| ターゲット // Hunit | |
|---|---|
| Platform | OffSec Proving Grounds |
| OS | Linux |
| Difficulty | Medium |
| IP | 192.168.142.125 |
Enumeration
Nmap
▶ Nmap output
PORT STATE SERVICE VERSION
8080/tcp open http-proxy (custom web app + REST API)
12445/tcp open netbios-ssn Samba smbd 4.6.2
18030/tcp open http Apache httpd 2.4.46 ((Unix))
43022/tcp open ssh OpenSSH 8.4 (protocol 2.0)
Everything is on non-standard ports. SMB (12445) and the Apache instance on 18030 turn out to be dead ends — the static site on 18030 is just a landing page, and Samba exposes nothing interesting. SSH sits on 43022, so keep that port in mind: any creds we find get tried there.