**{{ :rusia:gaceta:nmap_vuln_pcomunes_ru_rg.txt.gz |}}**\\
sudo nmap -Pn -p 20-23,69,139,137,445,53,443,80,8080,8443 -sV --script vuln rg.ru -oN nmap_vuln_pcomunes_ru_rg.txt
**Servicios abiertos**\\
gzip nmap_vuln_pcomunes_ru_rg.txt
gunzip -c nmap_vuln_pcomunes_ru_rg.txt.gz | grep -Ex '^[0-9]+\/.*open.*' | sed -E 's/ {2,}/ /g' | sort | uniq
137/tcp open netbios-ns?
139/tcp open netbios-ssn?
20/tcp open ftp-data?
21/tcp open ftp?
22/tcp open ssh?
23/tcp open telnet?
443/tcp open ssl/https QRATOR
445/tcp open microsoft-ds?
53/tcp open domain?
69/tcp open tftp?
8080/tcp open http-proxy?
80/tcp open http QRATOR
8443/tcp open https-alt?
Vemos que el tráfico HTTPS está siendo protegido o administrado por Qrator, como un intermediario seguro (similar a Cloudflare).
sudo nmap -sU -p 69 rg.ru -oN tftp.txt
[sudo] contraseña para toor:
Starting Nmap 7.80 ( https://nmap.org ) at 2025-04-14 03:30 CEST
Nmap scan report for rg.ru (185.65.148.114)
Host is up (0.12s latency).
PORT STATE SERVICE
69/udp open|filtered tftp
Nmap done: 1 IP address (1 host up) scanned in 1.78 seconds
**Comprobamos si realmente está abierto tftp**\\
tftp 185.65.148.114
tftp> ?
Commands may be abbreviated. Commands are:
connect connect to remote tftp
mode set file transfer mode
put send file
get receive file
quit exit tftp
verbose toggle verbose mode
trace toggle packet tracing
status show current status
binary set mode to octet
ascii set mode to netascii
rexmt set per-packet retransmission timeout
timeout set total retransmission timeout
? print help information
tftp> status
Connected to 185.65.148.114.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp>
**Vulnerabilidades encontradas**\\
gunzip -c nmap_vuln_pcomunes_ru_rg.txt.gz | sed -nE '/VULNERABLE:/{n;p;n;p;n;p}' | sort | uniq
| IDs: CVE:CVE-2007-6750
| State: LIKELY VULNERABLE
| Slowloris DOS attack