InfoSec LAB

Frolic_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/archive/htb/labs/frolic]
└─$ rustscan -a $IP -b 25000
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Real hackers hack time
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
open 10.10.10.111:22
open 10.10.10.111:139
open 10.10.10.111:445
open 10.10.10.111:1880
open 10.10.10.111:9999

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/frolic]
└─$ nmap -sC -sV -p- $IP                    
Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-11 07:36 CEST
Nmap scan report for 10.10.10.111
Host is up (0.28s latency).
Not shown: 65530 closed tcp ports (conn-refused)
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 87:7b:91:2a:0f:11:b6:57:1e:cb:9f:77:cf:35:e2:21 (RSA)
|   256 b7:9b:06:dd:c2:5e:28:44:78:41:1e:67:7d:1e:b7:62 (ECDSA)
|_  256 21:cf:16:6d:82:a4:30:c3:c6:9c:d7:38:ba:b5:02:b0 (ED25519)
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  p�+TV      Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
1880/tcp open  http        Node.js (Express middleware)
|_http-title: Node-RED
9999/tcp open  http        nginx 1.10.3 (Ubuntu)
|_http-title: Welcome to nginx!
|_http-server-header: nginx/1.10.3 (Ubuntu)
Service Info: Host: FROLIC; OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Host script results:
|_clock-skew: mean: -1h50m01s, deviation: 3h10m30s, median: -2s
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-time: 
|   date: 2023-10-11T05:50:13
|_  start_date: N/A
| smb-os-discovery: 
|   OS: Windows 6.1 (Samba 4.3.11-Ubuntu)
|   Computer name: frolic
|   NetBIOS computer name: FROLIC\x00
|   Domain name: \x00
|   FQDN: frolic
|_  System time: 2023-10-11T11:20:13+05:30
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
|_nbstat: NetBIOS name: FROLIC, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 831.18 seconds

The target system appears to be Ubuntu The Nmap script also revealed the hostname of the target system; FROLIC

The hostname has been appended to the /etc/hosts file on Kali for local DNS resolution

UDP

┌──(kali㉿kali)-[~/archive/htb/labs/frolic]
└─$ sudo nmap -sU -top-ports 1000 $IP
starting nmap 7.94 ( https://nmap.org ) at 2023-10-11 07:32 CEST
Nmap scan report for 10.10.10.111
Host is up (0.10s latency).
not shown: 997 closed udp ports (port-unreach)
PORT      STATE         SERVICE
137/udp   open          netbios-ns
138/udp   open|filtered netbios-dgm
21663/udp open|filtered unknown
 
nmap done: 1 IP address (1 host up) scanned in 1086.31 seconds

Interactive Graph View

Backlinks