root@kali:~/Walkthroughs/w1r3s# nmap -Pn -sT -sV -A --script=default,banner -oA w1r3s -p- 10.183.0.197

Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-23 10:40 CDT

Nmap scan report for W1R3S.homenet.dom (10.183.0.197)

Host is up (0.0018s latency).

Not shown: 55528 filtered ports, 10003 closed ports

PORT     STATE SERVICE VERSION

21/tcp   open  ftp     vsftpd 2.0.8 or later

|_banner: 220 Welcome to W1R3S.inc FTP service.

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| drwxr-xr-x    2 ftp      ftp          4096 Jan 23  2018 content

| drwxr-xr-x    2 ftp      ftp          4096 Jan 23  2018 docs

|_drwxr-xr-x    2 ftp      ftp          4096 Jan 28  2018 new-employees

| ftp-syst:

|   STAT:

| FTP server status:

|      Connected to ::ffff:10.183.0.222

|      Logged in as ftp

|      TYPE: ASCII

|      No session bandwidth limit

|      Session timeout in seconds is 300

|      Control connection is plain text

|      Data connections will be plain text

|      At session startup, client count was 4

|      vsFTPd 3.0.3 - secure, fast, stable

|_End of status

22/tcp   open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)

|_banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4

| ssh-hostkey:

|   2048 07:e3:5a:5c:c8:18:65:b0:5f:6e:f7:75:c7:7e:11:e0 (RSA)

|   256 03:ab:9a:ed:0c:9b:32:26:44:13:ad:b0:b0:96:c3:1e (ECDSA)

|_  256 3d:6d:d2:4b:46:e8:c9:a3:49:e0:93:56:22:2e:e3:54 (ED25519)

80/tcp   open  http    Apache httpd 2.4.18 ((Ubuntu))

|_http-server-header: Apache/2.4.18 (Ubuntu)

|_http-title: Apache2 Ubuntu Default Page: It works

3306/tcp open  mysql   MySQL (unauthorized)

| banner: I\x00\x00\x00\xFFj\x04Host 'kali.homenet.dom' is not allowed to

|_ connect to this MySQL server

MAC Address: 00:0C:29:AA:7F:FC (VMware)

Device type: general purpose

Running: Linux 3.X|4.X

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4

OS details: Linux 3.10 - 4.11

Network Distance: 1 hop

Service Info: Host: W1R3S.inc; OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE

HOP RTT     ADDRESS

1   1.82 ms W1R3S.homenet.dom (10.183.0.197)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 102.31 seconds

root@kali:~/Walkthroughs/pwnlabinit# nmap -Pn -sT -sV -A --script=default,banner -oA pwnlabinit -p- 10.183.0.223

Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-21 09:46 CDT

Nmap scan report for pwnlab.homenet.dom (10.183.0.223)

Host is up (0.0014s latency).

Not shown: 65531 closed ports

PORT      STATE SERVICE VERSION

80/tcp    open  http    Apache httpd 2.4.10 ((Debian))

|_http-server-header: Apache/2.4.10 (Debian)

|_http-title: PwnLab Intranet Image Hosting

111/tcp   open  rpcbind 2-4 (RPC #100000)

| rpcinfo:

|   program version   port/proto  service

|   100000  2,3,4        111/tcp  rpcbind

|   100000  2,3,4        111/udp  rpcbind

|   100024  1          45272/tcp  status

|_  100024  1          48434/udp  status

3306/tcp  open  mysql    MySQL 5.5.47-0 +deb8u1

| banner: S\x00\x00\x00\x0A5.5.47-0+deb8u1\x00(\x00\x00\x00"_<J>:E0\x00\x

|_FF\xF7\x08\x02\x00\x0F\x80\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x...

| mysql-info:

|   Protocol: 10

|   Version: 5.5.47-0+deb8u1

|   Thread ID: 39

|   Capabilities flags: 63487

|   Some Capabilities: SupportsTransactions, InteractiveClient, SupportsLoadDataLocal, Support41Auth, IgnoreSigpipes, LongColumnFlag, Speaks41ProtocolOld, DontAllowDatabaseTableColumn, ODBCClient, LongPassword, IgnoreSpaceBeforeParenthesis, FoundRows, SupportsCompression, Speaks41ProtocolNew, ConnectWithDatabase, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins

|   Status: Autocommit

|   Salt: qz43A/c*BNCCg\u[E(9$

|_  Auth Plugin Name: 88

45272/tcp open  status  1 (RPC #100024)

MAC Address: 08:00:27:25:2E:EB (Oracle VirtualBox virtual NIC)

Device type: general purpose

Running: Linux 3.X|4.X

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4

OS details: Linux 3.2 - 4.9

Network Distance: 1 hop

TRACEROUTE

HOP RTT     ADDRESS

1   1.44 ms pwnlab.homenet.dom (10.183.0.223)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 37.07 seconds

root@kali:~/Walkthroughs/pluck# nmap -Pn -sT -sV -A --script=default,banner -oA pluck -p- 10.183.0.217

Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-20 15:44 CDT

Nmap scan report for pluck.homenet.dom (10.183.0.217)

Host is up (0.0027s latency).

Not shown: 65531 closed ports

PORT     STATE SERVICE VERSION

22/tcp   open  ssh     OpenSSH 7.3p1 Ubuntu 1 (Ubuntu Linux; protocol 2.0)

|_banner: SSH-2.0-OpenSSH_7.3p1 Ubuntu-1

| ssh-hostkey:

|   2048 e8:87:ba:3e:d7:43:23:bf:4a:6b:9d:ae:63:14:ea:71 (RSA)

|   256 8f:8c:ac:8d:e8:cc:f9:0e:89:f7:5d:a0:6c:28:56:fd (ECDSA)

|_  256 18:98:5a:5a:5c:59:e1:25:70:1c:37:1a:f2:c7:26:fe (ED25519)

80/tcp   open  http    Apache httpd 2.4.18 ((Ubuntu))

|_http-server-header: Apache/2.4.18 (Ubuntu)

|_http-title: Pluck

3306/tcp open  mysql   MySQL (unauthorized)

| banner: I\x00\x00\x00\xFFj\x04Host 'kali.homenet.dom' is not allowed to

|_ connect to this MySQL server

5355/tcp open  llmnr?

MAC Address: 08:00:27:45:29:54 (Oracle VirtualBox virtual NIC)

Device type: general purpose

Running: Linux 3.X|4.X

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4

OS details: Linux 3.2 - 4.9

Network Distance: 1 hop

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE

HOP RTT     ADDRESS

1   2.65 ms pluck.homenet.dom (10.183.0.217)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 151.12 seconds