InfoSec LAB

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/algernon]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Scanning ports like its my full-time job. Wait, it is.
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.236.65:21
Open 192.168.236.65:80
Open 192.168.236.65:135
Open 192.168.236.65:139
Open 192.168.236.65:445
Open 192.168.236.65:5040
Open 192.168.236.65:9998
Open 192.168.236.65:17001
Open 192.168.236.65:49665
Open 192.168.236.65:49664
Open 192.168.236.65:49668
Open 192.168.236.65:49666
Open 192.168.236.65:49667
Open 192.168.236.65:49669

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/algernon]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-22 13:41 CET
Warning: 192.168.236.65 giving up on port because retransmission cap hit (2).
Nmap scan report for 192.168.236.65
Host is up (0.021s latency).
Not shown: 61215 closed tcp ports (reset), 4306 filtered tcp ports (no-response)
PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
| ftp-syst: 
|_  SYST: Windows_NT
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 04-29-20  10:31PM       <DIR>          ImapRetrieval
| 03-22-25  05:40AM       <DIR>          Logs
| 04-29-20  10:31PM       <DIR>          PopRetrieval
|_03-22-25  05:40AM       <DIR>          Spool
80/tcp    open  http          Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-title: IIS Windows
135/tcp   open  msrpc         Microsoft Windows R
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
5040/tcp  open  unknown
9998/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-IIS/10.0
| http-title: Site doesnt have a title (text/html; charset=utf-8).
|_Requested resource was /interface/root
| uptime-agent-info: HTTP/1.1 400 Bad Request\x0D
| Content-Type: text/html; charset=us-ascii\x0D
| Server: Microsoft-HTTPAPI/2.0\x0D
| Date: Sat, 22 Mar 2025 12:44:10 GMT\x0D
| Connection: close\x0D
| Content-Length: 326\x0D
| \x0D
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">\x0D
| <HTML><HEAD><TITLE>Bad Request</TITLE>\x0D
| <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>\x0D
| <BODY><h2>Bad Request - Invalid Verb</h2>\x0D
| <hr><p>HTTP Error 400. The request verb is invalid.</p>\x0D
|_</BODY></HTML>\x0D
17001/tcp open  remoting      MS .NET Remoting services
49664/tcp open  msrpc         Microsoft Windows RPC
49665/tcp open  msrpc         Microsoft Windows RPC
49666/tcp open  msrpc         Microsoft Windows RPC
49667/tcp open  msrpc         Microsoft Windows RPC
49668/tcp open  msrpc         Microsoft Windows RPC
49669/tcp open  msrpc         Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
 
Host script results:
|_clock-skew: -5s
| smb2-time: 
|   date: 2025-03-22T12:44:11
|_  start_date: N/A
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 205.11 seconds

The target system appears to be a Windows host

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/algernon]
└─$ sudo nmap -sU -Pn -top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-22 13:40 CET
Nmap scan report for 192.168.236.65
Host is up (0.020s latency).
Not shown: 991 closed udp ports (port-unreach)
PORT     STATE         SERVICE
123/udp  open|filtered ntp
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
500/udp  open|filtered isakmp
1900/udp open|filtered upnp
4500/udp open|filtered nat-t-ike
5050/udp open|filtered mmcc
5353/udp open|filtered zeroconf
5355/udp open|filtered llmnr
 
Nmap done: 1 IP address (1 host up) scanned in 744.71 seconds

InfoSec LAB

Explorer

Algernon_Recon

RustScan

Nmap

UDP

Interactive Graph View

Table of Contents

Backlinks