Scanning and Enumeration

Scanning

PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0)
80/tcp  open  http     Apache httpd 2.2.22 ((Ubuntu))
443/tcp open  ssl/http Apache httpd 2.2.22 ((Ubuntu))
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Things we need to ask ourselves. Is this system at the end of it's life? If it is we can check if it is vulnerable to heartbleed. In this case, this machine uses ubuntu precise which was last updated in 2014. We might be able to find if it is vulnerable to heartbleed. Since it is an older machine we can run a vulnerability script with the following command to check for vulnerabilities.

nmap --script vuln -oA vulnscan 10.10.10.79
confirmed vulnerable to heartbleed

We can also confirm thatvulnerable to heartbleed by running sslyze.

sslyze --heartbleed 10.10.10.79:443

Enumeration

Port 22

Potential command Execution

Port 80 and 443

Gobuster Scan

Found key

found hex code that converts to ssh private key
chmod 600, unfortunate no login

Last updated

Was this helpful?