All Posts

Ping  and Nmap the target IP using sudo nmap -sC -sV {target IP} We find 3 open ports, port 22/tcp open running vsftpd, port 22/tcp open running OpenSSH, and port 80/tcp open running Apache httpd. In the Nmap scan we see that Anonymous FTP login is allowed on port 21, we can connect to it using ftp {target IP}  with the username anonymous  and the password anon123 Looking through the FTP server using dir , we find a file called backup.zip . We can download this file to our s

First ping  and Nmap the target IP using nmap -sC -sv {target IP} We find 2 open tcp ports, 22 running OpenSSH, and 80 running an Apache server, we’ll mainly be looking into port 80 or the web server. To begin looking into the web server, we’ll search the target IP in a browser  and find a web page for an automotive business After scrolling to the services section, we find some explanation that we need to login to gain access to their services. With this information, we can

Ping  and nmap the target IP using nmao -sC -sV {target IP} The main port we’ll be working with is port 1433/tcp open running Microsoft SQL server 2017. We can look more into this SMB using smbclient, specifically smbclient -N -L \\\\{target IP}\\ , where -N specifies no password, and -L specifies what services are available on a server. Looking at the shares available, only the backups share is available that doesn’t require an administrator level of permissions, so we’ll e

Ping  and Nmap the target Ip using sudo nmap -sC -Pn {target Ip}  where -Pn treats all hosts as online and skips the host discovery phase which is essentially a complex ping scan. This type of scan is often blocked by firewalls as it is a nonstandard connection request or scan attempt We find 3 open ports in the scan, port 135/tcp running msrpc, which is a remote procedure call (RPC) that supports communication between Windows applications. RPC is a low-level form of inter-p

Ping  and Nmap the target Ip using sudo nmap -sC -sV {target Ip} We find port 8080/tcp open running Jetty version 9.4.39.v20210325. Since it is an http server, we’ll search the target Ip  in our browser, but we’re given an error. This error is because we need to specify which port the service is running on as it isn’t running on port 80, to do this we’ll search http://{target Ip}:8080/ where we got the port number from the Nmap scan. We find a login page for a service calle

Ping  and Nmap the target Ip using sudo nmap -sC -sV {target Ip} We find 2 open tcp ports, port 21/tcp open running vsftp 3.0.3, and...

Ping  and Nmap the target Ip using nmap -sC -sV -v {target Ip} , where -v causes Nmap to print more information about the scan in...

Ping  and Nmap the server using sudo nmap -sC -sV {target Ip} We see port 80/tcp open running an http server. We also see a line...

First ping  and Nmap the target Ip using sudo nmap -sV {target Ip} We find port 22/tcp open, and port 80/tcp open running a web server....

Ping  and Nmap the target Ip using nmap -p- --min-rate 1000 -sV {target Ip} We find port 80/tcp open running an Apache web server, and...

Ping  and Nmap the target Ip using sudo nmap -sC -sV {target Ip} We find port 21/tcp open FTP server, and port 80/tcp open http server...

Ping  and Nmap the target Ip using sudo nmap -sC -sV {target Ip} We find port 3306/tcp open running MySQL 5.5.5-10.3.27-MariaDB0+deb10u1...

We start by running ping  and nmap  using sudo nmap -sC -sV {target Ip}  where -sC preforms a script scan using the default set of...

Ping  and nmap target Ip, sudo nmap -p- --min-rate=1000 -sV {target Ip} After running the nmap, we find port 873/tcp open rsync, which...

Ping  and nmap target Ip, this time using sudo nmap -p- --minrate-1000 -sV {target Ip} , we know -p- means to scan all 65,535 tcp ports...

Ping  and nmap the target Ip using sudo nmap -sV {target Ip} We find port 80/tcp open http nginx 1.14.2, suggesting the target may be...

Ping  and nmap target Ip using sudo nmap -sV {target Ip} We find a couple open ports, with port 3389/tcp open being the most...

Ping  and nmap target Ip, this time we’ll use nmap -p- -sV {target Ip}  to scan all 65,535 tcp ports instead of just the most popular...

Ping {target Ip} , sudo nmap -sV {target Ip} We find port 445/tcp open, port 445 is typically SMB (server message block) which is a...

Ping {target Ip}  Verify connection, wait for 4 successful replies, Ctrl + C to cancel Sudo nmap -sV {target Ip}  Port 21/tcp open ftp...