InfoSec LAB

Nibbles_OffSec_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nibbles_offsec]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
RustScan: Where '404 Not Found' meets '200 OK'.
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.148.47:21
Open 192.168.148.47:22
Open 192.168.148.47:80
Open 192.168.148.47:5437

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nibbles_offsec]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-01 12:14 CET
Nmap scan report for 192.168.148.47
Host is up (0.022s latency).
Not shown: 65529 filtered tcp ports (no-response)
PORT     STATE  SERVICE      VERSION
21/tcp   open   ftp          vsftpd 3.0.3
22/tcp   open   ssh          OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey: 
|   2048 10:62:1f:f5:22:de:29:d4:24:96:a7:66:c3:64:b7:10 (RSA)
|   256 c9:15:ff:cd:f3:97:ec:39:13:16:48:38:c5:58:d7:5f (ECDSA)
|_  256 90:7c:a3:44:73:b4:b4:4c:e3:9c:71:d1:87:ba:ca:7b (ED25519)
80/tcp   open   http         Apache httpd 2.4.38 ((Debian))
|_http-server-header: Apache/2.4.38 (Debian)
|_http-title: Enter a title, displayed at the top of the window.
5437/tcp open   postgresql   PostgreSQL DB 11.3 - 11.9
| ssl-cert: Subject: commonName=debian
| Subject Alternative Name: DNS:debian
| Not valid before: 2020-04-27T15:41:47
|_Not valid after:  2030-04-25T15:41:47
|_ssl-date: TLS randomness does not represent time
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 79.09 seconds

The target system appears to be Debian

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nibbles_offsec]
└─$ sudo nmap -Pn -sU --top-port 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-01 12:14 CET
Nmap scan report for 192.168.148.47
Host is up.
All 1000 scanned ports on 192.168.148.47 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
 
Nmap done: 1 IP address (1 host up) scanned in 201.39 seconds

Interactive Graph View

Backlinks