RustScan
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/payday]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog :
: https://github.com/RustScan/RustScan :
--------------------------------------
Port scanning: Because every port has a story to tell.
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.198.39:22
Open 192.168.198.39:80
Open 192.168.198.39:110
Open 192.168.198.39:139
Open 192.168.198.39:143
Open 192.168.198.39:445
Open 192.168.198.39:993
Open 192.168.198.39:995Nmap
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/payday]
└─$ nmap -T4 -sT -p- $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-08 21:07 CET
Nmap scan report for 192.168.198.39
Host is up (0.019s latency).
Not shown: 65527 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
110/tcp open pop3
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
993/tcp open imaps
995/tcp open pop3s
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/payday]
└─$ nmap -T4 -sT -sC -sV -p- $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-08 21:08 CET
Nmap scan report for 192.168.198.39
Host is up (0.020s latency).
Not shown: 65509 closed tcp ports (conn-refused)
Host script results:
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
| ssh-hostkey:
| 1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
|_ 2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
|_http-server-header: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
|_http-title: CS-Cart. Powerful PHP shopping cart software
110/tcp open pop3 Dovecot pop3d
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
|_ssl-date: 2025-02-08T20:12:32+00:00; +5s from scanner time.
|_pop3-capabilities: PIPELINING SASL CAPA STLS RESP-CODES TOP UIDL
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_DES_192_EDE3_CBC_WITH_MD5
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
143/tcp open imap Dovecot imapd
|_ssl-date: 2025-02-08T20:12:32+00:00; +5s from scanner time.
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_DES_192_EDE3_CBC_WITH_MD5
|_imap-capabilities: MULTIAPPEND CHILDREN OK IDLE completed Capability SASL-IR LITERAL+ IMAP4rev1 UNSELECT STARTTLS THREAD=REFERENCES LOGINDISABLEDA0001 SORT LOGIN-REFERRALS NAMESPACE
445/tcp open netbios-ssn Samba smbd 3.0.26a (workgroup: MSHOME)
|_nbstat: NetBIOS name: PAYDAY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
|_clock-skew: mean: 50m05s, deviation: 2h02m28s, median: 4s
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)
| smb-os-discovery:
| OS: Unix (Samba 3.0.26a)
| Computer name: payday
| NetBIOS computer name:
| Domain name:
| FQDN: payday
|_ System time: 2025-02-08T15:12:27-05:00
993/tcp open ssl/imap Dovecot imapd
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
|_ssl-date: 2025-02-08T20:12:32+00:00; +5s from scanner time.
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_DES_192_EDE3_CBC_WITH_MD5
|_imap-capabilities: MULTIAPPEND CHILDREN OK IDLE AUTH=PLAINA0001 SASL-IR LITERAL+ IMAP4rev1 UNSELECT completed THREAD=REFERENCES Capability SORT LOGIN-REFERRALS NAMESPACE
995/tcp open ssl/pop3 Dovecot pop3d
| ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
| Not valid before: 2008-04-25T02:02:48
|_Not valid after: 2008-05-25T02:02:48
| sslv2:
| SSLv2 supported
| ciphers:
| SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
| SSL2_RC4_128_WITH_MD5
| SSL2_RC2_128_CBC_WITH_MD5
| SSL2_RC4_128_EXPORT40_WITH_MD5
|_ SSL2_DES_192_EDE3_CBC_WITH_MD5
|_pop3-capabilities: PIPELINING SASL(PLAIN) USER CAPA RESP-CODES TOP UIDL
|_ssl-date: 2025-02-08T20:12:32+00:00; +5s from scanner time.
1345/tcp filtered vpjp
3002/tcp filtered exlm-agent
12920/tcp filtered unknown
13029/tcp filtered unknown
19711/tcp filtered unknown
22019/tcp filtered unknown
26854/tcp filtered unknown
28094/tcp filtered unknown
31590/tcp filtered unknown
35035/tcp filtered unknown
40826/tcp filtered unknown
46617/tcp filtered unknown
49891/tcp filtered unknown
50130/tcp filtered unknown
53397/tcp filtered unknown
56949/tcp filtered unknown
61218/tcp filtered unknown
64163/tcp filtered unknown
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 241.39 secondsThe target system could not be identified at this time
UDP
─$ sudo nmap -sU -top-ports 1000 $IP
[sudo] password for kali:
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-02-08 21:07 CET
Nmap scan report for 192.168.198.39
Host is up (0.018s latency).
Not shown: 998 closed udp ports (port-unreach)
PORT STATE SERVICE
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
Nmap done: 1 IP address (1 host up) scanned in 1213.76 seconds