InfoSec LAB

Scrutiny_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/scrutiny]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Scanning ports like its my full-time job. Wait, it is.
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.219.91:22
Open 192.168.219.91:25
Open 192.168.219.91:80

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/scrutiny]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP --open
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-07 19:56 CEST
Nmap scan report for 192.168.219.91
Host is up (0.023s latency).
Not shown: 65531 filtered tcp ports (no-response), 1 closed tcp port (reset)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 62:36:1a:5c:d3:e3:7b:e1:70:f8:a3:b3:1c:4c:24:38 (RSA)
|   256 ee:25:fc:23:66:05:c0:c1:ec:47:c6:bb:00:c7:4f:53 (ECDSA)
|_  256 83:5c:51:ac:32:e5:3a:21:7c:f6:c2:cd:93:68:58:d8 (ED25519)
25/tcp open  smtp    Postfix smtpd
| ssl-cert: Subject: commonName=onlyrands.com
| Subject Alternative Name: DNS:onlyrands.com
| Not valid before: 2024-06-07T09:33:24
|_Not valid after:  2034-06-05T09:33:24
|_ssl-date: TLS randomness does not represent time
|_smtp-commands: onlyrands.com, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8, CHUNKING
80/tcp open  http    nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: OnlyRands
Service Info: Host:  onlyrands.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 173.62 seconds

The target system appears to be Ubuntu Domain name is revealed through SMTP server; ONLYRANDS.COM

The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/scrutiny]
└─$ sudo nmap -sU --top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-07 19:56 CEST
Nmap scan report for 192.168.219.91
Host is up (0.020s latency).
All 1000 scanned ports on 192.168.219.91 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
 
Nmap done: 1 IP address (1 host up) scanned in 21.82 seconds

Interactive Graph View

Backlinks