RustScan
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hepet]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog :
: https://github.com/RustScan/RustScan :
--------------------------------------
I scanned my computer so many times, it thinks we're dating.
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.159.140:25
Open 192.168.159.140:79
Open 192.168.159.140:105
Open 192.168.159.140:106
Open 192.168.159.140:110
Open 192.168.159.140:135
Open 192.168.159.140:139
Open 192.168.159.140:143
Open 192.168.159.140:443
Open 192.168.159.140:445
Open 192.168.159.140:2224
Open 192.168.159.140:5040
Open 192.168.159.140:7680
Open 192.168.159.140:8000
Open 192.168.159.140:11100
Open 192.168.159.140:20001
Open 192.168.159.140:33006
Open 192.168.159.140:49664
Open 192.168.159.140:49668
Open 192.168.159.140:49667
Open 192.168.159.140:49665
Open 192.168.159.140:49666
Open 192.168.159.140:49669Nmap
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hepet]
└─$ nmap -p- $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-04 14:52 CET
Nmap scan report for 192.168.159.140
Host is up (0.020s latency).
Not shown: 65513 closed tcp ports (reset)
PORT STATE SERVICE
25/tcp open smtp
79/tcp open finger
105/tcp open csnet-ns
106/tcp open pop3pw
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
2224/tcp open efi-mg
5040/tcp open unknown
8000/tcp open http-alt
11100/tcp open unknown
20001/tcp open microsan
33006/tcp open unknown
49664/tcp open unknown
49665/tcp open unknown
49666/tcp open unknown
49667/tcp open unknown
49668/tcp open unknown
49669/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 25.16 seconds
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hepet]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-04 12:53 CET
Warning: 192.168.159.140 giving up on port because retransmission cap hit (2).
Nmap scan report for 192.168.159.140
Host is up (0.019s latency).
Not shown: 64608 closed tcp ports (reset), 904 filtered tcp ports (no-response)
Host script results:
PORT STATE SERVICE VERSION
25/tcp open smtp Mercury/32 smtpd (Mail server account Maiser)
| smtp-commands: localhost Hello nmap.scanme.org; ESMTPs are:, TIME, SIZE 0, HELP
|_ Recognized SMTP commands are: HELO EHLO MAIL RCPT DATA RSET AUTH NOOP QUIT HELP VRFY SOML Mail server account is 'Maiser'.
79/tcp open finger Mercury/32 fingerd
| finger: Login: Admin Name: Mail System Administrator\x0D
| \x0D
|_[No profile information]\x0D
105/tcp open ph-addressbook Mercury/32 PH addressbook server
106/tcp open pop3pw Mercury/32 poppass service
110/tcp open pop3 Mercury/32 pop3d
|_pop3-capabilities: USER APOP UIDL EXPIRE(NEVER) TOP
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
143/tcp open imap Mercury/32 imapd 4.62
|_imap-capabilities: AUTH=PLAIN CAPABILITY IMAP4rev1 X-MERCURY-1A0001 complete OK
443/tcp open ssl/http Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1g PHP/7.3.23)
| tls-alpn:
|_ http/1.1
| ssl-cert: Subject: commonName=localhost
| Not valid before: 2009-11-10T23:48:47
|_Not valid after: 2019-11-08T23:48:47
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.3.23
|_ssl-date: TLS randomness does not represent time
|_http-title: Time Travel Company Page
445/tcp open microsoft-ds?
|_clock-skew: -6s
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
| smb2-time:
| date: 2025-03-04T11:56:22
|_ start_date: N/A
2224/tcp open http Mercury/32 httpd
|_http-title: Mercury HTTP Services
5040/tcp open unknown
7680/tcp open pando-pub?
8000/tcp open http Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1g PHP/7.3.23)
|_http-open-proxy: Proxy might be redirecting requests
| http-methods:
|_ Potentially risky methods: TRACE
|_http-title: Time Travel Company Page
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.3.23
11100/tcp open vnc VNC (protocol 3.8)
| vnc-info:
| Protocol version: 3.8
| Security types:
|_ Unknown security type (40)
20001/tcp open ftp FileZilla ftpd 0.9.41 beta
|_ftp-bounce: bounce working!
| ftp-syst:
|_ SYST: UNIX emulated by FileZilla
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| -r--r--r-- 1 ftp ftp 312 Oct 20 2020 .babelrc
| -r--r--r-- 1 ftp ftp 147 Oct 20 2020 .editorconfig
| -r--r--r-- 1 ftp ftp 23 Oct 20 2020 .eslintignore
| -r--r--r-- 1 ftp ftp 779 Oct 20 2020 .eslintrc.js
| -r--r--r-- 1 ftp ftp 167 Oct 20 2020 .gitignore
| -r--r--r-- 1 ftp ftp 228 Oct 20 2020 .postcssrc.js
| -r--r--r-- 1 ftp ftp 346 Oct 20 2020 .tern-project
| drwxr-xr-x 1 ftp ftp 0 Oct 20 2020 build
| drwxr-xr-x 1 ftp ftp 0 Oct 20 2020 config
| -r--r--r-- 1 ftp ftp 1376 Oct 20 2020 index.html
| -r--r--r-- 1 ftp ftp 425010 Oct 20 2020 package-lock.json
| -r--r--r-- 1 ftp ftp 2454 Oct 20 2020 package.json
| -r--r--r-- 1 ftp ftp 1100 Oct 20 2020 README.md
| drwxr-xr-x 1 ftp ftp 0 Oct 20 2020 src
| drwxr-xr-x 1 ftp ftp 0 Oct 20 2020 static
|_-r--r--r-- 1 ftp ftp 127 Oct 20 2020 _redirects
33006/tcp open mysql MariaDB 10.3.24 or later (unauthorized)
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
Service Info: Host: localhost; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 201.48 secondsThe target system appears to be a Windows host
UDP
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hepet]
└─$ sudo nmap -sU -Pn -top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-04 12:53 CET
Nmap scan report for 192.168.159.140
Host is up (0.025s latency).
Not shown: 991 closed udp ports (port-unreach)
PORT STATE SERVICE
123/udp open|filtered ntp
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
500/udp open|filtered isakmp
1900/udp open|filtered upnp
4500/udp open|filtered nat-t-ike
5050/udp open|filtered mmcc
5353/udp open|filtered zeroconf
5355/udp open|filtered llmnr
Nmap done: 1 IP address (1 host up) scanned in 767.62 seconds