RustScan
┌──(kali㉿kali)-[~/archive/htb/labs/beep]
└─$ rustscan -a $IP
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy :
: https://github.com/RustScan/RustScan :
--------------------------------------
0day was here ♥
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'.
open 10.10.10.7:25
open 10.10.10.7:22
open 10.10.10.7:80
open 10.10.10.7:110
open 10.10.10.7:111
open 10.10.10.7:143
open 10.10.10.7:443
open 10.10.10.7:878
open 10.10.10.7:993
open 10.10.10.7:995
open 10.10.10.7:3306
open 10.10.10.7:4190
open 10.10.10.7:4445
open 10.10.10.7:4559
open 10.10.10.7:5038
open 10.10.10.7:10000Nmap
┌──(kali㉿kali)-[~/archive/htb/labs/beep]
└─$ nmap -Pn -sC -sV -p- $IP
Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-15 15:34 CEST
Nmap scan report for 10.10.10.7
Host is up (0.028s latency).
Not shown: 65519 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey:
| 1024 adee5abb6937fb27afb83072a0f96f53 (DSA)
|_ 2048 bcc6735913a18a4b550750f6651d6d0d (RSA)
25/tcp open smtp Postfix smtpd
|_smtp-commands: beep.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN
80/tcp open http Apache httpd 2.2.3
|_http-title: Did not follow redirect to https://10.10.10.7/
|_http-server-header: Apache/2.2.3 (CentOS)
110/tcp open pop3 Cyrus pop3d 2.3.7-Invoca-RPM-2.3.7-7.el5_6.4
|_pop3-capabilities: UIDL PIPELINING STLS AUTH-RESP-CODE TOP EXPIRE(NEVER) APOP LOGIN-DELAY(0) USER IMPLEMENTATION(Cyrus POP3 server v2) RESP-CODES
111/tcp open rpcbind 2 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2 111/tcp rpcbind
| 100000 2 111/udp rpcbind
| 100024 1 875/udp status
|_ 100024 1 878/tcp status
143/tcp open imap Cyrus imapd 2.3.7-Invoca-RPM-2.3.7-7.el5_6.4
|_imap-capabilities: STARTTLS Completed THREAD=ORDEREDSUBJECT NO LITERAL+ QUOTA URLAUTHA0001 CHILDREN ATOMIC X-NETSCAPE LIST-SUBSCRIBED ANNOTATEMORE THREAD=REFERENCES CONDSTORE IMAP4 UIDPLUS LISTEXT CATENATE IDLE MAILBOX-REFERRALS SORT=MODSEQ ID BINARY MULTIAPPEND OK RIGHTS=kxte UNSELECT NAMESPACE ACL RENAME SORT IMAP4rev1
443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
|_ssl-date: 2022-10-15T13:43:18+00:00; -2s from scanner time.
| http-robots.txt: 1 disallowed entry
|_/
|_http-title: Elastix - Login page
| ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
| Not valid before: 2017-04-07T08:22:08
|_Not valid after: 2018-04-07T08:22:08
|_http-server-header: Apache/2.2.3 (CentOS)
878/tcp open status 1 (RPC #100024)
993/tcp open ssl/imap Cyrus imapd
|_imap-capabilities: CAPABILITY
995/tcp open pop3 Cyrus pop3d
3306/tcp open mysql MySQL (unauthorized)
4190/tcp open sieve Cyrus timsieved 2.3.7-Invoca-RPM-2.3.7-7.el5_6.4 (included w/cyrus imap)
4445/tcp open upnotifyp?
4559/tcp open hylafax HylaFAX 4.3.10
5038/tcp open asterisk Asterisk Call Manager 1.1
10000/tcp open http MiniServ 1.570 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
Service Info: Hosts: beep.localdomain, 127.0.0.1, example.com, localhost; OS: Unix
Host script results:
|_clock-skew: -2s
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 737.42 secondsThe target system is CentOS