Scanning and Enumeration

Scanning

nmap -sC -sV -oN sunday 10.10.10.76

The above command does the following:

• -sC: Default scripts

• -sV: Enumerate version

• -oN: output in nmap form

nmap -p- -oN full_sunny 10.10.10.76 --max-retries 0

nmap -sC -sV -p 79,111,22022,34745,63083 10.10.10.76

The above nmap scan is focused on only the ports we have discovered a total of 4 ports. Scanning the four ports, we were able to discover the following.

Enumeration

Port 79

In Unix, what is the finger command?

https://www.acunetix.com/vulnerabilities/web/finger-service-running/#:~:text=Description,information%20on%20a%20single%20user.www.acunetix.com

Checking for logged in users

kali@kali:~/HTB/sunny/nmap$ finger @10.10.10.76
No one logged on

Checking for root and admin

Looks like we have the user of root on the system

./finger-user-enum.pl -U /usr/share/seclists/Usernames/Names/names.txt -t 10.10.10.76

Note: You can install seclist with apt

Enumerating usernames we are able to find 2 more along with root.They are a lot more different from the other input that was displayed and it looks like the had access of some soret via 10.10.14.4