Pad zum Datenkanal 26: Live-Hacking
=============================



Starting Nmap 6.00 ( http://nmap.org ) at 2013-07-19 15:10 CEST
Nmap scan report for qbi2.headstrong.de (91.143.81.118)
Host is up (0.072s latency).
Not shown: 990 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
111/tcp  open     rpcbind
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
2222/tcp open     EtherNet/IP-1
3306/tcp open     mysql
5222/tcp open     xmpp-client
5269/tcp open     xmpp-server

PORT     STATE SERVICE  VERSION
22/tcp   open  ssh      OpenSSH 6.0p1 Debian 4 (protocol 2.0)
| ssh-hostkey: 1024 73:76:69:d4:c9:ba:3c:1f:79:23:cc:c1:50:66:44:21 (DSA)
|_2048 48:b2:35:16:07:15:87:d9:ed:b5:64:8f:a8:a3:f9:88 (RSAqbi2.headstrong.de)
80/tcp   open  http     Apache httpd 2.2.22 ((Debian))
|_html-title: Site doesn't have a title (text/html).
111/tcp  open  rpcbind?
| rpcinfo:  
| 100000  2,3,4    111/udp  rpcbind  
|_100000  2,3,4    111/tcp  rpcbind  
2222/tcp open  ssh      OpenSSH 5.9p1 Debian 5ubuntu1.1 (protocol 2.0)
| ssh-hostkey: 1024 c4:e8:bb:ad:3c:eb:01:47:07:8f:8d:15:f1:72:04:79 (DSA)
|_2048 00:5b:b0:39:2d:b1:32:ac:06:85:6f:5f:71:63:52:29 (RSA)
3306/tcp open  mysql    MySQL (unauthorized)
5222/tcp open  unknown
5269/tcp open  unknown

• http://91.143.81.118/wordpress/
• http://91.143.81.118/
• 111/tcp  open  rpcbind?
• | rpcinfo:  
• dvwa/
  • Passwort: password
  • http://91.143.81.
  • 111/tcp  open  rpcbind?
  • | rpcinfo:  
  • 118/dvwa/vulnerabilities/fi/?page=/e18tc/passwd