Monitored
Description
Automated Scanning
NMap Scan
# Nmap 7.94SVN scan initiated Fri Mar 1 14:37:52 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/monitored/nmap.txt 10.10.11.248
Increasing send delay for 10.10.11.248 from 0 to 5 due to 81 out of 202 dropped probes since last increase.
Increasing send delay for 10.10.11.248 from 5 to 10 due to 11 out of 21 dropped probes since last increase.
Nmap scan report for monitored.htb (10.10.11.248)
Host is up, received syn-ack (0.086s latency).
Scanned at 2024-03-01 14:37:53 EST for 43s
Not shown: 991 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
| 3072 61:e2:e7:b4:1b:5d:46:dc:3b:2f:91:38:e6:6d:c5:ff (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/xFgJTbVC36GNHaE0GG4n/bWZGaD2aE7lsFUvXVdbINrl0qzBPVCMuOE1HNf0LHi09obr2Upt9VURzpYdrQp/7SX2NDet9pb+UQnB1IgjRSxoIxjsOX756a7nzi71tdcR3I0sALQ4ay5I5GO4TvaVq+o8D01v94B0Qm47LVk7J3mN4wFR17lYcCnm0kwxNBsKsAgZVETxGtPgTP6hbauEk/SKGA5GASdWHvbVhRHgmBz2l7oPrTot5e+4m8A7/5qej2y5PZ9Hq/2yOldrNpS77ID689h2fcOLt4fZMUbxuDzQIqGsFLPhmJn5SUCG9aNrWcjZwSL2LtLUCRt6PbW39UAfGf47XWiSs/qTWwW/yw73S8n5oU5rBqH/peFIpQDh2iSmIhbDq36FPv5a2Qi8HyY6ApTAMFhwQE6MnxpysKLt/xEGSDUBXh+4PwnR0sXkxgnL8QtLXKC2YBY04jGG0DXGXxh3xEZ3vmPV961dcsNd6Up8mmSC43g5gj2ML/E=
| 256 29:73:c5:a5:8d:aa:3f:60:a9:4a:a3:e5:9f:67:5c:93 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBbeArqg4dgxZEFQzd3zpod1RYGUH6Jfz6tcQjHsVTvRNnUzqx5nc7gK2kUUo1HxbEAH+cPziFjNJc6q7vvpzt4=
| 256 6d:7a:f9:eb:8e:45:c2:02:6a:d5:8d:4d:b3:a3:37:6f (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5o+WJqnyLpmJtLyPL+tEUTFbjMZkx3jUUFqejioAj7
43/tcp filtered whois no-response
80/tcp open http syn-ack Apache httpd 2.4.56
|_http-server-header: Apache/2.4.56 (Debian)
|_http-title: Did not follow redirect to https://nagios.monitored.htb/
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
389/tcp open ldap syn-ack OpenLDAP 2.2.X - 2.3.X
443/tcp open ssl/http syn-ack Apache httpd 2.4.56 ((Debian))
| ssl-cert: Subject: commonName=nagios.monitored.htb/organizationName=Monitored/stateOrProvinceName=Dorset/countryName=UK/localityName=Bournemouth/emailAddress=support@monitored.htb
| Issuer: commonName=nagios.monitored.htb/organizationName=Monitored/stateOrProvinceName=Dorset/countryName=UK/localityName=Bournemouth/emailAddress=support@monitored.htb
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-11-11T21:46:55
| Not valid after: 2297-08-25T21:46:55
| MD5: b36a:5560:7a5f:047d:9838:6450:4d67:cfe0
| SHA-1: 6109:3844:8c36:b08b:0ae8:a132:971c:8e89:cfac:2b5b
| -----BEGIN CERTIFICATE-----
| MIID/zCCAuegAwIBAgIUVhOvMcK6dv/Kvzplbf6IxOePX3EwDQYJKoZIhvcNAQEL
| BQAwgY0xCzAJBgNVBAYTAlVLMQ8wDQYDVQQIDAZEb3JzZXQxFDASBgNVBAcMC0Jv
| dXJuZW1vdXRoMRIwEAYDVQQKDAlNb25pdG9yZWQxHTAbBgNVBAMMFG5hZ2lvcy5t
| b25pdG9yZWQuaHRiMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QG1vbml0b3JlZC5o
| dGIwIBcNMjMxMTExMjE0NjU1WhgPMjI5NzA4MjUyMTQ2NTVaMIGNMQswCQYDVQQG
| EwJVSzEPMA0GA1UECAwGRG9yc2V0MRQwEgYDVQQHDAtCb3VybmVtb3V0aDESMBAG
| A1UECgwJTW9uaXRvcmVkMR0wGwYDVQQDDBRuYWdpb3MubW9uaXRvcmVkLmh0YjEk
| MCIGCSqGSIb3DQEJARYVc3VwcG9ydEBtb25pdG9yZWQuaHRiMIIBIjANBgkqhkiG
| 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qRRCKn9wFGquYFdqh7cp4WSTPnKdAwkycqk
| a3WTY0yOubucGmA3jAVdPuSJ0Vp0HOhkbAdo08JVzpvPX7Lh8mIEDRSX39FDYClP
| vQIAldCuWGkZ3QWukRg9a7dK++KL79Iz+XbIAR/XLT9ANoMi8/1GP2BKHvd7uJq7
| LV0xrjtMD6emwDTKFOk5fXaqOeODgnFJyyXQYZrxQQeSATl7cLc1AbX3/6XBsBH7
| e3xWVRMaRxBTwbJ/mZ3BicIGpxGGZnrckdQ8Zv+LRiwvRl1jpEnEeFjazwYWrcH+
| 6BaOvmh4lFPBi3f/f/z5VboRKP0JB0r6I3NM6Zsh8V/Inh4fxQIDAQABo1MwUTAd
| BgNVHQ4EFgQU6VSiElsGw+kqXUryTaN4Wp+a4VswHwYDVR0jBBgwFoAU6VSiElsG
| w+kqXUryTaN4Wp+a4VswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
| AQEAdPGDylezaB8d/u2ufsA6hinUXF61RkqcKGFjCO+j3VrrYWdM2wHF83WMQjLF
| 03tSek952fObiU2W3vKfA/lvFRfBbgNhYEL0dMVVM95cI46fNTbignCj2yhScjIz
| W9oeghcR44tkU4sRd4Ot9L/KXef35pUkeFCmQ2Xm74/5aIfrUzMnzvazyi661Q97
| mRGL52qMScpl8BCBZkdmx1SfcVgn6qHHZpy+EJ2yfJtQixOgMz3I+hZYkPFjMsgf
| k9w6Z6wmlalRLv3tuPqv8X3o+fWFSDASlf2uMFh1MIje5S/jp3k+nFhemzcsd/al
| 4c8NpU/6egay1sl2ZrQuO8feYA==
|_-----END CERTIFICATE-----
| tls-alpn:
|_ http/1.1
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_ssl-date: TLS randomness does not represent time
|_http-title: Nagios XI
|_http-server-header: Apache/2.4.56 (Debian)
1063/tcp filtered kyoceranetdev no-response
2005/tcp filtered deslogin no-response
2144/tcp filtered lv-ffx no-response
3826/tcp filtered wormux no-response
Service Info: Host: nagios.monitored.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar 1 14:38:36 2024 -- 1 IP address (1 host up) scanned in 44.17 seconds
Gobuster (DNS) Scan
DirBuster Scan
No Results
Nuclei Scan
[caa-fingerprint] [dns] [info] monitored.htb
[apache-detect] [http] [info] https://monitored.htb ["Apache/2.4.56 (Debian)"]
[fingerprinthub-web-fingerprints:nagios-xi] [http] [info] https://monitored.htb
[nagios-xi-panel] [http] [info] https://monitored.htb
[http-missing-security-headers:permissions-policy] [http] [info] https://monitored.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] https://monitored.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] https://monitored.htb
[http-missing-security-headers:strict-transport-security] [http] [info] https://monitored.htb
[http-missing-security-headers:x-frame-options] [http] [info] https://monitored.htb
[http-missing-security-headers:x-content-type-options] [http] [info] https://monitored.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] https://monitored.htb
[http-missing-security-headers:referrer-policy] [http] [info] https://monitored.htb
[http-missing-security-headers:clear-site-data] [http] [info] https://monitored.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] https://monitored.htb
[http-missing-security-headers:content-security-policy] [http] [info] https://monitored.htb
[waf-detect:apachegeneric] [http] [info] https://monitored.htb/
[ssh-auth-methods] [javascript] [info] monitored.htb:22 ["[\"publickey\",\"password\"]"]
[ssh-password-auth] [javascript] [info] monitored.htb:22
[ldap-anonymous-login] [tcp] [medium] monitored.htb:389
[ssh-sha1-hmac-algo] [javascript] [info] monitored.htb:22
[ssh-server-enumeration] [javascript] [info] monitored.htb:22 ["SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3"]
[openssh-detect] [tcp] [info] monitored.htb:22 ["SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3"]
[ssl-issuer] [ssl] [info] monitored.htb:443 ["Monitored"]
[mismatched-ssl-certificate] [ssl] [low] monitored.htb:443 ["CN: nagios.monitored.htb"]
[self-signed-ssl] [ssl] [low] monitored.htb:443
[tls-version] [ssl] [info] monitored.htb:443 ["tls10"]
[weak-cipher-suites:tls-1.0] [ssl] [low] monitored.htb:443 ["[tls10 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]"]
[tls-version] [ssl] [info] monitored.htb:443 ["tls11"]
[deprecated-tls] [ssl] [info] monitored.htb:443 ["tls10"]
[weak-cipher-suites:tls-1.1] [ssl] [low] monitored.htb:443 ["[tls11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]"]
[tls-version] [ssl] [info] monitored.htb:443 ["tls12"]
[deprecated-tls] [ssl] [info] monitored.htb:443 ["tls11"]
[tls-version] [ssl] [info] monitored.htb:443 ["tls13"]
Automation Summary
Summary of Scans:
- NMap Scan:
- Detected open ports: SSH (22/tcp), HTTP (80/tcp), LDAP (389/tcp), HTTPS (443/tcp).
- Identified services: OpenSSH 8.4p1 Debian (SSH), Apache httpd 2.4.56 (HTTP), OpenLDAP 2.2.X - 2.3.X (LDAP).
- Notable findings: Nagios XI web interface accessible via HTTPS.
-
Security issues: Missing security headers in HTTP responses, self-signed SSL certificate, weak cipher suites, deprecated TLS versions.
-
Gobuster (DNS) Scan:
-
No results found.
-
DirBuster Scan:
-
No results found.
-
Nuclei Scan:
- Identified various issues including Apache version, Nagios XI panel, missing security headers, weak cipher suites, deprecated TLS versions, self-signed SSL certificate, and potential vulnerabilities in SSH configuration and LDAP service.
Overall, the NMap scan provided a comprehensive overview of open ports and services running on the target machine. The Nuclei scan revealed multiple security issues and potential attack vectors that could be further exploited for penetration testing purposes.
AI Generated
User Own
Root Own
Summary
AI Generated