InfoSec LAB

Butch_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/butch]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Scanning ports: The virtual equivalent of knocking on doors.
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.238.63:21
Open 192.168.238.63:25
Open 192.168.238.63:135
Open 192.168.238.63:139
Open 192.168.238.63:445
Open 192.168.238.63:450
Open 192.168.238.63:5985

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/butch]
└─$ nmap -p- -T5 --min-parallelism 100 --max-parallelism 256 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-26 13:13 CET
Nmap scan report for 192.168.238.63
Host is up (0.023s latency).
Not shown: 65528 filtered tcp ports (no-response)
PORT     STATE SERVICE
21/tcp   open  ftp
25/tcp   open  smtp
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
450/tcp  open  tserver
5985/tcp open  wsman
 
Nmap done: 1 IP address (1 host up) scanned in 72.75 seconds
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/butch]
└─$ nmap -Pn -sC -sV -p21,25,135,139,445,450,5985 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-26 13:16 CET
Nmap scan report for 192.168.238.63
Host is up (0.021s latency).
 
PORT     STATE SERVICE       VERSION
21/tcp   open  ftp           Microsoft ftpd
| ftp-syst: 
|_  SYST: Windows_NT
25/tcp   open  smtp          Microsoft ESMTP 10.0.17763.1
| smtp-commands: butch Hello [192.168.45.221], TURN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK
|_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ETRN BDAT VRFY
135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp  open  microsoft-ds?
450/tcp  open  http          Microsoft IIS httpd 10.0
|_http-title: Butch
|_http-server-header: Microsoft-IIS/10.0
| http-methods: 
|_  Potentially risky methods: TRACE
5985/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
Service Info: Host: butch; OS: Windows; CPE: cpe:/o:microsoft:windows
 
Host script results:
|_clock-skew: -9s
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2025-02-26T12:16:21
|_  start_date: N/A
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 52.14 seconds

The target system appears to be a Windows

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/butch]
└─$ sudo nmap -sU -Pn -top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-26 13:14 CET
Nmap scan report for 192.168.238.63
Host is up.
All 1000 scanned ports on 192.168.238.63 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
 
Nmap done: 1 IP address (1 host up) scanned in 201.35 seconds

Interactive Graph View

Backlinks