RustScan
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/uc404]
└─$ rustscan -a $IP
________________________________________
: http://discord.skerritt.blog :
: https://github.com/RustScan/RustScan :
--------------------------------------
Real hackers hack time ⌛
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 10000.
Open 192.168.125.109:22
Open 192.168.125.109:80
Open 192.168.125.109:111
Open 192.168.125.109:2049
Open 192.168.125.109:32873
Open 192.168.125.109:40129
Open 192.168.125.109:49749
Open 192.168.125.109:55767Nmap
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/uc404]
└─$ nmap -Pn -p- $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-23 15:40 CET
Nmap scan report for 192.168.125.109
Host is up (0.021s latency).
Not shown: 65527 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp open nfs
32873/tcp open unknown
40129/tcp open unknown
49749/tcp open unknown
55767/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 16.93 seconds
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/uc404]
└─$ nmap -Pn -sC -sV -p- $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-23 15:41 CET
Nmap scan report for 192.168.125.109
Host is up (0.023s latency).
Not shown: 65527 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 74:ba:20:23:89:92:62:02:9f:e7:3d:3b:83:d4:d9:6c (RSA)
| 256 54:8f:79:55:5a:b0:3a:69:5a:d5:72:39:64:fd:07:4e (ECDSA)
|_ 256 7f:5d:10:27:62:ba:75:e9:bc:c8:4f:e2:72:87:d4:e2 (ED25519)
80/tcp open http Apache httpd 2.4.38 ((Debian))
|_http-server-header: Apache/2.4.38 (Debian)
| http-git:
| 192.168.125.109:80/.git/
| Git repository found!
| Repository description: Unnamed repository; edit this file 'description' to name the...
| Remotes:
| https://github.com/ColorlibHQ/AdminLTE.git
|_ Project type: Ruby on Rails web application (guessed from .gitignore)
|_http-title: AdminLTE 3 | Dashboard
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100000 3,4 111/tcp6 rpcbind
| 100000 3,4 111/udp6 rpcbind
| 100003 3 2049/udp nfs
| 100003 3 2049/udp6 nfs
| 100003 3,4 2049/tcp nfs
| 100003 3,4 2049/tcp6 nfs
| 100005 1,2,3 47731/udp mountd
| 100005 1,2,3 50899/tcp6 mountd
| 100005 1,2,3 55767/tcp mountd
| 100005 1,2,3 59285/udp6 mountd
| 100021 1,3,4 40129/tcp nlockmgr
| 100021 1,3,4 40520/udp6 nlockmgr
| 100021 1,3,4 44545/tcp6 nlockmgr
| 100021 1,3,4 60304/udp nlockmgr
| 100227 3 2049/tcp nfs_acl
| 100227 3 2049/tcp6 nfs_acl
| 100227 3 2049/udp nfs_acl
|_ 100227 3 2049/udp6 nfs_acl
2049/tcp open nfs 3-4 (RPC #100003)
32873/tcp open mountd 1-3 (RPC #100005)
40129/tcp open nlockmgr 1-4 (RPC #100021)
49749/tcp open mountd 1-3 (RPC #100005)
55767/tcp open mountd 1-3 (RPC #100005)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.08 secondsThe target system appears to be Debian
UDP
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/uc404]
└─$ sudo nmap -sU -top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-23 15:43 CET
Nmap scan report for 192.168.125.109
Host is up (0.026s latency).
Not shown: 998 closed udp ports (port-unreach)
PORT STATE SERVICE
111/udp open rpcbind
2049/udp open nfs
Nmap done: 1 IP address (1 host up) scanned in 1006.34 seconds