Tag fram denna anvisning på mobilen, om du inte har den i pappersformat
https://wiki.cnap.hv.se/en/gymnasielab2
Idag kommer du att olagligt komma åt högskolan nätverk (Internet) och leta efter fysiska lösenordslappar
Via portscanning hitta nätverkets dokumention med servrarnas adresser & nätadresser
Hitta en windows och försök logga in med något random lösenord
Googla de 5 vanligaste lösenorden i Sverige; vilka är de? _______________________
Prova att logga in med dem
Finns det ett lösenord under tangentbordet, bakom skärmen, på tavlan, ...
Prova att logga in med dem
Starta en kommandotolk och prova om "Internet" fungerar med kommandot ping 8.8.8.8
Ställ in datorns nätverkskort på DHCP - Automatisk Adress
Leta reda på (låna) två nätverkskablar
Koppla in datorns nätverkskort mot ett uttag i väggen. Har du "Internet" nu
Lär dig uttagets beteckning utantill och gå till glasburen
Koppla in en kabel mellan motsvarande uttag där och TopOfRack switchen
Stanna kvar och kolla att lampan under uttaget blir grön (Link & Activity)
Gå tillbaka till datorn och verifiera att du har Internet genom att surfa till din favorithemsida
Lärdom: Fysisk säkerhet
Du har nu lärt dig
x-- vikten att inte skriva lösenord på lappar (kolla i kassan när du handlar nästa gång)
x-- vikten av att skydda fysiska nätverksuttag med lösenord, t.ex. med tekniker som https://en.wikipedia.org/wiki/IEEE_802.1X , EAP och Radius
Ladda ner zenmap - ett portscanningsverktyg för windows
Alla (web)servrar har ett IP-nummer och alla tjänster på en server har port-nummer.
Information: Cisco-nätet CNAP har IP-adresserna (näten):
193.10.203.0/24
193.10.236.0/25
192.168.16/22
Skanna, så fort som möjligt, efter alla servrar som har en web-tjänst igång med zenmap
Använd Google och AI-verktyg för att hitta ett snabb & smart zenmap-kommando för just detta
Tips: Det är tråkigt att inte se vad som händer; Add Verbosity: Use the -v or -vv flag in your command line field. This causes Nmap to print "periodic completion time estimates" and report open ports as soon as they are found, rather than waiting until the end.
Vilken av dessa web-servrar är en wiki med en massa info? _________________________________________
Andra betydande sök-plattformar är Censys, Netlas & RunZero men den mest kända är Shodan
Skapa eget konto på Shodan: https://www.shodan.io/
Vilka Cisco ASA brandväggar saknar lösenord i världen... ??
PATRIK: kör dessa i zenmap
nmap -sV -v -v --script vuln wiki.cnap.hv.se
Läs nätverksdokumentationen och lista ut vilket delnät (subnet) som innehåller huvudservrarna
(Hint: Kan själva wiki-sidan ge dig en ledtråd?)
Skanna snabbt igenom server-nätet för att se vilka servrar som svarar på PING och vilka PORTAR som de har öppna
Välj ut en enda server och anteckna addressen (IP-nummer som inte slutar på .0)
Skanna långsamt en AGGRESIV scan och se om du kan se vilket operativsystem (OS) serverna har, och andra intressanta saker...
Var det tråkigt? gå tillbaka till punkt 3 och välj en annan server
Googla vad "CVE-ID" är ? ________________________
Vad är Riskvärde (CVSS) ? _________________________
penetration test (pen-testing): Kör vuln i zenmap och se om du hittar några CVE-ID och CVSS för den servern?
Kör AI och fråga vad skillnaden mellan vul och vulners är i zenmap
Kör vulners och jämför output med den tidigare vuln (spara i notepad!)
Följ eventuella länkar via vuln till Webbplatser med mer information om hur du åtgärdar felet.
Vilken länk hittade du?
Teoretiskt (lagbrott om du provar!): Vilken CVE attack skulle du välja för att hacka just den servern?
If you are running a newer Windows version, you can also run the built in ssh client in Windows. Start a command window ( by typing cmd in the command search ), and run the command "ssh ehp600.cnap.hv.se -l username"
If you are running MacOS, you can run the same command as above.
WHOIS
Whois is a kind of database where you can find some, but not all, information about registered IP addresses, AS numbers and other network information.
You can use the "whois" command line utility to query the database, or you can use one of a large number of web pages that can query it.
https://apps.db.ripe.net/db-web-ui/query
Use a whois query to find out some of University Wests IP address ranges. You probably have to start with one of our IP addresses, we do not own the addresses, they are owned by our operator Sunet, so you will not find them by looking for our name.
You can also try to do the command:
whois 193.10.199.75
on the ehp600 server
Before you start scanning with nmap in the next part, please check with someone else that you have found the correct IP range, so we don't scan any external ranges and make someone upset.
Here you can also find a list of our network ranges: IP addresses . Do not use that until you have found at least some range
NMAP
Nmap is one of the most common and versatile port scanners on the market. It is opensource, and works in most systems. Nmap is normally a command line utility, but there are several graphical front ends to it.
It is well documented, here is a good link to look at:
https://nmap.org/book/toc.html
Use nmap from the ehp600 server you logged in to above, to do the following scans
Do a ping scanning of one of HV-s network ranges ( "nmap -sn" is the suggested command here )
Do a standard port scan of the range 193.10.203.0/27 ( "nmap -v 193.10.203.0/27" )
Do an OS detection on some hosts, wiki.cnap.hv.se, dns.lab.hv.se ( "nmap -v -A" can be used without being root )
"nmap" in the lab server is set up to be able to run everything without being root, but you have to tell it to do so. Use the flag "--privileged" to do that.
nmap --privileged -sS wiki.cnap.hv.se
If you have the possibility, that is if you have nmap installed on your own computer, try to do the same scans from outside the HV network. For example from home or over a phone connection. Do you see any differences?
Shodan
Shodan is a kind of a search engine for more network and security related searches. It is very useful for security researchers.
To be able to use Shodan, you will need to register a free account with them. The free account is limited in how many results you will see, and how many searches you can do per day ( very limited ).
Here are some tutorials and introductions to lead you on your way:
https://danielmiessler.com/blog/shodan
https://www.shodan.io/search/examples
https://osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/
Use Shodan to try to find:
Are there any web pages using older TLS versions in HV net range?
ssl.version:tlsv1 net:"193.10.192.0/20"
Can you find any open "telnet" ( port 23 ) ports in Sweden
Censys.io
Another useful search engine for a security researcher is censys.io, https://search.censys.io/
Lookup for example hv.se in the Censys search function.
Like Shodan, Censys is very limited in what you can do if you don not login, and possibly get a subscription, but you can get a sense for what it can do.
Wapiti
Wapiti is a web application security scanner
https://wapiti-scanner.github.io/
Wapiti sometimes takes a very long time to run, for me it took several hours when I tested it. Look at the scanning result for that machine at this file.
www2.vastbodal.se_01312023_1526.html Download www2.vastbodal.se_01312023_1526.html
Wapiti is installed in our ehp600 server, you can run it directly. Try to run Wapiti against one of our machines, wiki.cnap.hv.se, that goes reasonably fast.
Try the following command:
wapiti -u https://wiki.cnap.hv.se -v1 --format txt
The result will be a text file in your home directory. You can use any text reading utility to read it, like "less" or "more".
YouTube: https://www.youtube.com/watch?v=io4Z1BF02Nk Wapiti: Powerful and Automated Web Vulnerability Scanner (9min 38sec)
Mutillidae: https://owasp.org/www-project-mutillidae-ii/
=============================
** nmap -sV -v -v --script vuln wiki.cnap.hv.se **
Starting Nmap 7.98 ( https://nmap.org ) at 2026-01-23 11:49 +0100
NSE: Loaded 152 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 11:49
Completed NSE at 11:49, 10.70s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 11:49
Completed NSE at 11:49, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 11:49
Completed Parallel DNS resolution of 1 host. at 11:49, 0.50s elapsed
Initiating Ping Scan at 11:49
Scanning wiki.cnap.hv.se (193.10.203.20) [4 ports]
Completed Ping Scan at 11:49, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:49
Completed Parallel DNS resolution of 1 host. at 11:49, 0.51s elapsed
Initiating SYN Stealth Scan at 11:49
Scanning wiki.cnap.hv.se (193.10.203.20) [1000 ports]
Discovered open port 22/tcp on 193.10.203.20
Discovered open port 80/tcp on 193.10.203.20
Discovered open port 443/tcp on 193.10.203.20
Discovered open port 2000/tcp on 193.10.203.20
Discovered open port 8000/tcp on 193.10.203.20
Discovered open port 9000/tcp on 193.10.203.20
Discovered open port 5060/tcp on 193.10.203.20
Discovered open port 3001/tcp on 193.10.203.20
Completed SYN Stealth Scan at 11:49, 1.26s elapsed (1000 total ports)
Initiating Service scan at 11:49
Scanning 8 services on wiki.cnap.hv.se (193.10.203.20)
Completed Service scan at 11:49, 12.10s elapsed (8 services on 1 host)
NSE: Script scanning 193.10.203.20.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 11:49
NSE Timing: About 98.86% done; ETC: 11:50 (0:00:00 remaining)
NSE Timing: About 99.14% done; ETC: 11:50 (0:00:01 remaining)
NSE Timing: About 99.90% done; ETC: 11:51 (0:00:00 remaining)
Completed NSE at 11:51, 119.52s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 11:51
Completed NSE at 11:51, 6.08s elapsed
Nmap scan report for wiki.cnap.hv.se (193.10.203.20)
Host is up, received echo-reply ttl 61 (0.00071s latency).
Scanned at 2026-01-23 11:49:18 W. Europe Standard Time for 139s
Not shown: 990 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 61 OpenSSH 8.4p1 Debian 5+deb11u5 (protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:8.4p1:
| PACKETSTORM:173661 9.8 https://vulners.com/packetstorm/PACKETSTORM:173661 EXPLOIT
| F0979183-AE88-53B4-86CF-3AF0523F3807 9.8 https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 EXPLOIT
| CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408
| B8190CDB-3EB9-5631-9828-8064A1575B23 9.8 https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 EXPLOIT
| 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 9.8 https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 EXPLOIT
| 8AD01159-548E-546E-AA87-2DE89F3927EC 9.8 https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC EXPLOIT
| 2227729D-6700-5C8F-8930-1EEAFD4B9FF0 9.8 https://vulners.com/githubexploit/2227729D-6700-5C8F-8930-1EEAFD4B9FF0 EXPLOIT
| 0221525F-07F5-5790-912D-F4B9E2D1B587 9.8 https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587 EXPLOIT
| BA3887BD-F579-53B1-A4A4-FF49E953E1C0 8.1 https://vulners.com/githubexploit/BA3887BD-F579-53B1-A4A4-FF49E953E1C0 EXPLOIT
| 4FB01B00-F993-5CAF-BD57-D7E290D10C1F 8.1 https://vulners.com/githubexploit/4FB01B00-F993-5CAF-BD57-D7E290D10C1F EXPLOIT
| 991D2CC4-0E09-5745-97A2-4917461BD6EC 7.8 https://vulners.com/githubexploit/991D2CC4-0E09-5745-97A2-4917461BD6EC EXPLOIT
| SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 EXPLOIT
| 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 EXPLOIT
| CVE-2021-28041 7.1 https://vulners.com/cve/CVE-2021-28041
| CVE-2021-41617 7.0 https://vulners.com/cve/CVE-2021-41617
| 284B94FC-FD5D-5C47-90EA-47900DAD1D1E 7.0 https://vulners.com/githubexploit/284B94FC-FD5D-5C47-90EA-47900DAD1D1E EXPLOIT
| PACKETSTORM:189283 6.8 https://vulners.com/packetstorm/PACKETSTORM:189283 EXPLOIT
| CVE-2025-26465 6.8 https://vulners.com/cve/CVE-2025-26465
| 9D8432B9-49EC-5F45-BB96-329B1F2B2254 6.8 https://vulners.com/githubexploit/9D8432B9-49EC-5F45-BB96-329B1F2B2254 EXPLOIT
| 85FCDCC6-9A03-597E-AB4F-FA4DAC04F8D0 6.8 https://vulners.com/githubexploit/85FCDCC6-9A03-597E-AB4F-FA4DAC04F8D0 EXPLOIT
| 1337DAY-ID-39918 6.8 https://vulners.com/zdt/1337DAY-ID-39918 EXPLOIT
| D104D2BF-ED22-588B-A9B2-3CCC562FE8C0 6.5 https://vulners.com/githubexploit/D104D2BF-ED22-588B-A9B2-3CCC562FE8C0 EXPLOIT
| CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385
| C07ADB46-24B8-57B7-B375-9C761F4750A2 6.5 https://vulners.com/githubexploit/C07ADB46-24B8-57B7-B375-9C761F4750A2 EXPLOIT
| A88CDD3E-67CC-51CC-97FB-AB0CACB6B08C 6.5 https://vulners.com/githubexploit/A88CDD3E-67CC-51CC-97FB-AB0CACB6B08C EXPLOIT
| 65B15AA1-2A8D-53C1-9499-69EBA3619F1C 6.5 https://vulners.com/githubexploit/65B15AA1-2A8D-53C1-9499-69EBA3619F1C EXPLOIT
| 5325A9D6-132B-590C-BDEF-0CB105252732 6.5 https://vulners.com/gitee/5325A9D6-132B-590C-BDEF-0CB105252732 EXPLOIT
| 530326CF-6AB3-5643-AA16-73DC8CB44742 6.5 https://vulners.com/githubexploit/530326CF-6AB3-5643-AA16-73DC8CB44742 EXPLOIT
| CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795
| CVE-2020-14145 5.9 https://vulners.com/cve/CVE-2020-14145
| CNVD-2021-25272 5.9 https://vulners.com/cnvd/CNVD-2021-25272
| 6D74A425-60A7-557A-B469-1DD96A2D8FF8 5.9 https://vulners.com/githubexploit/6D74A425-60A7-557A-B469-1DD96A2D8FF8 EXPLOIT
| CVE-2016-20012 5.3 https://vulners.com/cve/CVE-2016-20012
| CVE-2025-32728 4.3 https://vulners.com/cve/CVE-2025-32728
| CVE-2021-36368 3.7 https://vulners.com/cve/CVE-2021-36368
| CVE-2025-61985 3.6 https://vulners.com/cve/CVE-2025-61985
| CVE-2025-61984 3.6 https://vulners.com/cve/CVE-2025-61984
| B7EACB4F-A5CF-5C5A-809F-E03CCE2AB150 3.6 https://vulners.com/githubexploit/B7EACB4F-A5CF-5C5A-809F-E03CCE2AB150 EXPLOIT
| 4C6E2182-0E99-5626-83F6-1646DD648C57 3.6 https://vulners.com/githubexploit/4C6E2182-0E99-5626-83F6-1646DD648C57 EXPLOIT
|_ PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261 EXPLOIT
23/tcp filtered telnet no-response
80/tcp open http syn-ack ttl 60 nginx
|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
443/tcp open ssl/http syn-ack ttl 60 nginx
|http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
| http-enum:
| /home.html: Possible admin folder
| /robots.txt: Robots file
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-jsonp-detection: Couldn't find any JSONP endpoints.
|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
445/tcp filtered microsoft-ds no-response
2000/tcp open tcpwrapped syn-ack ttl 63
3001/tcp open nessus? syn-ack ttl 60
......
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 11:51
Completed NSE at 11:51, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 11:51
Completed NSE at 11:51, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 153.13 seconds
Raw packets sent: 1006 (44.240KB) | Rcvd: 1004 (40.200KB)
==========
** nmap -sV -v -v --script vulners wiki.cnap.hv.se**
Starting Nmap 7.98 ( https://nmap.org ) at 2026-01-23 11:57 +0100
NSE: Loaded 49 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 11:57
Completed NSE at 11:57, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 11:57
Completed NSE at 11:57, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 11:57
Completed Parallel DNS resolution of 1 host. at 11:57, 0.51s elapsed
Initiating Ping Scan at 11:57
Scanning wiki.cnap.hv.se (193.10.203.20) [4 ports]
Completed Ping Scan at 11:57, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:57
Completed Parallel DNS resolution of 1 host. at 11:57, 0.51s elapsed
Initiating SYN Stealth Scan at 11:57
Scanning wiki.cnap.hv.se (193.10.203.20) [1000 ports]
Discovered open port 443/tcp on 193.10.203.20
Discovered open port 22/tcp on 193.10.203.20
Discovered open port 80/tcp on 193.10.203.20
Discovered open port 5060/tcp on 193.10.203.20
Discovered open port 3001/tcp on 193.10.203.20
Discovered open port 9000/tcp on 193.10.203.20
Discovered open port 2000/tcp on 193.10.203.20
Discovered open port 8000/tcp on 193.10.203.20
Completed SYN Stealth Scan at 11:57, 1.25s elapsed (1000 total ports)
Initiating Service scan at 11:57
Scanning 8 services on wiki.cnap.hv.se (193.10.203.20)
Completed Service scan at 11:57, 12.10s elapsed (8 services on 1 host)
NSE: Script scanning 193.10.203.20.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 11:57
Completed NSE at 11:57, 1.28s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 11:57
Completed NSE at 11:57, 0.10s elapsed
Nmap scan report for wiki.cnap.hv.se (193.10.203.20)
Host is up, received echo-reply ttl 61 (0.00093s latency).
Scanned at 2026-01-23 11:57:17 W. Europe Standard Time for 14s
Not shown: 990 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 61 OpenSSH 8.4p1 Debian 5+deb11u5 (protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:8.4p1:
| PACKETSTORM:173661 9.8 https://vulners.com/packetstorm/PACKETSTORM:173661 EXPLOIT
| F0979183-AE88-53B4-86CF-3AF0523F3807 9.8 https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 EXPLOIT
| CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408
| B8190CDB-3EB9-5631-9828-8064A1575B23 9.8 https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 EXPLOIT
| 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 9.8 https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 EXPLOIT
| 8AD01159-548E-546E-AA87-2DE89F3927EC 9.8 https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC EXPLOIT
| 2227729D-6700-5C8F-8930-1EEAFD4B9FF0 9.8 https://vulners.com/githubexploit/2227729D-6700-5C8F-8930-1EEAFD4B9FF0 EXPLOIT
| 0221525F-07F5-5790-912D-F4B9E2D1B587 9.8 https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587 EXPLOIT
| BA3887BD-F579-53B1-A4A4-FF49E953E1C0 8.1 https://vulners.com/githubexploit/BA3887BD-F579-53B1-A4A4-FF49E953E1C0 EXPLOIT
| 4FB01B00-F993-5CAF-BD57-D7E290D10C1F 8.1 https://vulners.com/githubexploit/4FB01B00-F993-5CAF-BD57-D7E290D10C1F EXPLOIT
| 991D2CC4-0E09-5745-97A2-4917461BD6EC 7.8 https://vulners.com/githubexploit/991D2CC4-0E09-5745-97A2-4917461BD6EC EXPLOIT
| SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 EXPLOIT
| 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 EXPLOIT
| CVE-2021-28041 7.1 https://vulners.com/cve/CVE-2021-28041
| CVE-2021-41617 7.0 https://vulners.com/cve/CVE-2021-41617
| 284B94FC-FD5D-5C47-90EA-47900DAD1D1E 7.0 https://vulners.com/githubexploit/284B94FC-FD5D-5C47-90EA-47900DAD1D1E EXPLOIT
| PACKETSTORM:189283 6.8 https://vulners.com/packetstorm/PACKETSTORM:189283 EXPLOIT
| CVE-2025-26465 6.8 https://vulners.com/cve/CVE-2025-26465
| 9D8432B9-49EC-5F45-BB96-329B1F2B2254 6.8 https://vulners.com/githubexploit/9D8432B9-49EC-5F45-BB96-329B1F2B2254 EXPLOIT
| 85FCDCC6-9A03-597E-AB4F-FA4DAC04F8D0 6.8 https://vulners.com/githubexploit/85FCDCC6-9A03-597E-AB4F-FA4DAC04F8D0 EXPLOIT
| 1337DAY-ID-39918 6.8 https://vulners.com/zdt/1337DAY-ID-39918 EXPLOIT
| D104D2BF-ED22-588B-A9B2-3CCC562FE8C0 6.5 https://vulners.com/githubexploit/D104D2BF-ED22-588B-A9B2-3CCC562FE8C0 EXPLOIT
| CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385
| C07ADB46-24B8-57B7-B375-9C761F4750A2 6.5 https://vulners.com/githubexploit/C07ADB46-24B8-57B7-B375-9C761F4750A2 EXPLOIT
| A88CDD3E-67CC-51CC-97FB-AB0CACB6B08C 6.5 https://vulners.com/githubexploit/A88CDD3E-67CC-51CC-97FB-AB0CACB6B08C EXPLOIT
| 65B15AA1-2A8D-53C1-9499-69EBA3619F1C 6.5 https://vulners.com/githubexploit/65B15AA1-2A8D-53C1-9499-69EBA3619F1C EXPLOIT
| 5325A9D6-132B-590C-BDEF-0CB105252732 6.5 https://vulners.com/gitee/5325A9D6-132B-590C-BDEF-0CB105252732 EXPLOIT
| 530326CF-6AB3-5643-AA16-73DC8CB44742 6.5 https://vulners.com/githubexploit/530326CF-6AB3-5643-AA16-73DC8CB44742 EXPLOIT
| CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795
| CVE-2020-14145 5.9 https://vulners.com/cve/CVE-2020-14145
| CNVD-2021-25272 5.9 https://vulners.com/cnvd/CNVD-2021-25272
| 6D74A425-60A7-557A-B469-1DD96A2D8FF8 5.9 https://vulners.com/githubexploit/6D74A425-60A7-557A-B469-1DD96A2D8FF8 EXPLOIT
| CVE-2016-20012 5.3 https://vulners.com/cve/CVE-2016-20012
| CVE-2025-32728 4.3 https://vulners.com/cve/CVE-2025-32728
| CVE-2021-36368 3.7 https://vulners.com/cve/CVE-2021-36368
| CVE-2025-61985 3.6 https://vulners.com/cve/CVE-2025-61985
| CVE-2025-61984 3.6 https://vulners.com/cve/CVE-2025-61984
| B7EACB4F-A5CF-5C5A-809F-E03CCE2AB150 3.6 https://vulners.com/githubexploit/B7EACB4F-A5CF-5C5A-809F-E03CCE2AB150 EXPLOIT
| 4C6E2182-0E99-5626-83F6-1646DD648C57 3.6 https://vulners.com/githubexploit/4C6E2182-0E99-5626-83F6-1646DD648C57 EXPLOIT
|_ PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261 EXPLOIT
23/tcp filtered telnet no-response
80/tcp open http syn-ack ttl 60 nginx
443/tcp open ssl/http syn-ack ttl 60 nginx
445/tcp filtered microsoft-ds no-response
2000/tcp open tcpwrapped syn-ack ttl 63
3001/tcp open nessus? syn-ack ttl 60
........
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 11:57
Completed NSE at 11:57, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 11:57
Completed NSE at 11:57, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.15 seconds
Raw packets sent: 1006 (44.240KB) | Rcvd: 1003 (40.156KB)