search

WDavid404 / PG-Box

PG box workthough note
0 stars 0 forks source link

Hepet (Intermediate, Windows, 2021) -- Not finish #52

Open WDavid404 opened 3 months ago

WDavid404 commented 3 months ago 
PORT      STATE    SERVICE        REASON          VERSION
25/tcp    open     smtp           syn-ack ttl 125 Mercury/32 smtpd (Mail server account Maiser)

79/tcp    open     finger         syn-ack ttl 125 Mercury/32 fingerd
| finger: Login: Admin         Name: Mail System Administrator\x0D
| \x0D
|_[No profile information]\x0D

105/tcp   open     ph-addressbook syn-ack ttl 125 Mercury/32 PH addressbook server
106/tcp   open     pop3pw         syn-ack ttl 125 Mercury/32 poppass service
110/tcp   open     pop3           syn-ack ttl 125 Mercury/32 pop3d
|_pop3-capabilities: TOP USER APOP EXPIRE(NEVER) UIDL

135/tcp   open     msrpc          syn-ack ttl 125 Microsoft Windows RPC
139/tcp   open     netbios-ssn    syn-ack ttl 125 Microsoft Windows netbios-ssn
143/tcp   open     imap           syn-ack ttl 125 Mercury/32 imapd 4.62
|_imap-capabilities: OK IMAP4rev1 X-MERCURY-1A0001 AUTH=PLAIN CAPABILITY complete
443/tcp   open     ssl/http       syn-ack ttl 125 Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1g PHP/7.3.23)
445/tcp   open     microsoft-ds?  syn-ack ttl 125

2224/tcp  open     http           syn-ack ttl 125 Mercury/32 httpd
|_http-title: Mercury HTTP Services
| http-methods: 
|_  Supported Methods: GET HEAD

3254/tcp  filtered pda-sys        no-response
3965/tcp  filtered ati-ip-to-ncpe no-response
5040/tcp  open     unknown        syn-ack ttl 125

8000/tcp  open     http           syn-ack ttl 125 Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1g PHP/7.3.23) ⭐ 
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.3.23
|_http-title: Time Travel Company Page 
| http-methods: 
|   Supported Methods: POST OPTIONS HEAD GET TRACE
|_  Potentially risky methods: TRACE

11100/tcp open     vnc            syn-ack ttl 125 VNC (protocol 3.8) ⭐ 
| vnc-info: 
|   Protocol version: 3.8
|   Security types: 
|_    Unknown security type (40)

20001/tcp open     ftp            syn-ack ttl 125 FileZilla ftpd 0.9.41 beta
|_ftp-bounce: bounce working!
| ftp-anon: Anonymous FTP login allowed (FTP code 230)   ⭐ 

33006/tcp open     unknown        syn-ack ttl 125
| fingerprint-strings: 
|_    Host '192.168.45.205' is not allowed to connect to this MariaDB server ⭐ 

49664/tcp open     msrpc          syn-ack ttl 125 Microsoft Windows RPC
49665/tcp open     msrpc          syn-ack ttl 125 Microsoft Windows RPC
49666/tcp open     msrpc          syn-ack ttl 125 Microsoft Windows RPC
49667/tcp open     msrpc          syn-ack ttl 125 Microsoft Windows RPC
49668/tcp open     msrpc          syn-ack ttl 125 Microsoft Windows RPC
49669/tcp open     msrpc          syn-ack ttl 125 Microsoft Windows RPC

Search exploit info for FileZilla ftpd 0.9.41 beta, VNC (protocol 3.8 --> no useful info

139/tcp --> no info

20001/tcp FTP --> ftp 192.168.198.140:20001 --> Failed.

.............