InfoSec LAB

BoilerCTF_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/archive/thm/boiler-ctf]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
To scan or not to scan? That is the question.
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 10.10.124.235:21
Open 10.10.124.235:80
Open 10.10.124.235:10000
Open 10.10.124.235:55007

Nmap

┌──(kali㉿kali)-[~/archive/thm/boiler-ctf]
└─$ nmap -sC -sV -p21,80,10000,55007 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-26 13:59 CEST
Nmap scan report for 10.10.124.235
Host is up (0.15s latency).
 
PORT      STATE SERVICE VERSION
21/tcp    open  ftp     vsftpd 3.0.3
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to ::ffff:10.9.1.194
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 1
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
80/tcp    open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
| http-robots.txt: 1 disallowed entry 
|_/
|_http-server-header: Apache/2.4.18 (Ubuntu)
10000/tcp open  http    MiniServ 1.930 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
55007/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 e3:ab:e1:39:2d:95:eb:13:55:16:d6:ce:8d:f9:11:e5 (RSA)
|   256 ae:de:f2:bb:b7:8a:00:70:20:74:56:76:25:c0:df:38 (ECDSA)
|_  256 25:25:83:f2:a7:75:8a:a0:46:b2:12:70:04:68:5c:cb (ED25519)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 37.71 seconds

The target system appears to be Ubuntu

UDP

┌──(kali㉿kali)-[~/archive/thm/boiler-ctf]
└─$ sudo nmap -Pn -sU -top-ports 1000 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-26 13:56 CEST
Nmap scan report for 10.10.124.235
Host is up (0.12s latency).
Not shown: 998 closed udp ports (port-unreach)
PORT      STATE         SERVICE
68/udp    open|filtered dhcpc
10000/udp open          ndmp
 
Nmap done: 1 IP address (1 host up) scanned in 1043.30 seconds

Interactive Graph View

Backlinks