Skip to content

Instantly share code, notes, and snippets.

@rewanthtammana

rewanthtammana/gist:78b9078bc7f66069d5769ef98ae2bc56

Created October 22, 2017 10:11
Show Gist options
  • Save rewanthtammana/78b9078bc7f66069d5769ef98ae2bc56 to your computer and use it in GitHub Desktop.
Save rewanthtammana/78b9078bc7f66069d5769ef98ae2bc56 to your computer and use it in GitHub Desktop.
Download ZIP
blackbox_pentesting
Raw
gistfile1.txt
PORT STATE SERVICE REASON VERSION
21/tcp open ftp syn-ack ttl 128 FileZilla ftpd
| ftp-syst:
|_ SYST: UNIX emulated by FileZilla
| ssl-date:
|_ ERROR: Unable to obtain data from the target
53/tcp open domain syn-ack ttl 128 Microsoft DNS
80/tcp open http syn-ack ttl 128 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
135/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
139/tcp open netbios-ssn syn-ack ttl 128 Microsoft Windows netbios-ssn
445/tcp open microsoft-ds syn-ack ttl 128 Windows Server 2012 R2 Standard 9600 microsoft-ds (workgroup: WORKGROUP)
514/tcp filtered shell no-response
1075/tcp filtered rdrmshc no-response
1311/tcp open ssl/http syn-ack ttl 128 Apache Tomcat/Coyote JSP engine 1.1
| http-cisco-anyconnect:
|_ ERROR: Not a Cisco ASA or unsupported version
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache-Coyote/1.1
|_http-title: OpenManage™
| ssl-cert: Subject: commonName=SOFTCHIMP/organizationName=Dell Inc/stateOrProvinceName=TX/countryName=US/organizationalUnitName=SA Enterprise Software Development/localityName=Round Rock
| Issuer: commonName=SOFTCHIMP/organizationName=Dell Inc/stateOrProvinceName=TX/countryName=US/organizationalUnitName=SA Enterprise Software Development/localityName=Round Rock
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2017-09-15T22:49:17
| Not valid after: 2019-09-15T22:49:17
| MD5: f548 09dd b7b8 dfc6 b2b8 7f1e 54f3 4f63
| SHA-1: c8f1 635e 3117 7cd8 da18 aac3 b2f4 6c73 bab3 fee8
| -----BEGIN CERTIFICATE-----
| MIIDrDCCApSgAwIBAgIJAIoEdsZZNC39MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
| VQQGEwJVUzELMAkGA1UECBMCVFgxEzARBgNVBAcTClJvdW5kIFJvY2sxKzApBgNV
| BAsTIlNBIEVudGVycHJpc2UgU29mdHdhcmUgRGV2ZWxvcG1lbnQxETAPBgNVBAoT
| CERlbGwgSW5jMRIwEAYDVQQDEwlTT0ZUQ0hJTVAwHhcNMTcwOTE1MjI0OTE3WhcN
| MTkwOTE1MjI0OTE3WjCBgzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMRMwEQYD
| VQQHEwpSb3VuZCBSb2NrMSswKQYDVQQLEyJTQSBFbnRlcnByaXNlIFNvZnR3YXJl
| IERldmVsb3BtZW50MREwDwYDVQQKEwhEZWxsIEluYzESMBAGA1UEAxMJU09GVENI
| SU1QMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjikm8sdSySX/9FRM
| hW4/uaSPY7XRj3jyTMFLx4gMLm0AVcyZEnBtG8uMD2yZt/0jEfUA7IOGpXNA8jaH
| 9RJZJe9eJwUKxWlWMFx5MAk7OV/6HCxy8UwqJY4uHvmKYSs3pf9CtO/piF+m/jSu
| VUsVzC82QfhHAxOyoPwutmZrlXws4JFDKGPfCMv3FRRqM3gdXagBi8WJq/sqjqIy
| 2h4UvWNrGQgScOxQAKnwtN54s6WCTrbm+ZyNH7bj5Qc1WyRNSFIkGFzELA+TIqUO
| cldo2XZClAIxCZEH3ti7Mnx9FO8U9kO0F9/tcyglqJIG9pXMSYvGLmdeVmQ2pBsm
| e3NTAQIDAQABoyEwHzAdBgNVHQ4EFgQUmJmHAQu8hD9Yifs881gJrMWLBfcwDQYJ
| KoZIhvcNAQELBQADggEBAHmh2Wmr3RU5of1SYpRpOhnQ2DoeogjohIetxn6JIl+y
| KRJEaHk1EB8WMjeBQ2pbyOc3CR5dH+KtR7CQ1C8dyZkUY/8EpAlfhg8QdbB8SmZn
| 55fz62rqzLJr46x60OpPXarFbQyE6zXLENtkr9N0V4kEJzjcAIRNe7ucU3keeDKt
| NN9qF8MgGqdLsDqJwyc8optdzprkkG6zlPXaGpe4E736HTiDkxRy+ILIa045ioA7
| Mn1LANuaCcGPjO6aH+tQiEbSI1/C5MsyQK911pxwT9iLc7LYj13mQjVCLf4YrshM
| 3QECZPxylUfYlXN1wusv6Q/funhVNTHkkfgIkNAb2Os=
|_-----END CERTIFICATE-----
|_ssl-date: 2017-10-22T06:58:01+00:00; 0s from scanner time.
1433/tcp open ms-sql-s syn-ack ttl 128 Microsoft SQL Server 2012 11.00.6020.00; SP3
| ms-sql-ntlm-info:
| Target_Name: SOFTCHIMP
| NetBIOS_Domain_Name: SOFTCHIMP
| NetBIOS_Computer_Name: SOFTCHIMP
| DNS_Domain_Name: SOFTCHIMP
| DNS_Computer_Name: SOFTCHIMP
|_ Product_Version: 6.3.9600
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2017-10-20T17:13:52
| Not valid after: 2047-10-20T17:13:52
| MD5: e973 2bd5 2fd6 9909 84ca bdaa 8e51 3771
| SHA-1: 0be5 717d fc9e 87ca 6dd1 67cd 0b15 29dd e35a 91eb
| -----BEGIN CERTIFICATE-----
| MIIB+TCCAWKgAwIBAgIQGrYN4VfGhplDamxO+dLzdDANBgkqhkiG9w0BAQUFADA7
| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
| bABsAGIAYQBjAGswHhcNMTcxMDIwMTcxMzUyWhcNNDcxMDIwMTcxMzUyWjA7MTkw
| NwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEAbABs
| AGIAYQBjAGswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANX4TOgb2M9D9A35
| VMdcMFE+j5EsEOPOPeUXXnCyYKNT7PNSH9qvf0tvJsf1ti8bp4oNZESdaPHHW91u
| 1XSNdS3QqOelJxHqbqQ6o2d5acRO0igT5Lf5thzzfR4P0jt6LYxqJYNKO1GiNfu2
| xWxk4VkYBjQnfXSi6zqZfuqLrwvXAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAEqaW
| I+AjVKCWfWBBJmj8Dj8G7+1ikEnHN/zTPxjISWAZCPPWTrq+f0z5aEFBcvzCw7pi
| 2g0tbQFN+WZzVCJ86zU8Zxsnt+mBozmbR/shs0ey5phduWz9L7TnrAY8heutQwON
| zWebyVmjEYtc4PL5rxh9vYPboPje1KWjoZ1Gt7s=
|_-----END CERTIFICATE-----
|_ssl-date: 2017-10-22T06:58:02+00:00; 0s from scanner time.
2179/tcp open vmrdp? syn-ack ttl 128
2383/tcp open ms-olap4? syn-ack ttl 128
3306/tcp open mysql syn-ack ttl 128 MySQL 5.5.45
| mysql-info:
| Protocol: 10
| Version: 5.5.45
| Thread ID: 3424
| Capabilities flags: 63487
| Some Capabilities: SupportsLoadDataLocal, LongPassword, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolOld, SupportsCompression, ODBCClient, IgnoreSigpipes, LongColumnFlag, InteractiveClient, Speaks41ProtocolNew, Support41Auth, SupportsTransactions, DontAllowDatabaseTableColumn, ConnectWithDatabase, FoundRows, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
| Status: Autocommit
| Salt: -9wnB>PWC+Kw8Of2c"wU
|_ Auth Plugin Name: 79
5666/tcp open nrpe? syn-ack ttl 128
6792/tcp filtered unknown no-response
7007/tcp filtered afs3-bos no-response
38292/tcp filtered landesk-cba no-response
49152/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
49153/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
49154/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
49155/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
49156/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
49157/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
49158/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
49159/tcp open msrpc syn-ack ttl 128 Microsoft Windows RPC
Device type: general purpose
Running: Microsoft Windows XP|7|2012
OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012
OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012
TCP/IP fingerprint:
OS:SCAN(V=7.60%E=4%D=10/22%OT=21%CT=1%CU=%PV=N%DS=2%DC=T%G=N%TM=59EC4189%P=
OS:x86_64-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=109%TI=I%CI=RI%TS=U)OPS(O1=M5B4
OS:%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=
OS:FAF0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=N%TG=80%W=FAF0%O=M5B4%CC=N%Q=)T1(R=Y%DF=
OS:N%TG=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=N%TG=80%W=FAF0%S=O%A=S+%F
OS:=AS%O=M5B4%RD=0%Q=)T4(R=Y%DF=N%TG=80%W=7FFF%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=
OS:Y%DF=N%TG=80%W=FAF0%S=O%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%TG=80%W=7FFF%S=
OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: SOFTCHIMP; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: 0s, deviation: 0s, median: 0s
| ms-sql-info:
| 182.18.172.226:1433:
| Version:
| name: Microsoft SQL Server 2012 SP3
| number: 11.00.6020.00
| Product: Microsoft SQL Server 2012
| Service pack level: SP3
| Post-SP patches applied: false
|_ TCP port: 1433
| nbstat: NetBIOS name: SOFTCHIMP, NetBIOS user: <unknown>, NetBIOS MAC: bc:30:5b:e6:1c:70 (Dell)
| Names:
| WORKGROUP<00> Flags: <group><active>
| SOFTCHIMP<00> Flags: <unique><active>
| SOFTCHIMP<20> Flags: <unique><active>
| Statistics:
| bc 30 5b e6 1c 70 00 00 00 00 00 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|_ 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 17214/tcp): CLEAN (Couldn't connect)
| Check 2 (port 10829/tcp): CLEAN (Couldn't connect)
| Check 3 (port 18342/udp): CLEAN (Timeout)
| Check 4 (port 44850/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
| smb-os-discovery:
| OS: Windows Server 2012 R2 Standard 9600 (Windows Server 2012 R2 Standard 6.3)
| OS CPE: cpe:/o:microsoft:windows_server_2012::-
| Computer name: SOFTCHIMP
| NetBIOS computer name: SOFTCHIMP\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2017-10-22T12:28:01+05:30
| smb-security-mode:
| account_used: <blank>
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2017-10-22 02:58:01
|_ start_date: 2017-10-20 13:14:01
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 0.15 ms 192.168.146.1
2 0.19 ms static-182-18-172-226.ctrls.in (182.18.172.226)
Final times for host: srtt: 99258 rttvar: 181471 to: 825142
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 02:58
Completed NSE at 02:58, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 02:58
NSE: Starting clock-skew.
NSE: Finished clock-skew.
Completed NSE at 02:58, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-os-db nmap-payloads nmap-service-probes nmap-services.
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 510.32 seconds
Raw packets sent: 4413 (196.050KB) | Rcvd: 4384 (176.132KB)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment