sudo nmap --min-rate 10000 -p- 10.10.254.128 Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-03 14:59 UTC Nmap scan report for 10.10.254.128 Host is up (0.23s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 10.45 seconds
sudo nmap -sT -sV -sC -O -p22,25,80 10.10.254.128 Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-03 15:00 UTC Nmap scan report for 10.10.254.128 Host is up (0.23s latency).
PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 a1:3c:d7:e9:d0:85:40:33:d5:07:16:32:08:63:31:05 (RSA) | 256 24:81:0c:3a:91:55:a0:65:9e:36:58:71:51:13:6c:34 (ECDSA) |_ 256 c2:94:2b:0d:8e:a9:53:f6:ef:34:db:f1:43:6c:c1:7e (ED25519) 25/tcp open smtp Postfix smtpd |_ssl-date: TLS randomness does not represent time | ssl-cert: Subject: commonName=uranium | Subject Alternative Name: DNS:uranium | Not valid before: 2021-04-09T21:40:53 |_Not valid after: 2031-04-07T21:40:53 |_smtp-commands: uranium, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Uranium Coin Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (95%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 3.10 (93%), Adtran 424RG FTTH gateway (92%), Linux 5.4 (92%), Asus RT-N10 router or AXIS 211A Network Camera (Linux 2.6) (91%), Linux 2.6.18 (91%) No exact OS matches for host (test conditions non-ideal). Network Distance: 2 hops Service Info: Host: uranium; OS: Linux; CPE: cpe:/o:linux:linux_kernel
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 28.70 seconds
sudo nmap --script=vuln -p22,25,80 10.10.254.128 [sudo] mikannse 的密码: Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-03 15:01 UTC Nmap scan report for 10.10.254.128 Host is up (0.23s latency).
PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp | smtp-vuln-cve2010-4344: |_ The SMTP server is not Exim: NOT VULNERABLE | ssl-dh-params: | VULNERABLE: | Anonymous Diffie-Hellman Key Exchange MitM Vulnerability | State: VULNERABLE | Transport Layer Security (TLS) services that use anonymous | Diffie-Hellman key exchange only provide protection against passive | eavesdropping, and are vulnerable to active man-in-the-middle attacks | which could completely compromise the confidentiality and integrity | of any data exchanged over the resulting session. | Check results: | ANONYMOUS DH GROUP 1 | Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA | Modulus Type: Safe prime | Modulus Source: Unknown/Custom-generated | Modulus Length: 2048 | Generator Length: 8 | Public Key Length: 2048 | References: |_ https://www.ietf.org/rfc/rfc2246.txt 80/tcp open http |_http-dombased-xss: Couldn't find any DOM based XSS. | http-internal-ip-disclosure: |_ Internal IP Leaked: 127.0.1.1 |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. | http-csrf: | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.254.128 | Found the following possible CSRF vulnerabilities: | | Path: http://10.10.254.128:80/ | Form id: demo-name |_ Form action: # | http-enum: | /README.txt: Interesting, a readme. |_ /images/: Potentially interesting directory w/ listing on 'apache/2.4.29 (ubuntu)'
Nmap done: 1 IP address (1 host up) scanned in 53.82 seconds
MBMD1vdpjg3kGv6SsIz56VNG Hi Kral4 Hi bro I forget my password, do you know my password ? Yes, wait a sec I'll send you. Oh , yes yes I remember. No need anymore. Ty.. Okay bro, take care !
