Date
Mar 11, 2025 → Mar 11, 2025
Tag
Nmap
Network Scanning
Linux
192.168.160.62
Nmap

Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-11 10:28 EDT
Nmap scan report for 192.168.160.62
Host is up (0.057s latency).
Not shown: 65529 filtered tcp ports (no-response)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
4505/tcp open unknown
4506/tcp open unknown
8000/tcp open http-alt
Nmap done: 1 IP address (1 host up) scanned in 26.49 seconds
Nmap 7.94SVN scan initiated Tue Mar 11 10:29:15 2025 as: /usr/lib/nmap/nmap -p- -Pn -vv -sS -A -T 4 -oN nmap.txt 192.168.160.62 open
Nmap scan report for 192.168.160.62
Host is up, received user-set (0.057s latency).
Scanned at 2025-03-11 10:29:16 EDT for 177s
Not shown: 65529 filtered tcp ports (no-response)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 61 OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey:
| 2048 44:7d:1a:56:9b:68:ae:f5:3b:f6:38:17:73:16:5d:75 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZz8rKSxgnT5mqHeBPqGlXFj2JJdq21roV/2M8/+0F5/5D1XsaXmbktDpKILFdBcYnLtPxWstxPq+FTbWAJad2uk3BPYWRxidK2dOozE5rKLCyxtkEqs/lO09pM6VKQUi83y5wMwI+9Akkir0AMruuFUSpeCIBt/L98g8OYxzyTsylQATnPxJrrQOWGUQYAvX6jIs25n6d3rmbXk/crg1ZfAVFEHEeR9Y6Bjc2o5YWjMp3XbOZyC4yYseoM6eH2yCSDwu1DzPYrU6cNMfxBf863w1uyhiFk3eIb5jud3kfoxIq6t5JU2DXNhEd4rdXuuinZUSxWiCpHLZ1FCi4tkX5
| 256 1c:78:9d:83:81:52:f4:b0:1d:8e:32:03:cb:a6:18:93 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1gj1q7mOswnou9RvKwuX8S7WFBhz2NlaSIpYPQmM0I/vqb4T459PgJcMaJOE+WmPiMnDSFsyV3C6YszM754Hc=
| 256 08:c9:12:d9:7b:98:98:c8:b3:99:7a:19:82:2e:a3:ea (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzTSyInONbcDxdYULbDvI/HyrQm9m9M5b6Z825jnBEF
53/tcp open domain syn-ack ttl 61 NLnet Labs NSD
80/tcp open http syn-ack ttl 61 nginx 1.16.1
|http-server-header: nginx/1.16.1
| http-methods:
| Supported Methods: HEAD
4505/tcp open zmtp syn-ack ttl 61 ZeroMQ ZMTP 2.0
4506/tcp open zmtp syn-ack ttl 61 ZeroMQ ZMTP 2.0
8000/tcp open http syn-ack ttl 61 nginx 1.16.1
|http-open-proxy: Proxy might be redirecting requests
| http-methods:
| Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.16.1
|_http-title: Site doesn't have a title (application/json).
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|storage-misc
Running (JUST GUESSING): Linux 3.X|4.X|5.X (91%), Crestron 2-Series (86%), HP embedded (85%), Oracle VM Server 3.X (85%)
OS CPE: cpe:/o:linux:linux_kernel:3.13 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5.1 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3 cpe:/o:oracle:vm_server:3.4.2 cpe:/o:linux:linux_kernel:4.1
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
Aggressive OS guesses: Linux 3.13 (91%), Linux 3.10 - 4.11 (90%), Linux 3.2 - 4.9 (90%), Linux 5.1 (90%), Linux 3.18 (87%), Crestron XPanel control system (86%), Linux 3.16 (86%), HP P2000 G3 NAS device (85%), Oracle VM Server 3.4.2 (Linux 4.1) (85%), Linux 4.4 (85%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=7.94SVN%E=4%D=3/11%OT=22%CT=%CU=%PV=Y%DS=4%DC=T%G=N%TM=67D0496D%P=x86_64-pc-linux-gnu)
SEQ(SP=106%GCD=1%ISR=10D%TI=Z%II=I%TS=A)
OPS(O1=M578ST11NW7%O2=M578ST11NW7%O3=M578NNT11NW7%O4=M578ST11NW7%O5=M578ST11NW7%O6=M578ST11)
WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
ECN(R=Y%DF=Y%TG=40%W=7210%O=M578NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
U1(R=N)
IE(R=Y%DFI=N%TG=40%CD=S)
Uptime guess: 0.005 days (since Tue Mar 11 10:25:15 2025)
Network Distance: 4 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 22/tcp)
HOP RTT ADDRESS
1 54.37 ms 192.168.45.1
2 54.32 ms 192.168.45.254
3 54.44 ms 192.168.251.1
4 54.45 ms 192.168.160.62
80

cant access
dirb

8000

got this, search in internet


it is call salt-sapi, let search if any vulner

No
we found that actually it is SaltStack service, so let try last one


use the arguments try run the POC

seems cant not

worked

cant run command

python error
192.168.59.62
我的虚拟机有问题

got it
replace the passwd file and upload it and try login in


thought the script display error, but we still get it in

