Use your baseline scanning skills to enumerate a secure network.
We use nmap for the initial scan to see any open ports on the machine using the syntax
nmap -sT -p- probe.thmThe IP of the machine was added into the /etc/hosts file to both resolve any DNS issues down the line and to simplify any scanning process as we don’t have to memorize the actual IP of the machine.
root@ip-10-10-37-41:~# nmap -sT -p- probe.thmStarting Nmap 7.60 ( <https://nmap.org> ) at 2024-01-12 17:54 GMT
Nmap scan report for probe.thm (10.10.52.47)
Host is up (0.00051s latency).
Not shown: 65527 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
1338/tcp open wmc-log-svc
1443/tcp open ies-lm
1883/tcp open mqtt
8000/tcp open http-alt
9007/tcp open ogs-client
MAC Address: 02:D9:95:FE:0A:27 (Unknown)Nmap done: 1 IP address (1 host up) scanned in 3.91 seconds
Now that we know which ports are open let’s start enumerating versions of each service with
nmap -sT -sC -sV -p- probe.thmroot@ip-10-10-37-41:~# nmap -sT -sC -sV -p- probe.thmStarting Nmap 7.60 ( <https://nmap.org> ) at 2024-01-12 17:59 GMT
Nmap scan report for probe.thm (10.10.52.47)
Host is up (0.00083s latency).
Not shown: 65527 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
80/tcp open http lighttpd 1.4.55
|_http-server-header: lighttpd/1.4.55
|_http-title: 403 Forbidden
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: 403 Forbidden
| ssl-cert: Subject: commonName=dev.probe.thm/organizationName=Tester/stateOrProvinceName=Some-State/countryName=US
| Not valid before: 2023-07-18T10:57:05
|_Not valid after: 2024-07-17T10:57:05
1338/tcp open ftp vsftpd 2.0.8 or later
1443/tcp open ssl/ssl Apache httpd (SSL-only mode)
| ssl-cert: Subject: commonName=dev.probe.thm/organizationName=Tester/stateOrProvinceName=Some-State/countryName=US
| Not valid before: 2023-07-18T10:57:05
|_Not valid after…