☁ ~ nmap -sS -sU -T4 -A -v 192.168.229.129 Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-19 09:21 EDT NSE: Loaded 148 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 09:21 Completed NSE at 09:21, 0.00s elapsed Initiating NSE at 09:21 Completed NSE at 09:21, 0.00s elapsed Initiating ARP Ping Scan at 09:21 Scanning 192.168.229.129 [1 port] Completed ARP Ping Scan at 09:21, 0.03s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 09:21 Completed Parallel DNS resolution of 1 host. at 09:21, 0.01s elapsed Initiating SYN Stealth Scan at 09:21 Scanning 192.168.229.129 [1000 ports] Completed SYN Stealth Scan at 09:21, 21.53s elapsed (1000 total ports) Initiating UDP Scan at 09:21 Scanning 192.168.229.129 [1000 ports] Discovered open port 161/udp on 192.168.229.129 Completed UDP Scan at 09:22, 10.01s elapsed (1000 total ports) Initiating Service scan at 09:22 Scanning 1000 services on 192.168.229.129 Service scan Timing: About 0.40% done Service scan Timing: About 3.20% done; ETC: 11:03 (1:38:19 remaining) Service scan Timing: About 6.20% done; ETC: 10:40 (1:13:53 remaining) Service scan Timing: About 9.20% done; ETC: 10:32 (1:04:09 remaining) Service scan Timing: About 12.20% done; ETC: 10:28 (0:58:32 remaining) Service scan Timing: About 15.20% done; ETC: 10:26 (0:54:29 remaining) Service scan Timing: About 18.20% done; ETC: 10:24 (0:51:10 remaining) Service scan Timing: About 23.50% done; ETC: 10:17 (0:42:39 remaining) Service scan Timing: About 24.20% done; ETC: 10:22 (0:45:50 remaining) Service scan Timing: About 29.40% done; ETC: 10:17 (0:39:16 remaining) Service scan Timing: About 35.40% done; ETC: 10:17 (0:35:46 remaining) Service scan Timing: About 41.40% done; ETC: 10:17 (0:32:21 remaining) Service scan Timing: About 47.40% done; ETC: 10:17 (0:28:59 remaining) Service scan Timing: About 53.40% done; ETC: 10:17 (0:25:38 remaining) Service scan Timing: About 59.40% done; ETC: 10:16 (0:22:18 remaining) Service scan Timing: About 65.40% done; ETC: 10:16 (0:18:59 remaining) Service scan Timing: About 71.40% done; ETC: 10:16 (0:15:41 remaining) Service scan Timing: About 77.40% done; ETC: 10:16 (0:12:23 remaining) Service scan Timing: About 83.40% done; ETC: 10:16 (0:09:05 remaining) Service scan Timing: About 88.90% done; ETC: 10:17 (0:06:06 remaining) Service scan Timing: About 94.90% done; ETC: 10:17 (0:02:48 remaining) Completed Service scan at 10:17, 3319.00s elapsed (1000 services on 1 host) Initiating OS detection (try #1) against 192.168.229.129 Retrying OS detection (try #2) against 192.168.229.129 NSE: Script scanning 192.168.229.129. Initiating NSE at 10:17 Completed NSE at 10:18, 45.22s elapsed Initiating NSE at 10:18 Completed NSE at 10:19, 55.12s elapsed Nmap scan report for 192.168.229.129 Host is up (0.0042s latency). Not shown: 1000 filtered ports, 999 open|filtered ports PORT STATE SERVICE VERSION 161/udp open snmp SNMPv1 server; net-snmp SNMPv3 server (public) | snmp-info: | enterprise: net-snmp | engineIDFormat: unknown | engineIDData: ad610f2abb4d5b5800000000 | snmpEngineBoots: 19 |_ snmpEngineTime: 1h08m06s | snmp-sysdescr: Linux Initech-DMZ01 4.4.0-45-generic #66~14.04.1-Ubuntu SMP Wed Oct 19 15:05:38 UTC 2016 x86_64 |_ System uptime: 1h08m7.02s (408702 timeticks) MAC Address: 00:0C:29:76:41:E4 (VMware) Too many fingerprints match this host to give specific OS details Network Distance: 1 hop Service Info: Host: Initech-DMZ01
TRACEROUTE HOP RTT ADDRESS 1 4.20 ms 192.168.229.129
NSE: Script Post-scanning. Initiating NSE at 10:19 Completed NSE at 10:19, 0.00s elapsed Initiating NSE at 10:19 Completed NSE at 10:19, 0.00s elapsed Read data files from: /usr/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 3455.13 seconds Raw packets sent: 4049 (152.554KB) | Rcvd: 3 (308B)
[+] Try to connect to 192.168.229.129:161 using SNMPv1 and community 'public'
[*] System information:
Host IP address : 192.168.229.129 Hostname : Initech-DMZ01 Description : Linux Initech-DMZ01 4.4.0-45-generic #66~14.04.1-Ubuntu SMP Wed Oct 19 15:05:38 UTC 2016 x86_64 Contact : Email: Milton@breach.local - (545)-232-1876 Location : Initech - is this thing on? I doubt anyone thinks to look here, anyways, I've left myself a way back in and burn the place down once again. Uptime snmp : 15:12:39.80 Uptime system : 15:12:23.84 System date : 2018-9-20 00:21:49.0
Scanning 192.168.229.129 [1000 ports] Discovered open port 23/tcp on 192.168.229.129 Discovered open port 22/tcp on 192.168.229.129 Discovered open port 10010/tcp on 192.168.229.129 Discovered open port 5800/tcp on 192.168.229.129 Discovered open port 2048/tcp on 192.168.229.129 Discovered open port 10009/tcp on 192.168.229.129
看到telnet,先连一下试试:
1 2 3 4 5 6
☁ ~ telnet 192.168.229.129 Trying 192.168.229.129... Connected to 192.168.229.129. Escape character is '^]'. I used to have a backdoor here but they closed it down around when they moved my desk into the basement. Connection closed by foreign host.
~ ssh root@192.168.229.129 ********************************************************************** * * * The Bobs Cloud Hosting, LLC. Secure Backdoor * * * * * * If you wish to discuss cloud hosting options, give us a call at * * * * 555-423-1800 or email us at thebobs@thebobscloudhostingllc.net * * * **********************************************************************