192.168.1.120: (Lots of vulns on this one) - 21/tcp - Anon FTP Server - 22/tcp - SSH - 80/tcp - HTTP Apache2.4.27 - 9090/tcp - Cockpit 161 Web Server FLAG HERE
192.168.1.121: - 80/tcp - Apache 2.2.22 (robots.txt probably worth looking into. This seems to have an upload vuln, so we will try burp suite) - /nothing - In the html this was found ~~~ #my secret pass freedom password helloworld! diana iloveroot ~~~
192.168.1.122: (This ones thick too) - 22/tcp - SSH - 80/tcp - HTTP Apache2.4.7 (robots.txt worth looking into) - 139/tcp - netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) (no security) - 445/tcp - netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP) (no security) - 3306/tcp - mysql (unauthorized) - 6667/tcp - irc (IRC is just a chat room, so there may be insecure conversation on this) - server: Admin.local - source host: 192.168.0.50 - Hosts: LAZYSYSADMIN
192.168.1.123: (I think they really want us to use metasplot on this one guys) - 21/tcp - FTP (Anonymous login) - 22/tcp - SSH - 23/tcp - Telnet (insecure by default) - 25/tcp smtp (Mail service) - This is metasploitable - 53/tcp - DNS server bind.version: 9.4.2 - 80/tcp - HTTP Apache2.2.8 - http-title: Metasploitable2 (This is probably metasploitable) - 111/tcp - rpcbind (This is for remote exicution of processes) - 139/tcp - Samba smbd 3.X - 4.X - 445/tcp - Samba smbd 3.0.20-Debian - 512/tcp - exec netkit-rsh rececd (not too sure what this is but its probably exploitable somehow) - 513/tcp - OpenBSD or Solaris remote login - 514/tcp tcpwrapped (This likely has ACL info in it) - 1099/tcp - java-rmi GNU Classpath grmregistry - 1524/tcp - bindshell Metasploitable root shell - 2049/tcp - nfs (local file system) - 2121/tcp - ftp ProFTPD 1.3.1 - 3306/tcp - MySQL 5.0.51a-3ubuntu5 - 5432/tcp - postgresql PostgreSQK BD 8.3.0 -8.3.20 - 5900/tcp - VNC 3.3 (Remote desktop) - 6000/tcp - X11 (access denied)(something actually secured, wow!) - 6667/tcp - irc - server: irc.Metasploitable.LAN - version Unreal3.2.8.1 irc.Metasplotable.LAN - 8009/tcp - ajp13 Apache Jserv 1.3 - 8180/tcp - HTTP Apache Tomcat/Coyote JSP engine 1.1 - Service Info: metasploitable.localdomain
192.168.1.124: (super thick) - 21/tcp - ftp - 22/tcp - SSH - 80/tcp - HTTP Microsoft IIS httpd 7.5 (super basic webserver) - 135/tcp - msrpc Windows RPC - 139/tcp - netbios-ssn MS Windows netbios-ssn - 445/tcp - Microsoft Windows Server 2008 R2 Standard 7601 Service Pack - 3306/tcp - mysql MySQL 5.5.20-log (this looks like its open to injections) - 3389/tcp - ssl/ms-wbt-server (this is a server that seems to be running off the port 445 machine) - 4848/tcp - ssl/appserv-http (idk yet) - 7676/tcp - Java message service 301 - 8009/tcp - HTTP - 8022/tcp - HTTP Apache Tomcat.Coyote JSP engine 1.1 - 8031/tcp - unknown - 8080/tcp - http This is the one with the admin default login page) - 8181/tcp - ssl/intermapper (network monitoring tools) - 8383/tcp - HTTP - 8443/tcp - https redirect?? - 9200/tcp - wap-wsp (essentailly a super old http proxy prob vulnerable) - 49152-5/tcp - Windows RPC - 49158/tcp - idek - 49400/tcp - It looks like a broken web server
192.168.1.125: - 21/tcp - ftp ProFTPD 1.3.5 - 22/tcp - SSH - 80/tcp - HTTP Apache 2.4.7 (There some interesting pages on here) - chat/ - drupal/msfconsole - payroll_app.php - phpmyadminadmin - 445/tcp - Samba smbd 4.3.11 - 631/tcp - ipp CUPS 1.7 (This is for a printer) - 3000/tcp - ppp (actively blocking connections) - 3306/tcp - MySQL - 8080/tcp - Closed HTTP-Proxy - 8181/tcp - Closed intermapper