Initial nmap scan to find open ports , using the flag "treat all hosts as alive" (-Pn)
Detailed Nmap Scan :
Command Breakdown:
(-sV): Service version
(-sC): Default nmap scripts
(-p): Specifying ports 22,111,135,139,443,445,593
(-oN nmap): Saving it into a file called nmap
Lets visit the page on the https port 443
I did not see anything interesting here or in the source code, so I went to google to look for exploits on HeartBleed. I found this exploitarrow-up-right.
HeartBleed
Lets download the exploit and rename it to exploit.py. Also make the exploit script a executable
exploit.py
Now lets run the exploit on port 443
We have the flag in the output.
Last updated 4 years ago
nmap -Pn 34.253.197.133
nmap -sV -sC -p 22,111,135,139,443,445,593 -oN nmap 34.253.197.133
