199,445,6000 192.168.166.42
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 21:45 CDT
Nmap scan report for 192.168.166.42
Host is up (0.046s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.8.1p1 Debian 8.sarge.6 (protocol 2.0)
| ssh-hostkey:
| 1024 30:3e:a4:13:5f:9a:32:c0:8e:46:eb:26:b3:5e:ee:6d (DSA)
|_ 1024 af:a2:49:3e:d8:f2:26:12:4a:a0:b5:ee:62:76:b0:18 (RSA)
25/tcp open smtp Sendmail 8.13.4/8.13.4/Debian-3sarge3
| smtp-commands: localhost.localdomain Hello [192.168.45.204], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE, DSN, ETRN, DELIVERBY, HELP
|_ 2.0.0 This is sendmail version 8.13.4 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation send email to 2.0.0 sendmail-bugs@sendmail.org. 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info
80/tcp open http Apache httpd 1.3.33 ((Debian GNU/Linux))
|_http-title: Ph33r
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/1.3.33 (Debian GNU/Linux)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
199/tcp open smux Linux SNMP multiplexer
445/tcp open netbios-ssn Samba smbd 3.0.14a-Debian (workgroup: WORKGROUP)
6000/tcp closed X11
Service Info: Host: localhost.localdomain; OSs: Linux, Unix; CPE: cpe:/o:linux:linux_kernel
Host script results:
| smb-security-mode:
| account_used: guest
| authentication_level: share (dangerous)
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_nbstat: NetBIOS name: 0XBABE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
|_clock-skew: mean: 5h59m59s, deviation: 2h49m43s, median: 3h59m58s
| smb-os-discovery:
| OS: Unix (Samba 3.0.14a-Debian)
| NetBIOS computer name:
| Workgroup: WORKGROUP\x00
|_ System time: 2024-08-16T02:45:59-04:00
|_smb2-time: Protocol negotiation failed (SMB2)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.07 secondLast updated