InfoSec LAB

BitForge_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
TreadStone was here 🚀
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.196.186:22
Open 192.168.196.186:80
Open 192.168.196.186:3306

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP --open
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-12 16:36 CEST
Nmap scan report for 192.168.196.186
Host is up (0.033s latency).
Not shown: 65531 filtered tcp ports (no-response), 1 closed tcp port (reset)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 9.6p1 Ubuntu 3ubuntu13.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 f2:5a:a9:66:65:3e:d0:b8:9d:a5:16:8c:e8:16:37:e2 (ECDSA)
|_  256 9b:2d:1d:f8:13:74:ce:96:82:4e:19:35:f9:7e:1b:68 (ED25519)
80/tcp   open  http    Apache httpd
|_http-title: Did not follow redirect to http://bitforge.lab/
|_http-server-header: Apache
| http-git: 
|   192.168.196.186:80/.git/
|     Git repository found!
|     .git/config matched patterns 'user'
|     Repository description: Unnamed repository; edit this file 'description' to name the...
|_    Last commit message: created .env to store the database configuration 
3306/tcp open  mysql   MySQL 8.0.40-0ubuntu0.24.04.1
| ssl-cert: Subject: commonName=MySQL_Server_8.0.40_Auto_Generated_Server_Certificate
| Not valid before: 2025-01-15T14:38:11
|_Not valid after:  2035-01-13T14:38:11
|_ssl-date: TLS randomness does not represent time
| mysql-info: 
|   Protocol: 10
|   Version: 8.0.40-0ubuntu0.24.04.1
|   Thread ID: 24
|   Capabilities flags: 65535
|   Some Capabilities: Support41Auth, ConnectWithDatabase, LongColumnFlag, ODBCClient, SupportsLoadDataLocal, SupportsTransactions, IgnoreSigpipes, SwitchToSSLAfterHandshake, IgnoreSpaceBeforeParenthesis, SupportsCompression, Speaks41ProtocolNew, FoundRows, InteractiveClient, Speaks41ProtocolOld, LongPassword, DontAllowDatabaseTableColumn, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
|   Status: Autocommit
|   Salt: \x01\x7Fg\x14T\x1D]a@\x1E\x0F@(\x12w28|\x05q
|_  Auth Plugin Name: caching_sha2_password
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 87.32 seconds

The target system appears to be Ubuntu

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/bitforge]
└─$ sudo nmap -sU --top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-12 16:36 CEST
Nmap scan report for 192.168.196.186
Host is up (0.020s latency).
All 1000 scanned ports on 192.168.196.186 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
 
Nmap done: 1 IP address (1 host up) scanned in 21.50 seconds

Interactive Graph View

Backlinks