π Table of Contents
$ sudo rustscan -b 8192 -u 16384 -a 10.10.11.135 -- -sS -sV -sC -oN 10.10.11.135.$(basename $PWD).nmap.txt;
[sudo] password for gpsy:
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \\ | `| |
| .-. \\| {_} |.-._} } | | .-._} }\\ }/ /\\ \\| |\\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: <https://discord.gg/GFrQsGy> :
: <https://github.com/RustScan/RustScan> :
--------------------------------------
Real hackers hack time β
[~] The config file is expected to be at "/root/.rustscan.toml"
[~] Automatically increasing ulimit value to 16384.
Open 10.10.11.135:22
Open 10.10.11.135:80
[~] Starting Script(s)
[>] Script to be run Some("nmap -vvv -p {{port}} {{ip}}")
[~] Starting Nmap 7.92 ( <https://nmap.org> ) at 2022-01-02 10:26 PST
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 10:26
Completed NSE at 10:26, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 10:26
Completed NSE at 10:26, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 10:26
Completed NSE at 10:26, 0.00s elapsed
Initiating Ping Scan at 10:26
Scanning 10.10.11.135 [4 ports]
Completed Ping Scan at 10:26, 0.14s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:26
Completed Parallel DNS resolution of 1 host. at 10:26, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 10:26
Scanning 10.10.11.135 [2 ports]
Discovered open port 80/tcp on 10.10.11.135
Discovered open port 22/tcp on 10.10.11.135
Completed SYN Stealth Scan at 10:26, 0.18s elapsed (2 total ports)
Initiating Service scan at 10:26
Scanning 2 services on 10.10.11.135
Completed Service scan at 10:27, 6.16s elapsed (2 services on 1 host)
NSE: Script scanning 10.10.11.135.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 10:27
Completed NSE at 10:27, 2.54s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 10:27
Completed NSE at 10:27, 0.32s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 10:27
Completed NSE at 10:27, 0.00s elapsed
Nmap scan report for 10.10.11.135
Host is up, received echo-reply ttl 63 (0.080s latency).
Scanned at 2022-01-02 10:26:55 PST for 10s
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 d2:5c:40:d7:c9:fe:ff:a8:83:c3:6e:cd:60:11:d2:eb (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6ADzomquiIRtawuW9q7/zghf1hv0AAFkbO79vcQkoaUG41EKKUfWdZAvSuQs/SfWcqFybWcfjUPfEzAZJAGQvlTIhZ1JY2fNklRVXPHtn7pa4x8ilt8EnknGefh3ZmlLod+RX+E7tU9uS8TWxZjfsWESVoIxTKmr+6p0mgPP8i166cpQWjdCOev+G8SoI42Yx53uMyy8j1f9FVun/59iQPrRCm3GvriULO9g3inWJXrSR//vu5v9Z4QxLS2uTQPLhkRr6jF4ATcd3PQJeEBAoZMim61pvb2rkFPnNyvZ7IaJtXk8+DxCjGK2QYEh4825oxk+EaYKBc4cTcRYBjQ/Z
| 256 18:c9:f7:b9:27:36:a1:16:59:23:35:84:34:31:b3:ad (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFTFC/194Ys9zdque1QtiNUgm1zDmvwpZyygR3joLJHC6pRTZtHR6+HwgJHBYC7k7OI8A5qqimTcibJNTFfyfj4=
| 256 a2:2d:ee:db:4e:bf:f9:3f:8b:d4:cf:b4:12:d8:20:f2 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAdZXeQCf1/rM6H0MCDVQ9d+24wwNti/hzCsKjyIpvmG
80/tcp open http syn-ack ttl 63 Apache httpd 2.4.29 ((Ubuntu))
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-cookie-flags:
| /:
| PHPSESSID:
|_ httponly flag not set
|_http-server-header: Apache/2.4.29 (Ubuntu)
| http-title: Simple WebApp
|_Requested resource was ./login.php
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 10:27
Completed NSE at 10:27, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 10:27
Completed NSE at 10:27, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 10:27
Completed NSE at 10:27, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> .
Nmap done: 1 IP address (1 host up) scanned in 10.16 seconds
Raw packets sent: 6 (240B) | Rcvd: 3 (116B)
Ports | Service | Notes |
---|---|---|
22 | OpenSSH 7.6p1 | |
80 | Apache httpd 2.4.29 |
Letβs enumerate the webserver by running feroxbuster
.
$ feroxbuster -t 20 -o 10.10.11.135.ferox.txt -u <http://10.10.11.135> -x php --wordlist /usr/share/seclists/Discovery/Web-Content/common.txt
___ ___ __ __ __ __ __ ___
|__ |__ |__) |__) | / ` / \\ \\_/ | | \\ |__
| |___ | \\ | \\ | \\__, \\__/ / \\ | |__/ |___
by Ben "epi" Risher π€ ver: 2.4.0
ββββββββββββββββββββββββββββ¬ββββββββββββββββββββββ
π― Target Url β <http://10.10.11.135>
π Threads β 20
π Wordlist β /usr/share/seclists/Discovery/Web-Content/common.txt
π Status Codes β [200, 204, 301, 302, 307, 308, 401, 403, 405, 500]
π₯ Timeout (secs) β 7
𦑠User-Agent β feroxbuster/2.4.0
π Config File β /home/gpsy/.config/feroxbuster/ferox-config.toml
πΎ Output File β 10.10.11.135.ferox.txt
π² Extensions β [php]
π Recursion Depth β 4
π New Version Available β <https://github.com/epi052/feroxbuster/releases/latest>
ββββββββββββββββββββββββββββ΄ββββββββββββββββββββββ
π Press [ENTER] to use the Scan Cancel Menuβ’
ββββββββββββββββββββββββββββββββββββββββββββββββββ
403 9l 28w 277c <http://10.10.11.135/.hta>
403 9l 28w 277c <http://10.10.11.135/.htpasswd>
403 9l 28w 277c <http://10.10.11.135/.htaccess>
403 9l 28w 277c <http://10.10.11.135/.hta.php>
403 9l 28w 277c <http://10.10.11.135/.htaccess.php>
403 9l 28w 277c <http://10.10.11.135/.htpasswd.php>
301 9l 28w 310c <http://10.10.11.135/css>
403 9l 28w 277c <http://10.10.11.135/css/.hta>
403 9l 28w 277c <http://10.10.11.135/css/.htpasswd>
403 9l 28w 277c <http://10.10.11.135/css/.htaccess>
403 9l 28w 277c <http://10.10.11.135/css/.hta.php>
403 9l 28w 277c <http://10.10.11.135/css/.htpasswd.php>
403 9l 28w 277c <http://10.10.11.135/css/.htaccess.php>
200 115l 264w 3937c <http://10.10.11.135/footer.php>
302 0l 0w 0c <http://10.10.11.135/header.php>
301 9l 28w 313c <http://10.10.11.135/images>
200 0l 0w 0c <http://10.10.11.135/image.php>
302 0l 0w 0c <http://10.10.11.135/index.php>
403 9l 28w 277c <http://10.10.11.135/images/.hta>
403 9l 28w 277c <http://10.10.11.135/images/.htaccess>
403 9l 28w 277c <http://10.10.11.135/images/.htpasswd>
403 9l 28w 277c <http://10.10.11.135/images/.htpasswd.php>
403 9l 28w 277c <http://10.10.11.135/images/.hta.php>
403 9l 28w 277c <http://10.10.11.135/images/.htaccess.php>
301 9l 28w 309c <http://10.10.11.135/js>
403 9l 28w 277c <http://10.10.11.135/js/.htaccess>
403 9l 28w 277c <http://10.10.11.135/js/.htpasswd>
403 9l 28w 277c <http://10.10.11.135/js/.hta>
403 9l 28w 277c <http://10.10.11.135/js/.htaccess.php>
403 9l 28w 277c <http://10.10.11.135/js/.hta.php>
403 9l 28w 277c <http://10.10.11.135/js/.htpasswd.php>
200 177l 374w 5609c <http://10.10.11.135/login.php>
302 0l 0w 0c <http://10.10.11.135/logout.php>
302 0l 0w 0c <http://10.10.11.135/profile.php>
403 9l 28w 277c <http://10.10.11.135/server-status>
302 0l 0w 0c <http://10.10.11.135/upload.php>
301 9l 28w 321c <http://10.10.11.135/images/uploads>
403 9l 28w 277c <http://10.10.11.135/images/uploads/.hta>
403 9l 28w 277c <http://10.10.11.135/images/uploads/.htaccess>
403 9l 28w 277c <http://10.10.11.135/images/uploads/.htpasswd>
403 9l 28w 277c <http://10.10.11.135/images/uploads/.hta.php>
403 9l 28w 277c <http://10.10.11.135/images/uploads/.htpasswd.php>
403 9l 28w 277c <http://10.10.11.135/images/uploads/.htaccess.php>
[####################] - 1m 47020/47020 0s found:43 errors:4
[####################] - 43s 9404/9404 217/s <http://10.10.11.135>
[####################] - 39s 9404/9404 236/s <http://10.10.11.135/css>
[####################] - 39s 9404/9404 238/s <http://10.10.11.135/images>
[####################] - 39s 9404/9404 237/s <http://10.10.11.135/js>
[####################] - 38s 9404/9404 245/s <http://10.10.11.135/images/uploads>
ds