Recon
$ nmap -p- --min-rate=1000 -Pn -v 192.168.165.61
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-16 16:39 CDT
Initiating Parallel DNS resolution of 1 host. at 16:39
Completed Parallel DNS resolution of 1 host. at 16:39, 0.02s elapsed
Initiating Connect Scan at 16:39
Scanning 192.168.165.61 [65535 ports]
Discovered open port 445/tcp on 192.168.165.61
Discovered open port 80/tcp on 192.168.165.61
Increasing send delay for 192.168.165.61 from 0 to 5 due to 11 out of 24 dropped probes since last increase.
Increasing send delay for 192.168.165.61 from 5 to 10 due to 25 out of 83 dropped probes since last increase.
Increasing send delay for 192.168.165.61 from 10 to 20 due to 16 out of 53 dropped probes since last increase.
Discovered open port 139/tcp on 192.168.165.61
Discovered open port 21/tcp on 192.168.165.61
Discovered open port 135/tcp on 192.168.165.61
Discovered open port 8081/tcp on 192.168.165.61
Discovered open port 49668/tcp on 192.168.165.61
Discovered open port 49669/tcp on 192.168.165.61
Connect Scan Timing: About 46.43% done; ETC: 16:41 (0:00:36 remaining)
Discovered open port 49664/tcp on 192.168.165.61
Discovered open port 49665/tcp on 192.168.165.61
Discovered open port 5040/tcp on 192.168.165.61
Discovered open port 49667/tcp on 192.168.165.61
Discovered open port 7680/tcp on 192.168.165.61
Discovered open port 49666/tcp on 192.168.165.61
Completed Connect Scan at 16:41, 65.77s elapsed (65535 total ports)
Nmap scan report for 192.168.165.61
Host is up (0.048s latency).
Not shown: 65521 closed tcp ports (conn-refused)
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5040/tcp open unknown
7680/tcp open pando-pub
8081/tcp open blackice-icecap
49664/tcp open unknown
49665/tcp open unknown
49666/tcp open unknown
49667/tcp open unknown
49668/tcp open unknown
49669/tcp open unknown
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 65.90 seconds$ nmap -sC -sV -T5 --script=vuln -Pn -p 21,80,135,445,5040,7680,8081,49664-49669 192.168.165.61
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-16 16:56 CDT
Stats: 0:07:14 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 1 (1 waiting)
NSE Timing: About 99.93% done; ETC: 17:04 (0:00:00 remaining)
Nmap scan report for 192.168.165.61
Host is up (0.045s latency).
Scanned at 2024-08-16 16:57:08 CDT for 427s
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
80/tcp open http Microsoft IIS httpd 10.0
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:
| http://www.exploit-db.com/exploits/1244/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Microsoft-IIS/10.0
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
135/tcp open msrpc Microsoft Windows RPC
445/tcp open microsoft-ds?
5040/tcp open unknown
7680/tcp closed pando-pub
8081/tcp open http Jetty 9.4.18.v20190429
| vulners:
| Jetty 9.4.18.v20190429:
|_ CVE-2024-22201 7.5 https://vulners.com/cve/CVE-2024-22201
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-fileupload-exploiter:
|
|_ Couldn't find a file-type field.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Nexus/3.21.0-05 (OSS)
| http-enum:
|_ /robots.txt: Robots file
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_smb-vuln-ms10-054: false
|_samba-vuln-cve-2012-1182: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
|_smb-vuln-ms10-061: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
Final times for host: srtt: 44897 rttvar: 2894 to: 56473
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Read from /usr/bin/../share/nmap: nmap-protocols nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 437.63 secondsLast updated