Hijack

Enumeration

nmap -v -A -p- -Pn -sV hijack.thm -oN nmap

Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-13 12:36 EDT
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Initiating SYN Stealth Scan at 12:36
Scanning hijack.thm (10.10.119.217) [65535 ports]
Discovered open port 111/tcp on 10.10.119.217
Discovered open port 22/tcp on 10.10.119.217
Discovered open port 80/tcp on 10.10.119.217
Discovered open port 21/tcp on 10.10.119.217
Discovered open port 45869/tcp on 10.10.119.217
SYN Stealth Scan Timing: About 46.00% done; ETC: 12:37 (0:00:36 remaining)
Discovered open port 2049/tcp on 10.10.119.217
Discovered open port 42681/tcp on 10.10.119.217
Discovered open port 39023/tcp on 10.10.119.217
Discovered open port 56592/tcp on 10.10.119.217
Completed SYN Stealth Scan at 12:37, 83.61s elapsed (65535 total ports)
Initiating Service scan at 12:37
Scanning 9 services on hijack.thm (10.10.119.217)
Completed Service scan at 12:37, 11.57s elapsed (9 services on 1 host)
Initiating OS detection (try #1) against hijack.thm (10.10.119.217)
Initiating Traceroute at 12:37
Completed Traceroute at 12:37, 0.06s elapsed
Initiating Parallel DNS resolution of 1 host. at 12:37
Completed Parallel DNS resolution of 1 host. at 12:37, 0.01s elapsed
NSE: Script scanning 10.10.119.217.
Initiating NSE at 12:37
Completed NSE at 12:37, 3.60s elapsed
Initiating NSE at 12:37
Completed NSE at 12:38, 0.48s elapsed
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Nmap scan report for hijack.thm (10.10.119.217)
Host is up (0.061s latency).
Not shown: 65526 closed tcp ports (reset)
PORT      STATE SERVICE  VERSION
21/tcp    open  ftp      vsftpd 3.0.3
22/tcp    open  ssh      OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 94:ee:e5:23:de:79:6a:8d:63:f0:48:b8:62:d9:d7:ab (RSA)
|   256 42:e9:55:1b:d3:f2:04:b6:43:b2:56:a3:23:46:72:c7 (ECDSA)
|_  256 27:46:f6:54:44:98:43:2a:f0:59:ba:e3:b6:73:d3:90 (ED25519)
80/tcp    open  http     Apache httpd 2.4.18 ((Ubuntu))
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-title: Home
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
111/tcp   open  rpcbind  2-4 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100000  2,3,4        111/udp   rpcbind
|   100000  3,4          111/tcp6  rpcbind
|   100000  3,4          111/udp6  rpcbind
|   100003  2,3,4       2049/tcp   nfs
|   100003  2,3,4       2049/tcp6  nfs
|   100003  2,3,4       2049/udp   nfs
|   100003  2,3,4       2049/udp6  nfs
|   100005  1,2,3      38019/udp6  mountd
|   100005  1,2,3      46674/tcp6  mountd
|   100005  1,2,3      56592/tcp   mountd
|   100005  1,2,3      59470/udp   mountd
|   100021  1,3,4      32969/tcp6  nlockmgr
|   100021  1,3,4      39502/udp6  nlockmgr
|   100021  1,3,4      42681/tcp   nlockmgr
|   100021  1,3,4      46160/udp   nlockmgr
|   100227  2,3         2049/tcp   nfs_acl
|   100227  2,3         2049/tcp6  nfs_acl
|   100227  2,3         2049/udp   nfs_acl
|_  100227  2,3         2049/udp6  nfs_acl
2049/tcp  open  nfs      2-4 (RPC #100003)
39023/tcp open  mountd   1-3 (RPC #100005)
42681/tcp open  nlockmgr 1-4 (RPC #100021)
45869/tcp open  mountd   1-3 (RPC #100005)
56592/tcp open  mountd   1-3 (RPC #100005)
Device type: general purpose
Running: Linux 5.X
OS CPE: cpe:/o:linux:linux_kernel:5.4
OS details: Linux 5.4
Uptime guess: 0.001 days (since Wed Mar 13 12:36:57 2024)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 1720/tcp)
HOP RTT      ADDRESS
1   60.63 ms 10.8.0.1
2   61.26 ms hijack.thm (10.10.119.217)

NSE: Script Post-scanning.
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 100.91 seconds
           Raw packets sent: 69231 (3.047MB) | Rcvd: 69005 (2.761MB)

PreviousKitty NextSSTI

Last updated 1 year ago

Enumeration

nmap -v -A -p- -Pn -sV hijack.thm -oN nmap

Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-13 12:36 EDT
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Initiating NSE at 12:36
Completed NSE at 12:36, 0.00s elapsed
Initiating SYN Stealth Scan at 12:36
Scanning hijack.thm (10.10.119.217) [65535 ports]
Discovered open port 111/tcp on 10.10.119.217
Discovered open port 22/tcp on 10.10.119.217
Discovered open port 80/tcp on 10.10.119.217
Discovered open port 21/tcp on 10.10.119.217
Discovered open port 45869/tcp on 10.10.119.217
SYN Stealth Scan Timing: About 46.00% done; ETC: 12:37 (0:00:36 remaining)
Discovered open port 2049/tcp on 10.10.119.217
Discovered open port 42681/tcp on 10.10.119.217
Discovered open port 39023/tcp on 10.10.119.217
Discovered open port 56592/tcp on 10.10.119.217
Completed SYN Stealth Scan at 12:37, 83.61s elapsed (65535 total ports)
Initiating Service scan at 12:37
Scanning 9 services on hijack.thm (10.10.119.217)
Completed Service scan at 12:37, 11.57s elapsed (9 services on 1 host)
Initiating OS detection (try #1) against hijack.thm (10.10.119.217)
Initiating Traceroute at 12:37
Completed Traceroute at 12:37, 0.06s elapsed
Initiating Parallel DNS resolution of 1 host. at 12:37
Completed Parallel DNS resolution of 1 host. at 12:37, 0.01s elapsed
NSE: Script scanning 10.10.119.217.
Initiating NSE at 12:37
Completed NSE at 12:37, 3.60s elapsed
Initiating NSE at 12:37
Completed NSE at 12:38, 0.48s elapsed
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Nmap scan report for hijack.thm (10.10.119.217)
Host is up (0.061s latency).
Not shown: 65526 closed tcp ports (reset)
PORT      STATE SERVICE  VERSION
21/tcp    open  ftp      vsftpd 3.0.3
22/tcp    open  ssh      OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 94:ee:e5:23:de:79:6a:8d:63:f0:48:b8:62:d9:d7:ab (RSA)
|   256 42:e9:55:1b:d3:f2:04:b6:43:b2:56:a3:23:46:72:c7 (ECDSA)
|_  256 27:46:f6:54:44:98:43:2a:f0:59:ba:e3:b6:73:d3:90 (ED25519)
80/tcp    open  http     Apache httpd 2.4.18 ((Ubuntu))
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-title: Home
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.18 (Ubuntu)
111/tcp   open  rpcbind  2-4 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100000  2,3,4        111/udp   rpcbind
|   100000  3,4          111/tcp6  rpcbind
|   100000  3,4          111/udp6  rpcbind
|   100003  2,3,4       2049/tcp   nfs
|   100003  2,3,4       2049/tcp6  nfs
|   100003  2,3,4       2049/udp   nfs
|   100003  2,3,4       2049/udp6  nfs
|   100005  1,2,3      38019/udp6  mountd
|   100005  1,2,3      46674/tcp6  mountd
|   100005  1,2,3      56592/tcp   mountd
|   100005  1,2,3      59470/udp   mountd
|   100021  1,3,4      32969/tcp6  nlockmgr
|   100021  1,3,4      39502/udp6  nlockmgr
|   100021  1,3,4      42681/tcp   nlockmgr
|   100021  1,3,4      46160/udp   nlockmgr
|   100227  2,3         2049/tcp   nfs_acl
|   100227  2,3         2049/tcp6  nfs_acl
|   100227  2,3         2049/udp   nfs_acl
|_  100227  2,3         2049/udp6  nfs_acl
2049/tcp  open  nfs      2-4 (RPC #100003)
39023/tcp open  mountd   1-3 (RPC #100005)
42681/tcp open  nlockmgr 1-4 (RPC #100021)
45869/tcp open  mountd   1-3 (RPC #100005)
56592/tcp open  mountd   1-3 (RPC #100005)
Device type: general purpose
Running: Linux 5.X
OS CPE: cpe:/o:linux:linux_kernel:5.4
OS details: Linux 5.4
Uptime guess: 0.001 days (since Wed Mar 13 12:36:57 2024)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 1720/tcp)
HOP RTT      ADDRESS
1   60.63 ms 10.8.0.1
2   61.26 ms hijack.thm (10.10.119.217)

NSE: Script Post-scanning.
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Initiating NSE at 12:38
Completed NSE at 12:38, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 100.91 seconds
           Raw packets sent: 69231 (3.047MB) | Rcvd: 69005 (2.761MB)