Box Sniper dengan IP 10.10.10.151 dengan OS Windows *painful af OS Mari lakukan basic enumeration dengan nmap, hasil nmap menunjukkan
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-07 02:40 EST Nmap scan report for 10.10.10.151 Host is up (0.26s latency). Not shown: 996 filtered ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-server-header: Microsoft-IIS/10.0 |_http-title: Sniper Co. 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port OS fingerprint not ideal because: Missing a closed TCP port so results incomplete No OS matches for host Network Distance: 2 hops Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_clock-skew: 7h01m53s | smb2-security-mode: | 2.02: |_ Message signing enabled but not required | smb2-time: | date: 2020-03-07T14:43:14 |_ start_date: N/A TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 252.60 ms 10.10.14.1 2 254.10 ms 10.10.10.151 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 83.37 seconds |
Terdapat web service, mari kita coba cek Terdapat user login portal Setelah mencoba beberapa payload basic dan basic credentials, tidak ditemukan apa apa yang bisa digunakan Pada page services, dan setelah berpindah ke page […]