InfoSec LAB

Devel_Recon

Created: 2 min read

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/devel]
└─$ sudo nmap -AO -p- $IP
starting nmap 7.93 ( https://nmap.org ) at 2022-10-13 17:56 CEST
stats: 0:01:45 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
syn stealth scan timing: About 92.23% done; ETC: 17:58 (0:00:09 remaining)
Nmap scan report for 10.10.10.5
Host is up (0.029s latency).
not shown: 65533 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     Microsoft ftpd
| ftp-syst: 
|_  syst: Windows_NT
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-18-17  02:06AM       <DIR>          aspnet_client
| 03-17-17  05:37PM                  689 iisstart.htm
|_03-17-17  05:37PM               184946 welcome.png
80/tcp open  http    Microsoft IIS httpd 7.5
| http-methods: 
|_  potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/7.5
|_http-title: IIS7
warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
device type: specialized|general purpose|phone
running (just guessing): Microsoft Windows 7|8|Phone|2008|8.1|Vista (90%)
os cpe: cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1
aggressive os guesses: Microsoft Windows Embedded Standard 7 (90%), Microsoft Windows 8.1 Update 1 (90%), Microsoft Windows Phone 7.5 or 8.0 (90%), Microsoft Windows 7 or Windows Server 2008 R2 (90%), Microsoft Windows Server 2008 (90%), Microsoft Windows Server 2008 R2 (90%), Microsoft Windows Server 2008 R2 or Windows 8.1 (90%), Microsoft Windows Server 2008 R2 SP1 (90%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (90%), Microsoft Windows 7 (90%)
No exact OS matches for host (test conditions non-ideal).
network distance: 2 hops
service info: OS: Windows; CPE: cpe:/o:microsoft:windows
 
TRACEROUTE (using port 80/tcp)
HOP RTT      ADDRESS
1   27.96 ms 10.10.14.1
2   28.14 ms 10.10.10.5
 
os and service detection performed. please report any incorrect results at https://nmap.org/submit/ .
nmap done: 1 IP address (1 host up) scanned in 130.40 seconds

nmap scan revealed open ports of:

  • 21: Microsoft ftpd
  • 80: Microsoft IIS httpd 7.5

The target system is Microsoft Windows

Interactive Graph View

Backlinks