Scribd
Upload
52 views13 pages

PT Final MTA Report

The document describes the results of an initial nmap scan of ports and OS identification on an IP address. Further scans identified open ports and services including FTP, HTTP, SMB and RDP. Credential harvesting using Responder captured the password of a user.

Uploaded by

danielda2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
52 views13 pages

PT Final MTA Report

The document describes the results of an initial nmap scan of ports and OS identification on an IP address. Further scans identified open ports and services including FTP, HTTP, SMB and RDP. Credential harvesting using Responder captured the password of a user.

Uploaded by

danielda2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

‫בוצע ‪ nmap‬ראשוני לכלל הפורטים תוך הימנעות מ‪ host discovery-‬לזיהוי המכונה‬

‫‪ ,nmap -Pn -p- 192.168.204.0/24‬ממצאים‪:‬‬

‫סריקה נוספת תוך שימוש ב ‪ sV‬למציאת גרסאות‪:‬‬


┌──(kali㉿kali)-[~]
└─$ nmap -p- -A -T4 192.168.204.147
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-20 04:16 EST
Stats: 0:01:17 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 47.06% done; ETC: 04:18 (0:00:41 remaining)
Stats: 0:01:20 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 47.06% done; ETC: 04:18 (0:00:44 remaining)
Nmap scan report for 192.168.204.147
Host is up (0.00057s latency).
Not shown: 65518 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
21/tcp open ftp FileZilla ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 alerts
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 classes
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 components
| -r--r--r-- 1 ftp ftp 0 Sep 12 2021 Conf.xml
| -r--r--r-- 1 ftp ftp 0 Sep 12 2021 config.txt
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 extensions
| -r--r--r-- 1 ftp ftp 1592 Nov 11 2015 index.php
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 installation
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 js
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 language
| drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 media
| -r--r--r-- 1 ftp ftp 0 Sep 12 2021 req.txt
| -r--r--r-- 1 ftp ftp 51 Sep 12 2021 robots.txt
|_drwxr-xr-x 1 ftp ftp 0 Sep 12 2021 templates
|_ftp-bounce: bounce working!
| ftp-syst:
|_ SYST: UNIX emulated by FileZilla
80/tcp open http Apache httpd 2.4.48 ((Win64) OpenSSL/1.1.1l PHP/8.0.10)
| http-title: Welcome to XAMPP
|_Requested resource was http://192.168.204.147/dashboard/
|_http-server-header: Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/8.0.10
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
443/tcp open ssl/http Apache httpd 2.4.48 ((Win64) OpenSSL/1.1.1l PHP/8.0.10)
|_ssl-date: TLS randomness does not represent time
| tls-alpn:
|_ http/1.1
|_http-server-header: Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/8.0.10
| http-title: Welcome to XAMPP
|_Requested resource was https://192.168.204.147/dashboard/
| ssl-cert: Subject: commonName=localhost
| Not valid before: 2009-11-10T23:48:47
|_Not valid after: 2019-11-08T23:48:47
445/tcp open microsoft-ds?
3306/tcp open mysql?
| fingerprint-strings:
| GenericLines, NULL:
|_ Host '192.168.204.146' is not allowed to connect to this MariaDB server
3389/tcp open ms-wbt-server Microsoft Terminal Services
|_ssl-date: 2024-02-20T09:19:42+00:00; 0s from scanner time.
| rdp-ntlm-info:
| Target_Name: DESKTOP-QDRJQO6
| NetBIOS_Domain_Name: DESKTOP-QDRJQO6
| NetBIOS_Computer_Name: DESKTOP-QDRJQO6
| DNS_Domain_Name: DESKTOP-QDRJQO6
| DNS_Computer_Name: DESKTOP-QDRJQO6
| Product_Version: 10.0.19041
|_ System_Time: 2024-02-20T09:19:28+00:00
| ssl-cert: Subject: commonName=DESKTOP-QDRJQO6
| Not valid before: 2024-02-19T08:09:05
|_Not valid after: 2024-08-20T08:09:05
5040/tcp open unknown
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49670/tcp open msrpc Microsoft Windows RPC
49672/tcp open msrpc Microsoft Windows RPC
1 service unrecognized despite returning data. If you know the service/version, please
submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3306-TCP:V=7.94SVN%I=7%D=2/20%Time=65D46E02%P=x86_64-pc-linux-gnu%r
SF:(NULL,4E,"J\0\0\x01\xffj\x04Host\x20'192\.168\.204\.146'\x20is\x20not\x
SF:20allowed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server")%r(Gener
SF:icLines,4E,"J\0\0\x01\xffj\x04Host\x20'192\.168\.204\.146'\x20is\x20not
SF:\x20allowed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

:‫ על מנת לזהות דפי אינטרנט נוספים בשרת ווב הפעיל‬gobuster-‫שימוש ב‬

FTP ‫עשינו שימוש בפרוטוקול‬


‫כניסה אנונימית ללא סיסמא‪:‬‬

‫שימוש בסיסמא שמצאנו כדי להיכנס למשתמש ‪:itsafe‬‬


‫יציאת סקריפט ‪ reverse shell‬והחלפה של קובץ ‪:invoke. Ps1‬‬

‫פתיחת מאזין בפורט ‪ 5555‬והתחברות למשתמש ‪:Moriel‬‬


‫שימוש ב‪ responder-‬לתפיסת ‪ HUSH‬הססימא של ‪Moriel‬‬
‫פקודת ‪ netview‬לגישה לשיתוף רשתי על מנת ש‪ responder‬יסניף את הסיסמא‪:‬‬

‫‪[SMB] NTLMv2-SSP Client : 10.100.102.45‬‬


[SMB] NTLMv2-SSP Username : DESKTOP-QDRJQO6\Moriel

[SMB] NTLMv2-SSP Hash :


Moriel::DESKTOP-QDRJQO6:f5ea9ed8a74a1c99:05B60EF61FE51393B4409BACF873F1C
E:010100000000000080D94EFC8F6CDA01998D1DD2BA38F03600000000020008005700
48005600450001001E00570049004E002D0045003900480056004F0034005900480051004
1004F0004003400570049004E002D0045003900480056004F00340059004800510041004F
002E0057004800560045002E004C004F00430041004C000300140057004800560045002E
004C004F00430041004C000500140057004800560045002E004C004F00430041004C0007
00080080D94EFC8F6CDA0106000400020000000800300030000000000000000000000000
200000B10B3B9E8F0C2452964173FDCEC2153CBA9084E9705FD17B3DDC0DE9513DD
21F0A001000000000000000000000000000000000000900240063006900660073002F0031
0030002E003100300030002E003100300032002E00320035000000000000000000
sdd4jg7gj4nd824874hfh4723fdh

You might also like