Date
Mar 15, 2025 → Mar 15, 2025
Tag
Nmap
User Enumeration
Service Enumeration
192.168.182.42
Nmap
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-15 03:39 EDT
Nmap scan report for 192.168.182.42
Host is up (0.051s latency).
Not shown: 65528 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
139/tcp open netbios-ssn
199/tcp open smux
445/tcp open microsoft-ds
60000/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 13.18 seconds
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-15 03:39 EDT
Nmap scan report for 192.168.182.42
Host is up, received user-set (0.049s latency).
Not shown: 54 closed udp ports (port-unreach), 44 open|filtered udp ports (no-response)
PORT STATE SERVICE REASON
137/udp open netbios-ns udp-response ttl 61
161/udp open snmp udp-response ttl 61
80
seems like binary
01101001 01100110 01111001 01101111 01110101 01100100 01101111 01101110 01110100 01110000 01110111 01101110 01101101 01100101 01110101 01110010 01100001 01101110 00110000 0011 0000 01100010
25
Starting smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )
Scan Information
Mode ..................... VRFY
Worker Processes ......... 5
Target count ............. 1
Username count ........... 1
Target TCP port .......... 25
Query timeout ............ 5 secs
Target domain ............
######## Scan started at Sat Mar 15 03:44:41 2025 #########
192.168.182.42: root exists
######## Scan completed at Sat Mar 15 03:44:41 2025 #########
1 results.
1 queries in 1 seconds (1.0 queries / sec)
445/139
index: 0x1 RID: 0x3f2 acb: 0x00000011 Account: games Name: games Desc: (null)
index: 0x2 RID: 0x1f5 acb: 0x00000011 Account: nobody Name: nobody Desc: (null)
index: 0x3 RID: 0x402 acb: 0x00000011 Account: proxy Name: proxy Desc: (null)
index: 0x4 RID: 0x42a acb: 0x00000011 Account: www-data Name: www-data Desc: (null)
index: 0x5 RID: 0x3e8 acb: 0x00000011 Account: root Name: root Desc: (null)
index: 0x6 RID: 0x3fa acb: 0x00000011 Account: news Name: news Desc: (null)
index: 0x7 RID: 0x3ec acb: 0x00000011 Account: bin Name: bin Desc: (null)
index: 0x8 RID: 0x3f8 acb: 0x00000011 Account: mail Name: mail Desc: (null)
index: 0x9 RID: 0x3ea acb: 0x00000011 Account: daemon Name: daemon Desc: (null)
index: 0xa RID: 0xbb8 acb: 0x00000011 Account: ryu Name: ryu,,, Desc: (null)
index: 0xb RID: 0x3f4 acb: 0x00000011 Account: man Name: man Desc: (null)
index: 0xc RID: 0x3f6 acb: 0x00000011 Account: lp Name: lp Desc: (null)
index: 0xd RID: 0x4b4 acb: 0x00000011 Account: Debian-exim Name: (null) Desc: (null)
index: 0xe RID: 0x43a acb: 0x00000011 Account: gnats Name: Gnats Bug-Reporting System (admin) Desc: (null)
index: 0xf RID: 0x42c acb: 0x00000011 Account: backup Name: backup Desc: (null)
index: 0x10 RID: 0x3ee acb: 0x00000011 Account: sys Name: sys Desc: (null)
index: 0x11 RID: 0x434 acb: 0x00000011 Account: list Name: Mailing List Manager Desc: (null)
index: 0x12 RID: 0x436 acb: 0x00000011 Account: irc Name: ircd Desc: (null)
index: 0x13 RID: 0x3f0 acb: 0x00000011 Account: sync Name: sync Desc: (null)
index: 0x14 RID: 0x3fc acb: 0x00000011 Account: uucp Name: uucp Desc: (null)
user:[games] rid:[0x3f2]
user:[nobody] rid:[0x1f5]
user:[proxy] rid:[0x402]
user:[www-data] rid:[0x42a]
user:[root] rid:[0x3e8]
user:[news] rid:[0x3fa]
user:[bin] rid:[0x3ec]
user:[mail] rid:[0x3f8]
user:[daemon] rid:[0x3ea]
user:[ryu] rid:[0xbb8]
user:[man] rid:[0x3f4]
user:[lp] rid:[0x3f6]
user:[Debian-exim] rid:[0x4b4]
user:[gnats] rid:[0x43a]
user:[backup] rid:[0x42c]
user:[sys] rid:[0x3ee]
user:[list] rid:[0x434]
user:[irc] rid:[0x436]
user:[sync] rid:[0x3f0]
user:[uucp] rid:[0x3fc]
================================( Share Enumeration on 192.168.182.42 )================================
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (0xbabe server (Samba 3.0.14a-Debian) brave pig)
ADMIN$ IPC IPC Service (0xbabe server (Samba 3.0.14a-Debian) brave pig)
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
0XBABE 0xbabe server (Samba 3.0.14a-Debian) brave pig
Workgroup Master
--------- -------
WORKGROUP 0XBABE
[+] Attempting to map shares on 192.168.182.42
[E] Can't understand response:
tree connect failed: NT_STATUS_WRONG_PASSWORD
//192.168.182.42/print$ Mapping: N/A Listing: N/A Writing: N/A
[E] Can't understand response:
NT_STATUS_NETWORK_ACCESS_DENIED listing \*
//192.168.182.42/IPC$ Mapping: N/A Listing: N/A Writing: N/A
[E] Can't understand response:
tree connect failed: NT_STATUS_WRONG_PASSWORD
//192.168.182.42/ADMIN$ Mapping: N/A Listing: N/A Writing: N/A
=================( Users on 192.168.182.42 via RID cycling (RIDS: 500-550,1000-1050) )=================
[I] Found new SID:
S-1-5-21-1974239401-1762029558-4115558683
[+] Enumerating users using SID S-1-5-21-1974239401-1762029558-4115558683 and logon username '', password ''
S-1-5-21-1974239401-1762029558-4115558683-500 0XBABE\Administrator (Local User)
S-1-5-21-1974239401-1762029558-4115558683-501 0XBABE\nobody (Local User)
S-1-5-21-1974239401-1762029558-4115558683-512 0XBABE\Domain Admins (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-513 0XBABE\Domain Users (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-514 0XBABE\Domain Guests (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1000 0XBABE\root (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1001 0XBABE\root (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1002 0XBABE\daemon (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1003 0XBABE\daemon (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1004 0XBABE\bin (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1005 0XBABE\bin (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1006 0XBABE\sys (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1007 0XBABE\sys (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1008 0XBABE\sync (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1009 0XBABE\adm (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1010 0XBABE\games (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1011 0XBABE\tty (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1012 0XBABE\man (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1013 0XBABE\disk (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1014 0XBABE\lp (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1015 0XBABE\lp (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1016 0XBABE\mail (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1017 0XBABE\mail (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1018 0XBABE\news (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1019 0XBABE\news (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1020 0XBABE\uucp (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1021 0XBABE\uucp (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1025 0XBABE\man (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1026 0XBABE\proxy (Local User)
S-1-5-21-1974239401-1762029558-4115558683-1027 0XBABE\proxy (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1031 0XBABE\kmem (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1041 0XBABE\dialout (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1043 0XBABE\fax (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1045 0XBABE\voice (Domain Group)
S-1-5-21-1974239401-1762029558-4115558683-1049 0XBABE\cdrom (Domain Group)
199
it is about cisco email security appliance, seems no a valuable information, but we can back if we find nothing
nmap -A -p 199 -vvv -oN nmap/port139 --min-rate 12000 $ip
看起来clamav是一个软件
看看是否有sploit可用
rb属于metasploit脚本,尝试使用其他的方法吧
