Not shown: 65515 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 2f:0c:83:e2:7f:3b:32:f5:0a:7a:09:60:6e:5d:70:de (RSA) |_ 256 c7:e3:c7:1b:db:1e:b5:8f:5d:46:bc:52:af:fb:92:31 (ECDSA) 80/tcp open http nginx |http-favicon: Unknown favicon MD5: 338BC68699BE91158CF059FE4451B6A6 | http-methods: | Supported Methods: GET HEAD POST | http-robots.txt: 22 disallowed entries (15 shown) | /edit/ /answers/ /form-templates/ | /form-templates/static/ /uploads/ /grid/ /excel/ /admin/ /admn/ /opt/ /lib/ |/wizards/ /tests/ /ipns/ /min/ |_http-server-header: nginx |_http-title: Temporarily Unavailable 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 443/tcp open ssl/http nginx |http-server-header: nginx |_http-title: 502 Bad Gateway | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater ManchestecountryName=GB | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2016-09-08T00:00:00 | Not valid after: 2017-09-08T23:59:59 | MD5: b917 e845 d082 bf0b c812 3b1d ac1f 8270 |_SHA-1: ee03 560f 0ad9 6763 107d 88f4 fa14 cebe 6875 1205 |_ssl-date: TLS randomness does not represent time | tls-nextprotoneg: | http/1.1 445/tcp open netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP) 668/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 2f:0c:83:e2:7f:3b:32:f5:0a:7a:09:60:6e:5d:70:de (RSA) | 256 c7:e3:c7:1b:db:1e:b5:8f:5d:46:bc:52:af:fb:92:31 (ECDSA) 3306/tcp open mysql MySQL 5.7.18-0ubuntu0.16.04.1 | mysql-info: | Protocol: 53 | Version: .7.18-0ubuntu0.16.04.1 | Thread ID: 2394 | Capabilities flags: 63487 | Some Capabilities: LongPassword, Support41Auth, Speaks41ProtocolOld, SupportsTransactions, IgnoreSpaceBeforeParenthesis, LongColumnFlag, ODBCClient, FoundRows, ConnectWithDatabase, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, IgnoreSigpipes, Speaks41ProtocolNew, InteractiveClient, SupportsCompression | Status: Autocommit | Salt: F;]~
\n\x20\x20\x20\x20net SF:data\x20dashboard\n\x20\x20\x20\x20\n\n\x20\x20\x20\x20\n\x20\ SF:x20\x20\x20\n\x20\x20\x20\x20\n\x20\x20\x20 SF:\x20\n\x20\x20\x20\x20\n\x20\x20\x20\x20\n\x20\x SF:20\x20\x20\n SF:\n\x20\x20\x20\x20\x20, NetBIOS MAC: (unknown) | Names: | TR-DEV1<00> Flags: | TR-DEV1<03> Flags: | TR-DEV1<20> Flags: | \x01\x02MSBROWSE\x02<01> Flags: | WORKGROUP<00> Flags: | WORKGROUP<1d> Flags: |_ WORKGROUP<1e> Flags: | smb-os-discovery: | OS: Windows 6.1 (Samba 4.3.11-Ubuntu) | Computer name: tr-dev1 | NetBIOS computer name: TR-DEV1 |_ System time: 2017-06-20T03:35:56-04:00 | smb-security-mode: | accountused: guest | authentication_level: user | challenge_response: supported | message_signing: disabled (dangerous, but default) |_smbv2-enabled: Server supports SMBv2 protocol do you guys see anything interesting in this nmap scan? and also what i do here is completely legit and supervised through out the whole process.i am an intern in a company where they expect me to get into their small server used for some internall stuffs. I dont have that much prior experince in this regard. So far i have check out versions of apps running on the server to see if i could exploit them. I checked them on google, although openssh version 7.2p2 was seemingly vulnerable, i couldnt manage to perform the exploits i have found on exploit-database.com.(i read the codes to figure out what it was doing and try to optimize a bit. but didnt seem to work out.) Also there is an samba smbd 3.X 4.X running on port 139 that i tried to exploit again using the exploits on exploit-database.com and againt none was successful. So could you please give me some help/advice on what i should do next, what to look for. ( meanwhile i also read a book about this and googling all around.) have a nice day. edit: it look so messy but when i try to edit it, it seems perfectly alligned, sorry for the mess
This episode shows how NoSQL applications could be easily hacked with the no.1 threat on the internet -- injection attacks, from password guessing to authentication bypassing. Let's fix these ... The official audio of "The Line" by dvsn from the album 'Sept 5th'. 'Sept 5th' - https://ovosound.lnk.to/Sept5th Follow dvsn https://facebook.com/dvsn https:... The Super Mario Effect - Tricking Your Brain into Learning More Mark Rober TEDxPenn - Duration: 15:09. TEDx Talks Recommended for you This is a fast paced mongo DB tutorial. If you want to learn faster and have some experience in Db then this is a good course for you. For details visit : www.premaseem.com. Em um dia comum de trabalho, um homem sai do escritório decidido a fazer a diferença na vida do seu filho. Ele chega à nova escola da criança e, com muita de...