└─$ cat tcp_open_port.nmap
# Nmap 7.93 scan initiated Sat Jul 8 20:19:35 2023 as: nmap --min-rate 10000 -p- -oA tcp_open_port 192.168.62.212
Nmap scan report for 192.168.62.212
Host is up (0.011s latency).
Not shown: 65531 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8000/tcp open http-alt
MAC Address: 00:0C:29:01:73:2E (VMware)

# Nmap done at Sat Jul 8 20:20:03 2023 -- 1 IP address (1 host up) scanned in 28.69 seconds

└─$ cat udp_open_port.nmap 
# Nmap 7.93 scan initiated Sat Jul  8 20:20:03 2023 as: nmap -sU --min-rate 10000 -p- -oA udp_open_port 192.168.62.212
Warning: 192.168.62.212 giving up on port because retransmission cap hit (10).
Nmap scan report for 192.168.62.212
Host is up (0.00058s latency).
Not shown: 65456 open|filtered udp ports (no-response), 78 closed udp ports (port-unreach)
PORT    STATE SERVICE
137/udp open  netbios-ns
MAC Address: 00:0C:29:01:73:2E (VMware)

# Nmap done at Sat Jul  8 20:21:18 2023 -- 1 IP address (1 host up) scanned in 74.48 seconds

Host is up (0.00061s latency).

PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Photographer by v1n1v131r4
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
8000/tcp open http Apache httpd 2.4.18
|_http-title: daisa ahomi
|_http-generator: Koken 0.22.24
|_http-server-header: Apache/2.4.18 (Ubuntu)
MAC Address: 00:0C:29:01:73:2E (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Hosts: PHOTOGRAPHER, example.com

Host script results:
|_clock-skew: mean: 1h19m59s, deviation: 2h18m33s, median: 0s
| smb2-time:
| date: 2023-07-08T12:21:59
|_ start_date: N/A
| smb-os-discovery:
| OS: Windows 6.1 (Samba 4.3.11-Ubuntu)
| Computer name: photographer
| NetBIOS computer name: PHOTOGRAPHER\x00
| Domain name: \x00
| FQDN: photographer
|_ System time: 2023-07-08T08:21:59-04:00
|_nbstat: NetBIOS name: PHOTOGRAPHER, NetBIOS user: <unknown>, NetBIOS MAC: 000000000000 (Xerox)
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 311:
|_ Message signing enabled but not required

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jul 8 20:22:06 2023 -- 1 IP address (1 host up) scanned in 48.50 seconds

└─$ cat vuln_scan.nmap        
# Nmap 7.93 scan initiated Sat Jul  8 20:22:06 2023 as: nmap --script=vuln -p80,139,445,8000, -oA vuln_scan 192.168.62.212
Nmap scan report for 192.168.62.212
Host is up (0.00049s latency).

PORT     STATE SERVICE
80/tcp   open  http
| http-internal-ip-disclosure: 
|_  Internal IP Leaked: 127.0.1.1
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-enum: 
|_  /images/: Potentially interesting directory w/ listing on 'apache/2.4.18 (ubuntu)'
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
8000/tcp open  http-alt
| http-vuln-cve2010-0738: 
|_  /jmx-console/: Authentication was not required
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-enum: 
|   /admin/: Possible admin folder
|   /admin/index.html: Possible admin folder
|   /app/: Potentially interesting folder
|   /content/: Potentially interesting folder
|   /error/: Potentially interesting folder
|   /home/: Potentially interesting folder
|_  /index/: Potentially interesting folder
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
MAC Address: 00:0C:29:01:73:2E (VMware)

Host script results:
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: false
| smb-vuln-regsvc-dos: 
|   VULNERABLE:
|   Service regsvc in Microsoft Windows systems vulnerable to denial of service
|     State: VULNERABLE
|       The service regsvc in Microsoft Windows 2000 systems is vulnerable to denial of service caused by a null deference
|       pointer. This script will crash the service if it is vulnerable. This vulnerability was discovered by Ron Bowes
|       while working on smb-enum-sessions.
|_          

# Nmap done at Sat Jul  8 20:27:31 2023 -- 1 IP address (1 host up) scanned in 324.46 seconds
                                                                                                                  

└─$ smbclient -L 192.168.62.212
Password for [WORKGROUP\kali]:

Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
sambashare Disk Samba on Ubuntu
IPC$ IPC IPC Service (photographer server (Samba, Ubuntu))
Reconnecting with SMB1 for workgroup listing.

Server Comment
--------- -------

Workgroup Master
--------- -------
WORKGROUP PHOTOGRAPHER

└─$ smbclient -N \\\\192.168.62.212\\sambashare
Try "help" to get a list of possible commands.
smb: \> prompt
smb: \> ls
. D 0 Tue Jul 21 09:30:07 2020
.. D 0 Tue Jul 21 17:44:25 2020
mailsent.txt N 503 Tue Jul 21 09:29:40 2020
wordpress.bkp.zip N 13930308 Tue Jul 21 09:22:23 2020

278627392 blocks of size 1024. 264268400 blocks available
smb: \> get mailsent.txt
getting file \mailsent.txt of size 503 as mailsent.txt (22.3 KiloBytes/sec) (average 22.3 KiloBytes/sec)
smb: \> get wordpress.bkp.zip
getting file \wordpress.bkp.zip of size 13930308 as wordpress.bkp.zip (24644.6 KiloBytes/sec) (average 23700.9 KiloBytes/sec)
smb: \>