NFS

May 14, 2024

# Nmap 7.94 scan initiated Tue May 14 15:47:54 2024 as: nmap -sC -sV -oN nmap -vv 10.129.206.56
Increasing send delay for 10.129.206.56 from 10 to 20 due to 11 out of 13 dropped probes since last increase.
Nmap scan report for 10.129.206.56
Host is up, received conn-refused (0.29s latency).
Scanned at 2024-05-14 15:47:55 PST for 271s
Not shown: 994 closed tcp ports (conn-refused)
PORT     STATE SERVICE     REASON  VERSION
21/tcp   open  ftp?        syn-ack
| fingerprint-strings: 
|   GenericLines: 
|     220 InFreight FTP v1.1
|     Invalid command: try being more creative
|_    Invalid command: try being more creative
22/tcp   open  ssh         syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 3f:4c:8f:10:f1:ae:be:cd:31:24:7c:a1:4e:ab:84:6d (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa9RJRoAShv6FzLx23WYUh5z5vpaC1W0jTGGJuVfOVmOiwXu7d+eLRcf51dFwqe2J4OZ7z70w6Lrbm3RyKjNSZmY0ekPqbXyP0P6KqYn4eFdJkYp74zPUEvC/Y5U9gYmvCpoQ8gvqgAImYwhBXAlAmGDptcfRWRJ3KaRG/bbmfg0vsWqwYvDVfxEcCfbO1m7v6a9EiWELRTynHS26+oJbjY7tX5X05XMvj6L53JMWodHVsFf/vD4/qP2Ic0lafSBXuyKOcN5Tnx0DpExUwqj7GPLaM/ljG5LjF8y2yqZ85GeNQsgnsSxIL6dHiWkbUP4RXogUVI/prXLDU8307Wn/LWJQl3hxjJmunJfC5qw4a/JPLd9ydFSwadjYhztQoYIsSp41mr/wEVns8owxcKzBju74T9FptZ4I4UAzZLIWg1RJzpnJ7wpnFSUXFbvOa6V+nzeMesjYvKK1vx+UuNtrUuXPJm3BoYKjRJd2msog1KX4CguQNGZMS6LegiRIGde0=
|   256 7b:30:37:67:50:b9:ad:91:c0:8f:f7:02:78:3b:7c:02 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNAdY+PFLa0XBlXCp3lL+mrrQKkU6bxWjDVEsljltzBYtugbDuER3AyIq1igFdgQPn+uKh5RtNQvPvX1Al8pA0Y=
|   256 88:9e:0e:07:fe:ca:d0:5c:60:ab:cf:10:99:cd:6c:a7 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKKM5saOYH/Fq3lWY1P4fchdWaH60Ib5/VQk6A00nAP
111/tcp  open  rpcbind     syn-ack
| rpcinfo: 
|   program version    port/proto  service
|   100003  3           2049/udp6  nfs
|   100003  3,4         2049/tcp6  nfs
|   100021  1,3,4      33895/tcp6  nlockmgr
|   100021  1,3,4      40649/tcp   nlockmgr
|   100021  1,3,4      54845/udp6  nlockmgr
|   100021  1,3,4      59643/udp   nlockmgr
|   100227  3           2049/tcp6  nfs_acl
|   100227  3           2049/udp   nfs_acl
|_  100227  3           2049/udp6  nfs_acl
139/tcp  open  netbios-ssn syn-ack Samba smbd 4.6.2
445/tcp  open  netbios-ssn syn-ack Samba smbd 4.6.2
2049/tcp open  rpcbind     syn-ack
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port21-TCP:V=7.94%I=7%D=5/14%Time=66431767%P=x86_64-pc-linux-gnu%r(Gene
SF:ricLines,74,"220\x20InFreight\x20FTP\x20v1\.1\r\n500\x20Invalid\x20comm
SF:and:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\
SF:x20try\x20being\x20more\x20creative\r\n");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
| p2p-conficker: 
|   Checking for Conficker.C or higher...
|   Check 1 (port 37098/tcp): CLEAN (Couldn't connect)
|   Check 2 (port 14350/tcp): CLEAN (Couldn't connect)
|   Check 3 (port 44468/udp): CLEAN (Failed to receive data)
|   Check 4 (port 41608/udp): CLEAN (Failed to receive data)
|_  0/4 checks are positive: Host is CLEAN or ports are blocked
|_clock-skew: 3s
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2024-05-14T07:51:44
|_  start_date: N/A
| nbstat: NetBIOS name: DEVSMB, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| Names:
|   DEVSMB<00>           Flags: <unique><active>
|   DEVSMB<03>           Flags: <unique><active>
|   DEVSMB<20>           Flags: <unique><active>
|   DEVOPS<00>           Flags: <group><active>
|   DEVOPS<1e>           Flags: <group><active>
| Statistics:
|   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
|   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
|_  00:00:00:00:00:00:00:00:00:00:00:00:00:00

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue May 14 15:52:26 2024 -- 1 IP address (1 host up) scanned in 271.63 seconds

sudo showmount -e 10.129.206.56

mkdir /tmp/attacker

sudo mount -o rw 10.129.206.56:/var/nfs /tmp/attacker
cd attacker
ls
cat flag.txt

sudo umount /tmp/attacker

sudo mount -o rw 10.129.206.56:/mnt/nfsshare /tmp/attacker
cd attacker
ls
cat flag.txt

PreviousSMB NextDNS

Last updated 11 months ago

# Nmap 7.94 scan initiated Tue May 14 15:47:54 2024 as: nmap -sC -sV -oN nmap -vv 10.129.206.56 Increasing send delay for 10.129.206.56 from 10 to 20 due to 11 out of 13 dropped probes since last increase. Nmap scan report for 10.129.206.56 Host is up, received conn-refused (0.29s latency). Scanned at 2024-05-14 15:47:55 PST for 271s Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE REASON VERSION 21/tcp open ftp? syn-ack | fingerprint-strings: | GenericLines: | 220 InFreight FTP v1.1 | Invalid command: try being more creative |_ Invalid command: try being more creative 22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 3f:4c:8f:10:f1:ae:be:cd:31:24:7c:a1:4e:ab:84:6d (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa9RJRoAShv6FzLx23WYUh5z5vpaC1W0jTGGJuVfOVmOiwXu7d+eLRcf51dFwqe2J4OZ7z70w6Lrbm3RyKjNSZmY0ekPqbXyP0P6KqYn4eFdJkYp74zPUEvC/Y5U9gYmvCpoQ8gvqgAImYwhBXAlAmGDptcfRWRJ3KaRG/bbmfg0vsWqwYvDVfxEcCfbO1m7v6a9EiWELRTynHS26+oJbjY7tX5X05XMvj6L53JMWodHVsFf/vD4/qP2Ic0lafSBXuyKOcN5Tnx0DpExUwqj7GPLaM/ljG5LjF8y2yqZ85GeNQsgnsSxIL6dHiWkbUP4RXogUVI/prXLDU8307Wn/LWJQl3hxjJmunJfC5qw4a/JPLd9ydFSwadjYhztQoYIsSp41mr/wEVns8owxcKzBju74T9FptZ4I4UAzZLIWg1RJzpnJ7wpnFSUXFbvOa6V+nzeMesjYvKK1vx+UuNtrUuXPJm3BoYKjRJd2msog1KX4CguQNGZMS6LegiRIGde0= | 256 7b:30:37:67:50:b9:ad:91:c0:8f:f7:02:78:3b:7c:02 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNAdY+PFLa0XBlXCp3lL+mrrQKkU6bxWjDVEsljltzBYtugbDuER3AyIq1igFdgQPn+uKh5RtNQvPvX1Al8pA0Y= | 256 88:9e:0e:07:fe:ca:d0:5c:60:ab:cf:10:99:cd:6c:a7 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKKM5saOYH/Fq3lWY1P4fchdWaH60Ib5/VQk6A00nAP 111/tcp open rpcbind syn-ack | rpcinfo: | program version port/proto service | 100003 3 2049/udp6 nfs | 100003 3,4 2049/tcp6 nfs | 100021 1,3,4 33895/tcp6 nlockmgr | 100021 1,3,4 40649/tcp nlockmgr | 100021 1,3,4 54845/udp6 nlockmgr | 100021 1,3,4 59643/udp nlockmgr | 100227 3 2049/tcp6 nfs_acl | 100227 3 2049/udp nfs_acl |_ 100227 3 2049/udp6 nfs_acl 139/tcp open netbios-ssn syn-ack Samba smbd 4.6.2 445/tcp open netbios-ssn syn-ack Samba smbd 4.6.2 2049/tcp open rpcbind syn-ack 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port21-TCP:V=7.94%I=7%D=5/14%Time=66431767%P=x86_64-pc-linux-gnu%r(Gene SF:ricLines,74,"220\x20InFreight\x20FTP\x20v1\.1\r\n500\x20Invalid\x20comm SF:and:\x20try\x20being\x20more\x20creative\r\n500\x20Invalid\x20command:\ SF:x20try\x20being\x20more\x20creative\r\n"); Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Host script results: | p2p-conficker: | Checking for Conficker.C or higher... | Check 1 (port 37098/tcp): CLEAN (Couldn't connect) | Check 2 (port 14350/tcp): CLEAN (Couldn't connect) | Check 3 (port 44468/udp): CLEAN (Failed to receive data) | Check 4 (port 41608/udp): CLEAN (Failed to receive data) |_ 0/4 checks are positive: Host is CLEAN or ports are blocked |_clock-skew: 3s | smb2-security-mode: | 3:1:1: |_ Message signing enabled but not required | smb2-time: | date: 2024-05-14T07:51:44 |_ start_date: N/A | nbstat: NetBIOS name: DEVSMB, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown) | Names: | DEVSMB<00> Flags: <unique><active> | DEVSMB<03> Flags: <unique><active> | DEVSMB<20> Flags: <unique><active> | DEVOPS<00> Flags: <group><active> | DEVOPS<1e> Flags: <group><active> | Statistics: | 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 | 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 |_ 00:00:00:00:00:00:00:00:00:00:00:00:00:00 Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Tue May 14 15:52:26 2024 -- 1 IP address (1 host up) scanned in 271.63 seconds