TYPICAL TCP PORT SCAN
{
root@kali:~# nmap victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-24 16:16 EDT
Nmap scan report for victim (10.10.10.137)
Host is up (0.034s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3000/tcp open ppp
8000/tcp open http-alt
Nmap done: 1 IP address (1 host up) scanned in 7.10 seconds
root@kali:~#
}//end TYPICAL TCP PORTSCAN
SERVICE SCAN ON PORT 21 (ftp)
{
root@kali:~# nmap -sV -p 21 victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-24 16:18 EDT
Nmap scan report for victim (10.10.10.137)
Host is up (0.034s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3+ (ext.1)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.88 seconds
}//end SERVICE SCAN ON PORT 21
FULL PORT SERVICE SCANnet
{
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3+ (ext.1)
22/tcp open ssh?
80/tcp open http Apache httpd 2.4.38 ((FreeBSD) PHP/7.3.3)
3000/tcp open http Node.js Express framework
8000/tcp open http-alt
}//end FULL PORT SERVICE SCAN
BOOTSTRAP VERSION #
{
Bootstrap v4.2.1 (https://getbootstrap.com/)victim.com/vendor/boostrap
ALSO RUNNING VERSION
Bootstrap v3.3.7 (http://getbootstrap.com) victim.com/css
THERE IS A POSSIBLE VUNERABILITY HERE
https://snyk.io/test/npm/bootstrap/3.3.7
}//end bootstrap version #
POSSIBLY IMPORTANT MAYBE DB PASS
{
FOUND IN 10.10.10.137/config.php
$dbHost = 'localhost'; $dbUsername = 'root'; $dbPassword = 'Zk6heYCyv6ZE9Xcg'; $db = "login"; $conn = new mysqli($dbHost, $dbUsername, $dbPassword,$db) or die("Connect failed: %s\n". $conn -> error);
}//END POTENTIALLY IMPORT DB PASS
AUTH TOKEN
{
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNTY0MDgxMjA1LCJleHAiOjE1NjQxNjc2MDV9.vOX08KXlkzYN__Kw6phyMiw4x6DhmLcNCKLe4Gvkrj8
}//END AUTH TOKEN
victim.com:3000/users
{
0
ID "1"
name "Admin"
Role "Superuser"
1
ID "2"
name "Derry"
Role "Web Admin"
2
ID "3"
name "Yuri"
Role "Beta Tester"
3
ID "4"
name "Dory"
Role "Supporter"
}//END USERS
POSSIBLE PASS in victim.com:3000/users/admin
{
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 45
ETag: W/"2d-6LfOUjcs63Zey9NM+wGG+B6F0ts"
Date: Thu, 25 Jul 2019 19:10:59 GMT
Connection: close
{"name":"Admin","password":"WX5b7)>/rp$U)FW"}
}//END ADMIN
VICTIM.COM:3000/USERS/DERRY
{
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 46
ETag: W/"2e-sgpTWo5Mzwc9YEHFtNldZwP3qII"
Date: Thu, 25 Jul 2019 19:15:18 GMT
Connection: close
{"name":"Derry","password": "rZ86wwLvx7jUxtch"}
}//END DERRY
VICTIM.COM:3000/USERS/DORY
{
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 44
ETag: W/"2c-QVJ354QI7/P9wWVh97w4YNw3O+g"
Date: Thu, 25 Jul 2019 19:17:59 GMT
Connection: close
{"name":"Dory","password":" D "}
}//end DORY
VICTIM.COM:3000/users/Yuri
{
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 41
ETag: W/"29-mSBdfTKaglwQWJ9faJ1HRSb6D30"
Date: Thu, 25 Jul 2019 19:18:41 GMT
Connection: close
{"name":"Yuri","password":"bet@tester87"}
}//end YURI
CONFIRMED AJENTI LOGIN CREDS AJENTI PASS
{
USER: root
PASS: KpMasng6S5EtTy9Z
}