Open3
Try Hackme Hummer
kenryonmap
┌──(kali㉿kali)-[~]
└─$ nmap -sV --min-rate 5000 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-04-19 19:47 JST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.10 seconds
pingでの確認なしオプションで取得できた
┌──(kali㉿kali)-[~]
└─$ nmap -P0 -sV -p- --min-rate 5000 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-04-19 19:49 JST
Warning: 10.10.161.226 giving up on port because retransmission cap hit (10).
Nmap scan report for 10.10.161.226
Host is up (0.25s latency).
Not shown: 48756 filtered tcp ports (no-response), 16778 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 148.48 seconds
↑だととっかかりにならないので再度nmap。怪しいポートが開いていた。
┌──(kali㉿kali)-[~]
└─$ sudo nmap -sV -p- --min-rate 5000 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-04-19 20:04 JST
Nmap scan report for 10.10.161.226
Host is up (0.24s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
1337/tcp open waste?
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 39.44 seconds
アクセスするとログイン画面が表示された。
kenryogobuster
┌──(kali㉿kali)-[~]
└─$ gobuster dir -u http://$IP:1337 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50 -q
/javascript (Status: 301) [Size: 324] [--> http://10.10.41.105:1337/javascript/]
/vendor (Status: 301) [Size: 320] [--> http://10.10.41.105:1337/vendor/]
/phpmyadmin (Status: 301) [Size: 324] [--> http://10.10.41.105:1337/phpmyadmin/]
/server-status (Status: 403) [Size: 279]