InfoSec LAB

Nukem_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nukem]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
RustScan: Because guessing isn't hacking.
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.113.105:22
Open 192.168.113.105:80
Open 192.168.113.105:3306
Open 192.168.113.105:5000
Open 192.168.113.105:13000
Open 192.168.113.105:36445

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nukem]
└─$ nmap -p- -T5 --min-parallelism 100 --max-parallelism 256 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-10 14:57 CET
Nmap scan report for 192.168.113.105
Host is up (0.027s latency).
Not shown: 65529 filtered tcp ports (no-response)
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
3306/tcp  open  mysql
5000/tcp  open  upnp
13000/tcp open  unknown
36445/tcp open  unknown
 
Nmap done: 1 IP address (1 host up) scanned in 57.82 seconds
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nukem]
└─$ nmap -Pn -sC -sV -p22,80,3306,5000,13000,36445 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-10 14:59 CET
Nmap scan report for 192.168.113.105
Host is up (0.025s latency).
 
PORT      STATE SERVICE     VERSION
22/tcp    open  ssh         OpenSSH 8.3 (protocol 2.0)
| ssh-hostkey: 
|   3072 3e:6a:f5:d3:30:08:7a:ec:38:28:a0:88:4d:75:da:19 (RSA)
|   256 43:3b:b5:bf:93:86:68:e9:d5:75:9c:7d:26:94:55:81 (ECDSA)
|_  256 e3:f7:1c:ae:cd:91:c1:28:a3:3a:5b:f6:3e:da:3f:58 (ED25519)
80/tcp    open  http        Apache httpd 2.4.46 ((Unix) PHP/7.4.10)
|_http-generator: WordPress 5.5.1
|_http-title: Retro Gamming – Just another WordPress site
|_http-server-header: Apache/2.4.46 (Unix) PHP/7.4.10
3306/tcp  open  mysql       MariaDB 10.3.24 or later (unauthorized)
5000/tcp  open  http        Werkzeug httpd 1.0.1 (Python 3.8.5)
|_http-title: 404 Not Found
|_http-server-header: Werkzeug/1.0.1 Python/3.8.5
13000/tcp open  http        nginx 1.18.0
|_http-title: Login V14
|_http-server-header: nginx/1.18.0
36445/tcp open  netbios-ssn Samba smbd 4
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 59.72 seconds

The target system appears to be a UNIX/Linux host

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nukem]
└─$ sudo nmap -sU -Pn -top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-10 14:56 CET
Nmap scan report for 192.168.113.105
Host is up.
All 1000 scanned ports on 192.168.113.105 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
 
Nmap done: 1 IP address (1 host up) scanned in 201.39 seconds

Interactive Graph View

Backlinks