InfoSec LAB

Mantis_OffSec_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/mantis_offsec]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
TCP handshake? More like a friendly high-five!
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.135.204:80
Open 192.168.135.204:3306

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/mantis_offsec]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP --open
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-10 19:18 CEST
Nmap scan report for 192.168.135.204
Host is up (0.025s latency).
Not shown: 65533 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE VERSION
80/tcp   open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Slick - Bootstrap 4 Template
3306/tcp open  mysql   MariaDB 5.5.5-10.3.34
| mysql-info: 
|   Protocol: 10
|   Version: 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1
|   Thread ID: 28
|   Capabilities flags: 63486
|   Some Capabilities: Support41Auth, DontAllowDatabaseTableColumn, Speaks41ProtocolNew, SupportsTransactions, ODBCClient, InteractiveClient, Speaks41ProtocolOld, SupportsCompression, LongColumnFlag, IgnoreSpaceBeforeParenthesis, SupportsLoadDataLocal, IgnoreSigpipes, ConnectWithDatabase, FoundRows, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
|   Status: Autocommit
|   Salt: gc92.2Nt{/rrh1\Y,nh>
|_  Auth Plugin Name: mysql_native_password
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 107.08 seconds

The target system appears to be Ubuntu

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/mantis_offsec]
└─$ sudo nmap -sU --top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-10 19:18 CEST
Nmap scan report for 192.168.135.204
Host is up (0.021s latency).
All 1000 scanned ports on 192.168.135.204 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
 
Nmap done: 1 IP address (1 host up) scanned in 22.78 seconds

Interactive Graph View

Backlinks