sudo nmap --min-rate 10000 -p- 10.10.194.143 [sudo] mikannse 的密码: Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-16 20:55 CST Warning: 10.10.194.143 giving up on port because retransmission cap hit (10). Nmap scan report for 10.10.194.143 Host is up (0.23s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http
sudo nmap -sT -sV -sC -O -p22,80 10.10.194.143 [sudo] mikannse 的密码: Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-16 20:56 CST Nmap scan report for 10.10.194.143 Host is up (0.23s latency).
PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 3e:79:78:08:93:31:d0:83:7f:e2:bc:b6:14:bf:5d:9b (RSA) | 256 3a:67:9f:af:7e:66:fa:e3:f8:c7:54:49:63:38:a2:93 (ECDSA) |_ 256 8c:ef:55:b0:23:73:2c:14:09:45:22:ac:84:cb:40:d2 (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-robots.txt: 1 disallowed entry |_/wp-admin/ |_http-generator: WordPress 5.3.2 |_http-title: Jack's Personal Site – Blog for Jacks writing adven... |_http-server-header: Apache/2.4.18 (Ubuntu) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: Linux 3.10 - 3.13 (96%), Linux 5.4 (95%), ASUS RT-N56U WAP (Linux 3.4) (95%), Linux 3.16 (95%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (93%), Sony Android TV (Android 5.0) (93%), Android 5.0 - 6.0.1 (Linux 3.4) (93%), Android 5.1 (93%) No exact OS matches for host (test conditions non-ideal). Network Distance: 2 hops Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
sudo nmap --script=vuln -p22,80 10.10.194.143 Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-16 20:56 CST Nmap scan report for 10.10.194.143 Host is up (0.23s latency).
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http | http-csrf: | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.194.143 | Found the following possible CSRF vulnerabilities: | | Path: http://10.10.194.143:80/ | Form id: search |_ Form action: http://jack.thm |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 |_ http://ha.ckers.org/slowloris/ | http-wordpress-users: | Username found: jack | Username found: wendy | Username found: danny |_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-users.limit' | http-enum: | /wp-login.php: Possible admin folder | /wp-json: Possible admin folder | /robots.txt: Robots file | /readme.html: Wordpress version: 2 | /: WordPress version: 5.3.2 | /wp-includes/images/rss.png: Wordpress version 2.2 found. | /wp-includes/js/jquery/suggest.js: Wordpress version 2.5 found. | /wp-includes/images/blank.gif: Wordpress version 2.6 found. | /wp-includes/js/comment-reply.js: Wordpress version 2.7 found. | /wp-login.php: Wordpress login page. | /wp-admin/upgrade.php: Wordpress login page. | /readme.html: Interesting, a readme. |_ /0/: Potentially interesting folder
Nmap done: 1 IP address (1 host up) scanned in 1006.43 seconds
