| request |

Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-28 10:25 PDT Nmap scan report for 192.168.230.2 Host is up (0.0012s latency). Not shown: 995 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.9 (protocol 2.0) | ssh-hostkey: | 256 19:eb:fd:8b:1b:b4:3a:fc:08:1e:2c:3d:81:5c:c5:5c (ECDSA) |_ 256 32:74:1a:50:1a:1f:b9:17:24:5c:26:c6:38:a4:45:28 (ED25519) 53/tcp open domain dnsmasq 2.90 | dns-nsid: |_ bind.version: dnsmasq-2.90 443/tcp open ssl/http mini_httpd 1.30 26Oct2018 |_ssl-date: TLS randomness does not represent time |_http-title: Site doesn't have a title (text/html; charset=UTF-8). |_http-server-header: mini_httpd/1.30 26Oct2018 | ssl-cert: Subject: commonName=bologna | Not valid before: 2024-10-01T03:49:11 |_Not valid after: 2034-09-29T03:49:11 3128/tcp open http-proxy Squid http proxy 6.12 | http-open-proxy: Potentially OPEN proxy. |_Methods supported: GET HEAD |_http-server-header: squid/6.12 |_http-title: ERROR: The requested URL could not be retrieved 8080/tcp open http ShellInABox |_http-title: Shell In A Box No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.94SVN%E=4%D=3/28%OT=22%CT=1%CU=39727%PV=Y%DS=3%DC=T%G=Y%TM=67E6 OS:DC90%P=x86_64-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=107%TI=Z%CI=Z%II=I%TS=A) OS:OPS(O1=M564ST11NW7%O2=M564ST11NW7%O3=M564NNT11NW7%O4=M564ST11NW7%O5=M564 OS:ST11NW7%O6=M564ST11)WIN(W1=FB28%W2=FB28%W3=FB28%W4=FB28%W5=FB28%W6=FB28) OS:ECN(R=Y%DF=Y%T=41%W=FD5C%O=M564NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=41%S=O%A=S+% OS:F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T OS:5(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A= OS:Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF OS:=N%T=41%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=41 OS:%CD=S) Network Distance: 3 hops TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS - Hops 1-2 are the same as for 192.168.230.30 3 1.42 ms 192.168.230.2 Nmap scan report for 192.168.230.5 Host is up (0.0015s latency). Not shown: 981 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-syst: |_ SYST: Windows_NT | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 02-09-25 07:17PM 7340 adm-pfx.zip | 02-09-25 07:31PM 2986 cpmichael.pfx | 09-30-24 09:18PM custerr | 12-04-24 09:52PM ftproot | 03-09-25 02:40PM history | 10-08-24 08:08PM logs | 09-30-24 09:19PM temp | 02-06-25 11:02PM web_resources |_02-03-25 10:00PM wwwroot 22/tcp open ssh (protocol 2.0) | fingerprint-strings: | NULL: |_ SSH-2.0-OpenSSH_for_Windows_9.8 Win32-OpenSSH-GitHub 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-title: Steve's Crazy Pizza 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-03-28 17:25:59Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: pizza.loco, Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=CRAZY.pizza.loco | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:CRAZY.pizza.loco | Not valid before: 2024-10-09T03:01:27 |_Not valid after: 2025-10-09T03:01:27 |_ssl-date: 2025-03-28T17:29:39+00:00; -4s from scanner time. 443/tcp open ssl/http Microsoft IIS httpd 10.0 |_ssl-date: 2025-03-28T17:29:39+00:00; -5s from scanner time. |_http-title: Steve's Crazy Pizza | http-methods: |_ Potentially risky methods: TRACE | tls-alpn: | h2 |_ http/1.1 |_http-server-header: Microsoft-IIS/10.0 | ssl-cert: Subject: commonName=pizza-CRAZY-CA | Not valid before: 2024-10-09T02:56:25 |_Not valid after: 2029-10-09T03:06:24 445/tcp open microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: PIZZA) 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: pizza.loco, Site: Default-First-Site-Name) |_ssl-date: 2025-03-28T17:29:39+00:00; -4s from scanner time. | ssl-cert: Subject: commonName=CRAZY.pizza.loco | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:CRAZY.pizza.loco | Not valid before: 2024-10-09T03:01:27 |_Not valid after: 2025-10-09T03:01:27 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: pizza.loco, Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=CRAZY.pizza.loco | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:CRAZY.pizza.loco | Not valid before: 2024-10-09T03:01:27 |_Not valid after: 2025-10-09T03:01:27 |_ssl-date: 2025-03-28T17:29:39+00:00; -5s from scanner time. 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: pizza.loco, Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=CRAZY.pizza.loco | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:CRAZY.pizza.loco | Not valid before: 2024-10-09T03:01:27 |_Not valid after: 2025-10-09T03:01:27 |_ssl-date: 2025-03-28T17:29:39+00:00; -4s from scanner time. 3306/tcp open mysql MariaDB (unauthorized) 3389/tcp open ms-wbt-server Microsoft Terminal Services | rdp-ntlm-info: | Target_Name: PIZZA | NetBIOS_Domain_Name: PIZZA | NetBIOS_Computer_Name: CRAZY | DNS_Domain_Name: pizza.loco | DNS_Computer_Name: CRAZY.pizza.loco | DNS_Tree_Name: pizza.loco | Product_Version: 10.0.14393 |_ System_Time: 2025-03-28T17:28:51+00:00 |_ssl-date: 2025-03-28T17:29:39+00:00; -5s from scanner time. | ssl-cert: Subject: commonName=CRAZY.pizza.loco | Not valid before: 2025-02-28T07:00:47 |_Not valid after: 2025-08-30T07:00:47 8080/tcp open http Apache httpd 2.4.23 ((Win32) OpenSSL/1.0.2h PHP/5.5.38) |_http-server-header: Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.5.38 |_http-open-proxy: Proxy might be redirecting requests |_http-title: Pizza Loco Marriage Registration System :: Home Page 8443/tcp open http Apache httpd 2.4.23 ((Win32) OpenSSL/1.0.2h PHP/5.5.38) |_http-server-header: Apache/2.4.23 (Win32) OpenSSL/1.0.2h PHP/5.5.38 |_http-title: Pizza Loco Marriage Registration System :: Home Page 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port22-TCP:V=7.94SVN%I=7%D=3/28%Time=67E6DBAB%P=x86_64-pc-linux-gnu%r(N SF:ULL,36,"SSH-2\.0-OpenSSH_for_Windows_9\.8\x20Win32-OpenSSH-GitHub\r\n"); Device type: general purpose Running: Microsoft Windows 2016 OS CPE: cpe:/o:microsoft:windows_server_2016 OS details: Microsoft Windows Server 2016 build 10586 - 14393 Network Distance: 4 hops Service Info: Host: CRAZY; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb-os-discovery: | OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3) | Computer name: CRAZY | NetBIOS computer name: CRAZY\x00 | Domain name: pizza.loco | Forest name: pizza.loco | FQDN: CRAZY.pizza.loco |_ System time: 2025-03-28T10:28:52-07:00 | smb2-time: | date: 2025-03-28T17:29:08 |_ start_date: 2025-03-28T03:58:09 |_clock-skew: mean: 41m55s, deviation: 2h12m49s, median: -5s | smb-security-mode: | account_used: | authentication_level: user | challenge_response: supported |_ message_signing: required | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required TRACEROUTE (using port 23/tcp) HOP RTT ADDRESS - Hops 1-3 are the same as for 192.168.230.30 4 1.88 ms 192.168.230.5 Nmap scan report for 192.168.230.30 Host is up (0.0015s latency). Not shown: 991 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.5 | ftp-syst: | STAT: | FTP server status: | Connected to 192.168.220.21 | Logged in as ftp | TYPE: ASCII | No session bandwidth limit | Session timeout in seconds is 300 | Control connection is plain text | Data connections will be plain text | At session startup, client count was 2 | vsFTPd 3.0.5 - secure, fast, stable |_End of status | ftp-anon: Anonymous FTP login allowed (FTP code 230) | dr-xr-xr-x 2 0 0 6 May 16 2022 afs | lrwxrwxrwx 1 0 0 7 May 16 2022 bin -> usr/bin | dr-xr-xr-x 5 0 0 4096 Nov 03 03:46 boot | drwxr-xr-x 5 0 0 175 Jan 31 23:48 data | drwxr-xr-x 19 0 0 3320 Mar 28 03:59 dev | drwxr-xr-x 143 0 0 8192 Mar 28 03:59 etc | drwxr-xr-x 248 0 0 8192 Mar 28 15:48 home | lrwxrwxrwx 1 0 0 7 May 16 2022 lib -> usr/lib | lrwxrwxrwx 1 0 0 9 May 16 2022 lib64 -> usr/lib64 | drwxr-xr-x 2 0 0 6 May 16 2022 media | drwxr-xr-x 3 0 0 19 Oct 22 20:49 mnt | drwx------ 3 977 975 78 Feb 03 07:12 nonexistent | drwxr-xr-x 2 0 0 6 May 16 2022 opt | dr-xr-xr-x 301 0 0 0 Mar 28 03:59 proc | dr-xr-x--- 18 0 0 4096 Mar 14 00:40 root | drwxr-xr-x 46 0 0 1360 Mar 28 17:19 run | lrwxrwxrwx 1 0 0 8 May 16 2022 sbin -> usr/sbin | drwxr-xr-x 2 0 0 6 May 16 2022 srv | dr-xr-xr-x 13 0 0 0 Mar 28 03:59 sys | drwxrwxrwt 16 0 0 4096 Mar 28 17:25 tmp [NSE: writeable] |_Only 20 shown. Use --script-args ftp-anon.maxlist=-1 to see all. 22/tcp open ssh OpenSSH 8.7 (protocol 2.0) | ssh-hostkey: | 256 37:88:fb:d7:af:5d:6d:4f:b2:91:b9:70:98:cd:df:cf (ECDSA) |_ 256 a8:8c:4e:cd:de:0a:d3:df:8e:26:d9:83:dc:65:7d:7a (ED25519) 80/tcp open http nginx 1.20.1 | http-git: | 192.168.230.30:80/.git/ | Git repository found! | Repository description: Unnamed repository; edit this file 'description' to name the... | Remotes: |_ git@oven.pizza.loco:CrazyPizza/PizzaShop.git |_http-server-header: nginx/1.20.1 |_http-title: Steve's Crazy Pizza Parlor 111/tcp open rpcbind 2-4 (RPC #100000) | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/udp rpcbind | 100000 3,4 111/tcp6 rpcbind |_ 100000 3,4 111/udp6 rpcbind 3306/tcp open mysql MySQL 8.0.36 | mysql-info: | Protocol: 10 | Version: 8.0.36 | Thread ID: 2736 | Capabilities flags: 65535 | Some Capabilities: Support41Auth, LongPassword, Speaks41ProtocolOld, ConnectWithDatabase, InteractiveClient, SupportsTransactions, SupportsLoadDataLocal, DontAllowDatabaseTableColumn, IgnoreSigpipes, IgnoreSpaceBeforeParenthesis, FoundRows, SupportsCompression, LongColumnFlag, SwitchToSSLAfterHandshake, Speaks41ProtocolNew, ODBCClient, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults | Status: Autocommit | Salt: \x1D;\x0F\x7FX24H|ytpVwBU\x0CO\x1D/ |_ Auth Plugin Name: caching_sha2_password |_ssl-date: TLS randomness does not represent time | ssl-cert: Subject: commonName=MySQL_Server_8.0.36_Auto_Generated_Server_Certificate | Not valid before: 2024-11-03T05:03:03 |_Not valid after: 2034-11-01T05:03:03 9000/tcp open cslistener? 9009/tcp open rtsp |_rtsp-methods: ERROR: Script execution failed (use -d to debug) | fingerprint-strings: | FourOhFourRequest: | HTTP/1.0 404 Not Found | Date: Fri, 28 Mar 2025 17:26:09 GMT | Connection: Close | There is no handle /nice%20ports%2C/Tri%6Eity.txt%2ebak | /ping for health checks. | /replicas_status for more sophisticated health checks. | Send queries from your program with POST method or GET /?query=... | clickhouse-client: | interactive data analysis: | clickhouse-client | batch query processing: | clickhouse-client --query='SELECT 1' > result | clickhouse-client < query > result | GetRequest: | HTTP/1.0 200 OK | Date: Fri, 28 Mar 2025 17:26:09 GMT | Connection: Close | Content-Type: text/html; charset=UTF-8 | X-ClickHouse-Summary: {"elapsed_ns":"1041892"} | HTTPOptions: | HTTP/1.0 500 Internal Server Error | Date: Fri, 28 Mar 2025 17:26:09 GMT | Connection: Close | X-ClickHouse-Exception-Code: 1000 | X-ClickHouse-Summary: {"elapsed_ns":"1575968"} | Poco::Exception. Code: 1000, e.code() = 0, Not found: endpoint (version 25.1.2.3 (official build)) | RTSPRequest: | RTSP/1.0 500 Internal Server Error | Date: Fri, 28 Mar 2025 17:26:09 GMT | Connection: Close | X-ClickHouse-Exception-Code: 1000 | X-ClickHouse-Summary: {"elapsed_ns":"226545"} | Poco::Exception. Code: 1000, e.code() = 0, Not found: endpoint (version 25.1.2.3 (official build)) | SIPOptions: | SIP/2.0 500 Internal Server Error | Date: Fri, 28 Mar 2025 17:26:09 GMT | Connection: Close | X-ClickHouse-Exception-Code: 1000 | X-ClickHouse-Summary: {"elapsed_ns":"189963"} |_ Poco::Exception. Code: 1000, e.code() = 0, Not found: endpoint (version 25.1.2.3 (official build)) 9090/tcp open ssl/zeus-admin? |_ssl-date: TLS randomness does not represent time | fingerprint-strings: | GetRequest, HTTPOptions: | HTTP/1.1 400 Bad request | Content-Type: text/html; charset=utf8 | Transfer-Encoding: chunked | X-DNS-Prefetch-Control: off | Referrer-Policy: no-referrer | X-Content-Type-Options: nosniff | Cross-Origin-Resource-Policy: same-origin | X-Frame-Options: sameorigin | | | | | request | | | |