Sybaris
00 min
2025-3-27
Date
Mar 25, 2025 → Mar 25, 2025
Tag
Nmap
Network Scanning
Web Application Security

192.168.134.93

Nmap

└─# nmap -sT -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-25 03:56 EDT Nmap scan report for 192.168.134.93 Host is up (0.053s latency). Not shown: 65520 filtered tcp ports (no-response) PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp open ftp 22/tcp open ssh 53/tcp closed domain 80/tcp open http 6379/tcp open redis 10091/tcp closed unknown 10092/tcp closed unknown 10093/tcp closed unknown 10094/tcp closed unknown 10095/tcp closed unknown 10096/tcp closed unknown 10097/tcp closed unknown 10099/tcp closed unknown 10100/tcp closed itap-ddtp
Nmap done: 1 IP address (1 host up) scanned in 26.53 seconds
└─# nmap -sU -p- --min-rate 5000 $ip Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-25 03:56 EDT Nmap scan report for 192.168.134.93 Host is up (0.31s latency). All 65535 scanned ports on 192.168.134.93 are in ignored states. Not shown: 65535 open|filtered udp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 29.04 seconds
└─# nmap -Pn -n $ip -sC -sV -p- --open -oN nmap.txt Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-25 03:57 EDT Nmap scan report for 192.168.134.93 Host is up (0.065s latency). Not shown: 65519 filtered tcp ports (no-response), 12 closed tcp ports (reset) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.2 | ftp-syst: | STAT: | FTP server status: | Connected to 192.168.45.160 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 2 | vsFTPd 3.0.2 - secure, fast, stable |End of status | ftp-anon: Anonymous FTP login allowed (FTP code 230) |drwxrwxrwx 2 0 0 6 Apr 01 2020 pub [NSE: writeable] 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) | ssh-hostkey: | 2048 21:94:de:d3:69:64:a8:4d:a8:f0:b5:0a:ea:bd:02:ad (RSA) | 256 67:42:45:19:8b:f5:f9:a5:a4:cf:fb:87:48:a2:66:d0 (ECDSA) | 256 f3:e2:29:a3:41:1e:76:1e:b1:b7:46:dc:0b:b9:91:77 (ED25519) 80/tcp open http? | http-robots.txt: 11 disallowed entries | /config/ /system/ /themes/ /vendor/ /cache/ | /changelog.txt /composer.json /composer.lock /composer.phar /search/ |/admin/ 6379/tcp open redis Redis key-value store 5.0.9 Service Info: OS: Unix
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 336.47 seconds

21

notion image
nothing found
notion image
found some password we can used
notion image
also nothing

80

notion image
found a login page
notion image
admin:admin fail login
notion image
nothing useful
notion image

6379

notion image
we can know the target machine redis version is 5.0.9, so we can try this script
we need to compile exp.so and import to redis
notion image
we can login it
notion image
add our id into their authorized_keys then we can login without password
got in to it
forget noted down……
 
上一篇
HB
下一篇
AZ-900