InfoSec LAB

SneakyMailer_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/archive/htb/labs/sneakymailer]
└─$ rustscan -a $IP -b 25000
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
🌍HACK THE PLANET🌍
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
open 10.10.10.197:21
open 10.10.10.197:22
open 10.10.10.197:25
open 10.10.10.197:80
open 10.10.10.197:143
open 10.10.10.197:993

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/sneakymailer]
└─$ nmap -sC -sV -p- $IP
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-16 10:59 CET
Nmap scan report for 10.10.10.197
Host is up (0.041s latency).
Not shown: 65528 closed tcp ports (conn-refused)
PORT     STATE SERVICE  VERSION
21/tcp   open  ftp      vsftpd 3.0.3
22/tcp   open  ssh      OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey: 
|   2048 57c900353656e66ff6de8640b2ee3efd (RSA)
|   256 d82123281db83046e2672d5965f00a05 (ECDSA)
|_  256 5e4f234ed4908ee95e8974b3190cfc1a (ED25519)
25/tcp   open  smtp     Postfix smtpd
|_smtp-commands: debian, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8, CHUNKING
80/tcp   open  http     nginx 1.14.2
|_http-title: Did not follow redirect to http://sneakycorp.htb
|_http-server-header: nginx/1.14.2
143/tcp  open  imap     Courier Imapd (released 2018)
|_imap-capabilities: SORT ACL CAPABILITY IDLE OK completed ACL2=UNION CHILDREN STARTTLS IMAP4rev1 THREAD=REFERENCES THREAD=ORDEREDSUBJECT UTF8=ACCEPTA0001 ENABLE NAMESPACE QUOTA UIDPLUS
| ssl-cert: Subject: commonName=localhost/organizationName=Courier Mail Server/stateOrProvinceName=NY/countryName=US
| Subject Alternative Name: email:postmaster@example.com
| Not valid before: 2020-05-14T17:14:21
|_Not valid after:  2021-05-14T17:14:21
|_ssl-date: TLS randomness does not represent time
993/tcp  open  ssl/imap Courier Imapd (released 2018)
|_imap-capabilities: SORT ACL CAPABILITY IDLE AUTH=PLAIN completed ACL2=UNION CHILDREN IMAP4rev1 ENABLE OK THREAD=ORDEREDSUBJECT UTF8=ACCEPTA0001 THREAD=REFERENCES QUOTA NAMESPACE UIDPLUS
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=localhost/organizationName=Courier Mail Server/stateOrProvinceName=NY/countryName=US
| Subject Alternative Name: email:postmaster@example.com
| Not valid before: 2020-05-14T17:14:21
|_Not valid after:  2021-05-14T17:14:21
8080/tcp open  http     nginx 1.14.2
|_http-title: Welcome to nginx!
|_http-open-proxy: Proxy might be redirecting requests
|_http-server-header: nginx/1.14.2
Service Info: Host:  debian; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 68.72 seconds

The target system is Debian

Interactive Graph View

Backlinks