Section - Public Exploits

Course - Getting Started
Section - Public Exploits

Hi guys so trying to find the running services on ports using an NMAP scan

So i tried to run an NMAP scan using the following command

nmap 157.245.39.81

got back the following

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds.

Tried the following command and got the following results

Sudo nmap 157.245.39.81

and got the following results

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.11 seconds

Tried this command with the -Pn and got this back in return

sudo nmap -Pn 157.245.39.81

Nmap scan report for 157.245.39.81
Host is up (0.0047s latency).
Not shown: 905 filtered tcp ports (no-response), 94 closed tcp ports (reset)
PORT STATE SERVICE
30718/tcp open unknown

So it can see the server is up but 94 ports closed and 905 are filterd ports.

I had come across this article and it said try a different port scanning technique

Tried
sudo nmap -sS 157.245.39.81

Same issue host seems down

Tried
sudo nmap -sU 157.245.39.81

Same issue host seems down

Tried
sudo nmap -sY 157.245.39.81

Same issue host seems down

Tried
sudo nmap -sN 157.245.39.81

Same issue host seems down

Tried
sudo nmap -sF 157.245.39.81

Same issue host seems down

Tried
sudo nmap -sX 157.245.39.81

Same issue host seems down

Tried the following
sudo nmap -sV -Pn 157.245.39.81

All 1000 scanned ports on 157.245.39.81 are in ignored states.
Not shown: 905 filtered tcp ports (no-response), 95 closed tcp ports (reset)

Tried
sudo nmap -sT 157.245.39.81

Same issue host seems down.

Tried
nmap -sV -sC -p- 157.245.39.81

Same issue host seems down.

Searched aroud the internet on how to use NMAP to scan ports that are being blocked or filtered.

Any help would be great on this one.

Kapz

Hello,

From my notes I used :
nmap -sV -sC -Pn IpAddress

-sV Scan version
-sC Deeper scan using nmap scripts
-Pn Treat all hosts as online, skip discovery.

You can also use redirectors > to save the result in a file since the process may take a while if you do a fullscan.

I get the following

nmap -sV -sC -Pn 157.245.39.81
Starting Nmap 7.92 ( https://nmap.org ) at 2023-04-21 16:25 BST
Nmap scan report for 157.245.39.81
Host is up (0.0061s latency).
All 1000 scanned ports on 157.245.39.81 are in ignored states.
Not shown: 905 filtered tcp ports (no-response), 95 closed tcp ports (conn-refused)

Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .
Nmap done: 1 IP address (1 host up) scanned in 13.35 seconds

Shows host is up, but does not show the services running.

Your result is indeed very different that the one I got in my screen capture at the time.
After “Not shown” and before “Service detection” you should have the table with
PORT STATE SERVICE VERSION

Back when I did it 2 (randomized ?) ports where shown as opened, 1 HTTP and 1 SSH.

I’m not sure why yours is so different though

I know its a wordpress site and the hint says: Search for plugin exploits

But a little lost on this one.

One you know it’s a website running on a specific port, you can go for web enumeration and try to find anything useful to check against known exploits databases.

Try to access the website from a regular web browser and see what comes up

Hi Guys

So i am doing module Public Exploits

I have done a metasploit search for the wordpress plugin and found

auxiliary/scanner/http/wp_simple_backup_file_read normal No WordPress Simple Backup File Read Vulnerability

I am guessing this is the correct one.

I set the rhost ok to the ip address of the web server ok

When i go to set the LHOST to tune0

I get the following error

Unknown datastore option: LHOST. Did you mean VHOST?

If anyone can help with this one would really be gratful.

Many Thanks

Kapz

From the msfconsole once you selected the exploit to use, you can use the showoptions command to see what is required or not.
For this exploit in particular I believe that there is just no LHOST option.

Thanks for you help. On this one i had to follow through a YouTube Video there was certain things that they did not show such as gobuster which is new ot me but all ok and all part of the learning.