InfoSec LAB

vmdak_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/vmdak]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
To scan or not to scan? That is the question.
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.125.103:21
Open 192.168.125.103:22
Open 192.168.125.103:80
Open 192.168.125.103:9443

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/vmdak]
└─$ nmap -p- -sC -sV -T5 --min-parallelism 100 --max-parallelism 256 $IP --open
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-09 19:22 CEST
Nmap scan report for 192.168.125.103
Host is up (0.045s latency).
Not shown: 64407 closed tcp ports (reset), 1124 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE  VERSION
21/tcp   open  ftp      vsftpd 3.0.5
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0            1752 Sep 19  2024 config.xml
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to 192.168.45.157
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 3
|      vsFTPd 3.0.5 - secure, fast, stable
|_End of status
22/tcp   open  ssh      OpenSSH 9.6p1 Ubuntu 3ubuntu13.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 76:18:f1:19:6b:29:db:da:3d:f6:7b:ab:f4:b5:63:e0 (ECDSA)
|_  256 cb:d8:d6:ef:82:77:8a:25:32:08:dd:91:96:8d:ab:7d (ED25519)
80/tcp   open  http     Apache httpd 2.4.58 ((Ubuntu))
|_http-server-header: Apache/2.4.58 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
9443/tcp open  ssl/http Apache httpd 2.4.58 ((Ubuntu))
|_http-server-header: Apache/2.4.58 (Ubuntu)
|_http-title:  Home - Prison Management System
| ssl-cert: Subject: commonName=vmdak.local/organizationName=PrisonManagement/stateOrProvinceName=California/countryName=US
| Subject Alternative Name: DNS:vmdak.local
| Not valid before: 2024-08-20T09:21:33
|_Not valid after:  2025-08-20T09:21:33
|_ssl-date: TLS randomness does not represent time
| tls-alpn: 
|_  http/1.1
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 47.60 seconds

The target system appears to be Ubuntu The domain information has been revealed; vmdak.local

The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/vmdak]
└─$ sudo nmap -sU --top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-09 19:22 CEST
Nmap scan report for 192.168.125.103
Host is up (0.031s latency).
All 1000 scanned ports on 192.168.125.103 are in ignored states.
Not shown: 1000 closed udp ports (port-unreach)
 
Nmap done: 1 IP address (1 host up) scanned in 1092.39 seconds

Interactive Graph View

Backlinks