nmap

  ___                        
 ( _ ) _ __ ___   __ _ _ __  
 / _ \| '_ ` _ \ / _` | '_ \ 
| (_) | | | | | | (_| | |_) |
 \___/|_| |_| |_|\__,_| .__/ 
                      |_|    
          adot8 <3

[+] Scanning 10.10.11.11 [65535 TCP ports]


[+] Enumerating 10.10.11.11 [22,80]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-24 16:38 CDT
Nmap scan report for 10.10.11.11
Host is up (0.12s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 06:2d:3b:85:10:59:ff:73:66:27:7f:0e:ae:03:ea:f4 (RSA)
|   256 59:03:dc:52:87:3a:35:99:34:44:74:33:78:31:35:fb (ECDSA)
|_  256 ab:13:38:e4:3e:e0:24:b4:69:38:a9:63:82:38:dd:f4 (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
|_http-server-header: Apache/2.4.41 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.39 seconds

[+] Enumerating 10.10.11.11 for vulnerabilities [22,80]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-24 16:38 CDT
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 10.10.11.11
Host is up (0.12s latency).

PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
| http-fileupload-exploiter: 
|   
|     Couldn't find a file-type field.
|   
|     Couldn't find a file-type field.
|   
|     Couldn't find a file-type field.
|   
|     Couldn't find a file-type field.
|   
|     Couldn't find a file-type field.
|   
|     Couldn't find a file-type field.
|   
|_    Couldn't find a file-type field.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.11.11
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://10.10.11.11:80/
|     Form id: 
|     Form action: 
|     
|     Path: http://10.10.11.11:80/
|     Form id: 
|     Form action: 
|     
|     Path: http://10.10.11.11:80/do.php
|     Form id: 
|     Form action: 
|     
|     Path: http://10.10.11.11:80/index.php
|     Form id: 
|     Form action: 
|     
|     Path: http://10.10.11.11:80/index.php
|     Form id: 
|     Form action: 
|     
|     Path: http://10.10.11.11:80/contact.php
|     Form id: 
|     Form action: 
|     
|     Path: http://10.10.11.11:80/contact.php
|     Form id: 
|     Form action: 
|     
|     Path: http://10.10.11.11:80/about.php
|     Form id: 
|_    Form action: 

Nmap done: 1 IP address (1 host up) scanned in 636.72 seconds

[+] Scanning 10.10.11.11 [1000 UDP ports]
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-24 16:48 CDT
Initiating Ping Scan at 16:48
Scanning 10.10.11.11 [4 ports]
Completed Ping Scan at 16:48, 0.15s elapsed (1 total hosts)
Initiating UDP Scan at 16:48
Scanning board.htb (10.10.11.11) [100 ports]
Increasing send delay for 10.10.11.11 from 0 to 50 due to 11 out of 18 dropped probes since last increase.
Increasing send delay for 10.10.11.11 from 50 to 100 due to max_successful_tryno increase to 5
Increasing send delay for 10.10.11.11 from 100 to 200 due to max_successful_tryno increase to 6
Warning: 10.10.11.11 giving up on port because retransmission cap hit (6).
Increasing send delay for 10.10.11.11 from 200 to 400 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 10.10.11.11 from 400 to 800 due to 11 out of 14 dropped probes since last increase.
Completed UDP Scan at 16:50, 74.31s elapsed (100 total ports)
Nmap scan report for board.htb (10.10.11.11)
Host is up (0.12s latency).
Not shown: 74 closed udp ports (port-unreach)
PORT      STATE         SERVICE
9/udp     open|filtered discard
19/udp    open|filtered chargen
67/udp    open|filtered dhcps
68/udp    open|filtered dhcpc
80/udp    open|filtered http
88/udp    open|filtered kerberos-sec
123/udp   open|filtered ntp
135/udp   open|filtered msrpc
139/udp   open|filtered netbios-ssn
161/udp   open|filtered snmp
177/udp   open|filtered xdmcp
514/udp   open|filtered syslog
997/udp   open|filtered maitrd
1025/udp  open|filtered blackjack
1028/udp  open|filtered ms-lsa
1719/udp  open|filtered h323gatestat
1812/udp  open|filtered radius
2000/udp  open|filtered cisco-sccp
2049/udp  open|filtered nfs
3283/udp  open|filtered netassistant
5353/udp  open|filtered zeroconf
33281/udp open|filtered unknown
49153/udp open|filtered unknown
49156/udp open|filtered unknown
49192/udp open|filtered unknown
65024/udp open|filtered unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 74.64 seconds
           Raw packets sent: 498 (30.958KB) | Rcvd: 185 (31.468KB)

[+] Completed!