Практика №2. Сканирование корпоративной инфраструктуры

# Практика №2. Сканирование корпоративной инфраструктуры Выполнил студент Кузнецов М.Г. БСБО-05-21 ## Просканируем meria.tech на сайте https://2ip.ru/whois/ *inetnum: 85.142.160.0 - 85.142.161.255* *netname: MIREA-2-NET* *descr: Moscow State Institute for RadioEngeeniring,* *Electronics and* *descr: Moscow, Russia* *descr: pr-t Vernadskogo, 78* *country: RU* *org: ORG-MIRE1-RIPE* *admin-c: DM9397-RIPE* *tech-c: MMSI2-RIPE* *status: ASSIGNED PA* *mnt-by: INFR-MNT* *created: 2018-08-08T10:15:00Z* *last-modified: 2022-11-14T09:42:40Z* *source: RIPE # Filtered* *organisation: ORG-MIRE1-RIPE* *Professional Education "Moscow State Institute of a Radio* *engineering, Electronics and Automatics" (MIREA)* *country: RU* *org-type: OTHER* *address: MIREA* *address: Vernadskogo 78* *address: 119454* *address: Moscow* *address: Russian Federation* *phone: +7 499 7399505* *phone: +7 495 9874717* *admin-c: DM9397-RIPE* *tech-c: MMSI2-RIPE* *abuse-c: MMSI2-RIPE* *mnt-ref: INFR-MNT* *mnt-ref: MIREA-MNT* *mnt-by: INFR-MNT* *mnt-by: MIREA-MNT* *created: 2018-08-08T10:10:07Z* *last-modified: 2022-12-01T16:37:18Z* *source: RIPE # Filtered* *role: MIREA NOC* *org: ORG-MIRE1-RIPE* *address: RTU MIREA* *address: Vernadskogo, 78* *address: 119454* *address: Moscow* *address: Russian Federation* *phone: +7 499 6008228* *phone: +7 499 6008080* *admin-c: DM9397-RIPE* *tech-c: FL8858* *nic-hdl: MMSI2-RIPE* *abuse-mailbox: noc@mirea.ru* *mnt-by: MIREA-MNT* *created: 2014-05-07T11:09:25Z* *last-modified: 2024-02-23T23:03:44Z* *source: RIPE # Filtered* *person: Dmitry Myakoshin* *address: 78, Vernadskogo prosp.* *address: 119454 Moscow* *address: Russia* *phone: +7 499 6008228* *nic-hdl: DM9397-RIPE* *mnt-by: MSU-MNT* *mnt-by: MIREA-MNT* *created: 2011-06-23T12:13:31Z* *last-modified: 2022-11-02T11:52:45Z* *source: RIPE # Filtered* *route: 85.142.160.0/23* *descr: Moscow State Institute for RadioEngeeniring,* *Electronics and* *descr: Moscow, Russia* *descr: pr-t Vernadskogo, 78* *origin: AS28800* *mnt-by: INFR-MNT* *created: 2018-08-08T17:10:38Z* *last-modified: 2018-08-08T17:10:38Z* *source: RIPE # Filtered* ## Просканируем с помощью subfinder домены mirea.tech, ptlab.ru ![Screenshot 2024-03-12 143540](https://hackmd.io/_uploads/SkXqAh6T6.png) ![Screenshot 2024-03-12 143711](https://hackmd.io/_uploads/H1Gi02p66.png) ## Просканируем сеть 85.142.160.0/23 в Nmap Nmap scan report for test.mirea.ru (85.142.160.1) Host is up (0.017s latency). Not shown: 775 closed ports, 224 filtered ports PORT STATE SERVICE 443/tcp open https Aggressive OS guesses: Actiontec MI424WR-GEN3I WAP (99%), DD-WRT v24-sp2 (Linux 2.4.37) (98%), Linux 3.2 (98%), Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 (96%), Linux 4.4 (96%), Microsoft Windows XP SP3 (96%), BlueArc Titan 2100 NAS device (91%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.9 Host is up (0.012s latency). Not shown: 995 filtered ports PORT STATE SERVICE 25/tcp closed smtp 443/tcp open https 465/tcp closed smtps 8090/tcp open opsmessaging 32772/tcp closed sometimes-rpc7 Aggressive OS guesses: Actiontec MI424WR-GEN3I WAP (99%), DD-WRT v24-sp2 (Linux 2.4.37) (98%), Linux 3.2 (98%), Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 (96%), Linux 4.4 (96%), Microsoft Windows XP SP3 (96%), BlueArc Titan 2100 NAS device (91%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.10 Host is up (0.14s latency). Not shown: 972 filtered ports PORT STATE SERVICE 3/tcp closed compressnet 4/tcp closed unknown 80/tcp open http 110/tcp closed pop3 111/tcp closed rpcbind 443/tcp open https 445/tcp closed microsoft-ds 465/tcp closed smtps 524/tcp closed ncp 783/tcp closed spamassassin 1051/tcp closed optima-vnet 1080/tcp closed socks 1875/tcp closed westell-stats 2119/tcp closed gsigatekeeper 3476/tcp closed nppmp 5087/tcp closed biotic 5405/tcp closed pcduo 5962/tcp closed unknown 8002/tcp open teradataordbms 8009/tcp closed ajp13 8090/tcp open opsmessaging 8222/tcp closed unknown 8800/tcp closed sunwebadmin 9877/tcp closed unknown 16001/tcp closed fmsascon 20222/tcp closed ipulse-ics 32772/tcp closed sometimes-rpc7 49167/tcp closed unknown Aggressive OS guesses: Actiontec MI424WR-GEN3I WAP (99%), DD-WRT v24-sp2 (Linux 2.4.37) (97%), Linux 3.2 (97%), Linux 4.4 (97%), Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 (95%), Microsoft Windows XP SP3 (95%), BlueArc Titan 2100 NAS device (92%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.12 Host is up (0.00037s latency). Not shown: 998 filtered ports PORT STATE SERVICE 5087/tcp closed biotic 5950/tcp closed unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.17 Host is up (0.00029s latency). Not shown: 998 filtered ports PORT STATE SERVICE 5405/tcp closed pcduo 9877/tcp closed unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.21 Host is up (0.00030s latency). Not shown: 999 filtered ports PORT STATE SERVICE 8222/tcp closed unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.24 Host is up (0.00030s latency). Not shown: 999 filtered ports PORT STATE SERVICE 6123/tcp closed backup-express Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.26 Host is up (0.00029s latency). Not shown: 999 filtered ports PORT STATE SERVICE 3476/tcp closed nppmp Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.31 Host is up (0.00027s latency). Not shown: 999 filtered ports PORT STATE SERVICE 3/tcp closed compressnet Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for iep-tc.mirea.ru (85.142.160.35) Host is up (0.00028s latency). All 1000 scanned ports on iep-tc.mirea.ru (85.142.160.35) are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for ivzo-tc.mirea.ru (85.142.160.36) Host is up (0.00027s latency). All 1000 scanned ports on ivzo-tc.mirea.ru (85.142.160.36) are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for idp-tc.mirea.ru (85.142.160.37) Host is up (0.00027s latency). All 1000 scanned ports on idp-tc.mirea.ru (85.142.160.37) are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for itht-tc.mirea.ru (85.142.160.38) Host is up (0.00029s latency). All 1000 scanned ports on itht-tc.mirea.ru (85.142.160.38) are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for rts-tc.mirea.ru (85.142.160.39) Host is up (0.00028s latency). Not shown: 999 filtered ports PORT STATE SERVICE 32772/tcp closed sometimes-rpc7 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for fti-tc.mirea.ru (85.142.160.40) Host is up (0.00030s latency). All 1000 scanned ports on fti-tc.mirea.ru (85.142.160.40) are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.45 Host is up (0.00027s latency). Not shown: 999 filtered ports PORT STATE SERVICE 49167/tcp closed unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.46 Host is up (0.00028s latency). Not shown: 999 filtered ports PORT STATE SERVICE 1051/tcp closed optima-vnet Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.55 Host is up (0.00027s latency). Not shown: 999 filtered ports PORT STATE SERVICE 9877/tcp closed unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.63 Host is up (0.00036s latency). All 1000 scanned ports on 85.142.160.63 are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 Nmap scan report for 85.142.160.96 Host is up (0.00071s latency). Not shown: 998 filtered ports PORT STATE SERVICE 1875/tcp closed westell-stats 8800/tcp closed sunwebadmin Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.97 Host is up (0.15s latency). Not shown: 998 filtered ports PORT STATE SERVICE 9944/tcp closed unknown 44443/tcp closed coldfusion-auth Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|printer|WAP Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (89%), IBM embedded (89%), Actiontec embedded (86%) OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 cpe:/h:actiontec:mi424wr-gen3i cpe:/o:linux:linux_kernel cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:4.4 Aggressive OS guesses: Linux 2.6.38 (89%), IBM InfoPrint 1754 printer (89%), Actiontec MI424WR-GEN3I WAP (86%), DD-WRT v24-sp2 (Linux 2.4.37) (86%), Linux 3.2 (86%), Linux 4.4 (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.99 Host is up (0.00040s latency). Not shown: 999 filtered ports PORT STATE SERVICE 9877/tcp closed unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.195 Host is up (0.00044s latency). Not shown: 999 filtered ports PORT STATE SERVICE 1277/tcp closed miva-mqs Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.203 Host is up (0.0042s latency). Not shown: 999 filtered ports PORT STATE SERVICE 8800/tcp closed sunwebadmin Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.225 Host is up (0.032s latency). Not shown: 997 filtered ports PORT STATE SERVICE 1084/tcp closed ansoft-lm-2 1111/tcp closed lmsocialserver 2725/tcp closed msolap-ptp2 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|printer|WAP Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (89%), IBM embedded (89%), Actiontec embedded (86%) OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 cpe:/h:actiontec:mi424wr-gen3i cpe:/o:linux:linux_kernel cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:4.4 Aggressive OS guesses: Linux 2.6.38 (89%), IBM InfoPrint 1754 printer (89%), Actiontec MI424WR-GEN3I WAP (86%), DD-WRT v24-sp2 (Linux 2.4.37) (86%), Linux 3.2 (86%), Linux 4.4 (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.226 Host is up (0.014s latency). Not shown: 997 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 7777/tcp open cbt Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|specialized Running: Microsoft Windows XP|7|2012, VMware Player OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 cpe:/a:vmware:player OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012, VMware Player virtual NAT device Nmap scan report for 85.142.160.227 Host is up (0.00064s latency). Not shown: 999 filtered ports PORT STATE SERVICE 6123/tcp closed backup-express Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.228 Host is up (0.00062s latency). Not shown: 999 filtered ports PORT STATE SERVICE 1051/tcp closed optima-vnet Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.230 Host is up (0.00053s latency). Not shown: 999 filtered ports PORT STATE SERVICE 1213/tcp closed mpc-lifenet Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.235 Host is up (0.00046s latency). Not shown: 999 filtered ports PORT STATE SERVICE 9877/tcp closed unknown Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.160.246 Host is up (0.0010s latency). Not shown: 999 filtered ports PORT STATE SERVICE 5405/tcp closed pcduo Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.161.105 Host is up (0.12s latency). Not shown: 994 filtered ports PORT STATE SERVICE 1043/tcp closed boinc 6699/tcp closed napster 8800/tcp closed sunwebadmin 20222/tcp closed ipulse-ics 27352/tcp closed unknown 32772/tcp closed sometimes-rpc7 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|printer|WAP Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (89%), IBM embedded (89%), Actiontec embedded (86%) OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 cpe:/h:actiontec:mi424wr-gen3i cpe:/o:linux:linux_kernel cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:4.4 Aggressive OS guesses: Linux 2.6.38 (89%), IBM InfoPrint 1754 printer (89%), Actiontec MI424WR-GEN3I WAP (86%), DD-WRT v24-sp2 (Linux 2.4.37) (86%), Linux 3.2 (86%), Linux 4.4 (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.161.117 Host is up (0.12s latency). Not shown: 993 filtered ports PORT STATE SERVICE 1039/tcp closed sbl 2161/tcp closed apc-agent 3128/tcp closed squid-http 3878/tcp closed fotogcad 5678/tcp closed rrac 5987/tcp closed wbem-rmi 7002/tcp closed afs3-prserver Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|printer|WAP Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (89%), IBM embedded (89%), Actiontec embedded (86%) OS CPE: cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 cpe:/h:actiontec:mi424wr-gen3i cpe:/o:linux:linux_kernel cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:4.4 Aggressive OS guesses: Linux 2.6.38 (89%), IBM InfoPrint 1754 printer (89%), Actiontec MI424WR-GEN3I WAP (86%), DD-WRT v24-sp2 (Linux 2.4.37) (86%), Linux 3.2 (86%), Linux 4.4 (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for 85.142.161.125 Host is up (0.00035s latency). Not shown: 999 filtered ports PORT STATE SERVICE 1080/tcp closed socks Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|general purpose|printer Running (JUST GUESSING): Lancom LCOS 8.X (90%), Linux 2.6.X (87%), IBM embedded (86%) OS CPE: cpe:/o:lancom:lcos:8.00 cpe:/o:linux:linux_kernel:2.6.38 cpe:/h:ibm:infoprint_1754 Aggressive OS guesses: Lancom LCOS 8.00 (90%), Linux 2.6.38 (87%), IBM InfoPrint 1754 printer (86%) No exact OS matches for host (test conditions non-ideal). Nmap scan report for Campus-D-4-FE-0-0-115.mirea.ru (85.142.161.225) Host is up (0.00040s latency). All 1000 scanned ports on Campus-D-4-FE-0-0-115.mirea.ru (85.142.161.225) are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port OS details: Actiontec MI424WR-GEN3I WAP, DD-WRT v24-sp2 (Linux 2.4.37), Linux 3.2, Linux 4.4, Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012, VMware Player virtual NAT device Nmap scan report for remote.svan.ru (85.142.161.226) Host is up (0.00033s latency). All 1000 scanned ports on remote.svan.ru (85.142.161.226) are filtered Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port OS details: Actiontec MI424WR-GEN3I WAP, DD-WRT v24-sp2 (Linux 2.4.37), Linux 3.2, Linux 4.4, Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012, VMware Player virtual NAT device ## Выполним сканирование с помощью Nessus ![Screenshdot 2024-03-12 212131](https://hackmd.io/_uploads/HyQHpM06p.png) ## Исследуем сайт https://ctf.mirea.tech/ ![Screenshot 2024-03-12 225243](https://hackmd.io/_uploads/Sy3hGN0aT.png) ## Вывод Роутрер CISCO PIX 7.0 Сайт подключения к роутеру ![Screenshot2024-03-12 212427](https://hackmd.io/_uploads/HkPx0MApa.png) Домены: Campus-D-4-FE-0-0-115.mirea.ru 85.142.161.225 remote.svan.ru 85.142.161.226 fti-tc.mirea.ru 85.142.160.40 rts-tc.mirea.ru 85.142.160.39 itht-tc.mirea.ru 85.142.160.38 idp-tc.mirea.ru 85.142.160.37 ivzo-tc.mirea.ru 85.142.160.36 iep-tc.mirea.ru 85.142.160.35 test.mirea.ru 85.142.160.1 mirea.tech 85.142.160.226 ptlab.ru 85.142.160.226 mirea.tech 85.142.160.226 www.mirea.tech 85.142.160.226 kb.mirea.tech 85.142.160.226 ctf.mirea.tech 85.142.160.226 Организация: Professional Education "Moscow State Institute of a Radio engineering, Electronics and Automatics" (MIREA) Адрес: Russian Federation, Moscow, Vernadskogo 78, 119454 Сотрудники: Дмитрий Маякошин Телефон: 7 499 6008228 Магомедов Шамиль Гасангусейнович Телефон: +7 499 681-33-56 доб. 6803 E-mail: magomedov_sh@mirea.ru Тягунов Алексей Томашевский Игорь Sergej U Sevryukov Ева Степушина Телефон: 74959874717 E-mail: it-train.ru@miltor.ru Игорь Дешко Телефон: 74959874717 74997399505 E-mail: users_id4172604@miltor.ru Батанов Арсений Олегович 16.09.1997 ТелефонЖ 74996008080 79154775409 E-mail: arseny.batanov@yandex.ru СНИЛС: 18229513678 Адрес: ОЗЕРНАЯ УЛ.Д.25 КВ.73; ОЗЕРНАЯ УЛ. Д.25 КВ.73 Адрес: Малоярославецкий р-й Калужской обл. (откуда/куда) Шумилова д.12 6-я Радиальная д.5к4 Б.Очаковская д.40 Паспорт: 4519353828 4599778171 Гос номер: Р882РТ799 https://vk.com/id18724560 https://instagram.com/arseny_batanov