Recon
$ nmap -p- --min-rate=1000 -Pn -v 192.168.217.39
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-26 20:13 CDT
Initiating Parallel DNS resolution of 1 host. at 20:13
Completed Parallel DNS resolution of 1 host. at 20:13, 0.02s elapsed
Initiating Connect Scan at 20:13
Scanning 192.168.217.39 [65535 ports]
Discovered open port 22/tcp on 192.168.217.39
Discovered open port 80/tcp on 192.168.217.39
Discovered open port 993/tcp on 192.168.217.39
Discovered open port 143/tcp on 192.168.217.39
Discovered open port 995/tcp on 192.168.217.39
Discovered open port 139/tcp on 192.168.217.39
Discovered open port 445/tcp on 192.168.217.39
Discovered open port 110/tcp on 192.168.217.39
Increasing send delay for 192.168.217.39 from 0 to 5 due to 41 out of 135 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 5 to 10 due to 31 out of 103 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 10 to 20 due to 18 out of 59 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 20 to 40 due to 46 out of 152 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 40 to 80 due to 60 out of 199 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 80 to 160 due to 58 out of 193 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 160 to 320 due to 64 out of 212 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 320 to 640 due to 61 out of 202 dropped probes since last increase.
Increasing send delay for 192.168.217.39 from 640 to 1000 due to 60 out of 198 dropped probes since last increase.
Connect Scan Timing: About 39.74% done; ETC: 20:14 (0:00:47 remaining)
Completed Connect Scan at 20:14, 72.78s elapsed (65535 total ports)
Nmap scan report for 192.168.217.39
Host is up (0.042s latency).
Not shown: 65527 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
110/tcp open pop3
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
993/tcp open imaps
995/tcp open pop3s
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 72.88 seconds
$ nmap -p 22,80,110,139,143,445,993,995 -sC -sV -Pn 192.168.217.39
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-26 20:16 CDT
Nmap scan report for 192.168.217.39
Host is up (0.047s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
| ssh-hostkey:
| 1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
|_ 2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
|_http-server-header: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
|_http-title: CS-Cart. Powerful PHP shopping cart software
110/tcp open pop3 Dovecot pop3d
|_ssl-date: 2024-08-27T01:16:39+00:00; +6s from scanner time.
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_RC4_128_WITH_MD5
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
|_pop3-capabilities: UIDL CAPA SASL TOP STLS RESP-CODES PIPELINING
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
143/tcp open imap Dovecot imapd
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_RC4_128_WITH_MD5
|_imap-capabilities: Capability SORT LITERAL+ SASL-IR completed CHILDREN STARTTLS THREAD=REFERENCES LOGINDISABLEDA0001 LOGIN-REFERRALS NAMESPACE UNSELECT OK IMAP4rev1 MULTIAPPEND IDLE
|_ssl-date: 2024-08-27T01:16:39+00:00; +6s from scanner time.
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
445/tcp open netbios-ssn Samba smbd 3.0.26a (workgroup: MSHOME)
993/tcp open ssl/imap Dovecot imapd
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_RC4_128_WITH_MD5
|_ssl-date: 2024-08-27T01:16:39+00:00; +6s from scanner time.
|_imap-capabilities: Capability SORT LITERAL+ SASL-IR completed CHILDREN THREAD=REFERENCES NAMESPACE LOGIN-REFERRALS AUTH=PLAINA0001 UNSELECT OK IMAP4rev1 MULTIAPPEND IDLE
995/tcp open ssl/pop3 Dovecot pop3d
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
|_ssl-date: 2024-08-27T01:16:39+00:00; +6s from scanner time.
|_pop3-capabilities: USER UIDL CAPA TOP SASL(PLAIN) RESP-CODES PIPELINING
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_DES_192_EDE3_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_RC4_128_WITH_MD5
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Host script results:
|_smb2-time: Protocol negotiation failed (SMB2)
|_nbstat: NetBIOS name: PAYDAY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-os-discovery:
| OS: Unix (Samba 3.0.26a)
| Computer name: payday
| NetBIOS computer name:
| Domain name:
| FQDN: payday
|_ System time: 2024-08-26T21:16:36-04:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_clock-skew: mean: 40m05s, deviation: 1h37m58s, median: 5s
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.17 seconds
Last updated