Nmap Scan Report - Scanned at Mon Aug 4 18:04:36 2025

Nmap 7.95 was initiated at Mon Aug 4 18:04:36 2025 with these arguments:
/usr/lib/nmap/nmap --privileged -v -sV -A -p1-65535 -oX port.xml 192.168.152.129

Nmap done at Mon Aug 4 18:07:09 2025; 1 IP address (1 host up) scanned in 152.51 seconds

192.168.152.129(online)

Address

192.168.152.129 (ipv4)
00:0C:29:D1:DD:07 - VMware (mac)

Ports

The 65505 ports scanned but not shown below are in state: closed

65505 ports replied with: reset

Port		State (toggle closed [0] \| filtered [0])	Service	Reason	Product	Version	Extra info
21	tcp	open	ftp	syn-ack	vsftpd	2.3.4
	ftp-syst	STAT: FTP server status: Connected to 192.168.152.131 Logged in as ftp TYPE: ASCII No session bandwidth limit Session timeout in seconds is 300 Control connection is plain text Data connections will be plain text vsFTPd 2.3.4 - secure, fast, stable End of status
	ftp-anon	Anonymous FTP login allowed (FTP code 230)
22	tcp	open	ssh	syn-ack	OpenSSH	4.7p1 Debian 8ubuntu1	protocol 2.0
	ssh-hostkey	1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA) 2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
23	tcp	open	telnet	syn-ack	Linux telnetd
25	tcp	open	smtp	syn-ack	Postfix smtpd
	ssl-cert	Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX Public Key type: rsa Public Key bits: 1024 Signature Algorithm: sha1WithRSAEncryption Not valid before: 2010-03-17T14:07:45 Not valid after: 2010-04-16T14:07:45 MD5: dcd9:ad90:6c8f:2f73:74af:383b:2540:8828 SHA-1: ed09:3088:7066:03bf:d5dc:2373:99b4:98da:2d4d:31c6
	smtp-commands	metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN
	sslv2	SSLv2 supported ciphers: SSL2_RC2_128_CBC_WITH_MD5 SSL2_RC4_128_EXPORT40_WITH_MD5 SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_RC4_128_WITH_MD5 SSL2_DES_192_EDE3_CBC_WITH_MD5 SSL2_DES_64_CBC_WITH_MD5
	ssl-date	2025-08-04T12:37:08+00:00; 0s from scanner time.
53	tcp	open	domain	syn-ack	ISC BIND	9.4.2
	dns-nsid	bind.version: 9.4.2
80	tcp	open	http	syn-ack	Apache httpd	2.2.8	(Ubuntu) DAV/2
	http-title	Metasploitable2 - Linux
	http-server-header	Apache/2.2.8 (Ubuntu) DAV/2
	http-methods	Supported Methods: GET HEAD POST OPTIONS
111	tcp	open	rpcbind	syn-ack		2	RPC #100000
	rpcinfo	program version port/proto service 100000 2 111/tcp rpcbind 100000 2 111/udp rpcbind 100003 2,3,4 2049/tcp nfs 100003 2,3,4 2049/udp nfs 100005 1,2,3 51350/tcp mountd 100005 1,2,3 60976/udp mountd 100021 1,3,4 34348/udp nlockmgr 100021 1,3,4 60327/tcp nlockmgr 100024 1 40390/udp status 100024 1 56404/tcp status
139	tcp	open	netbios-ssn	syn-ack	Samba smbd	3.X - 4.X	workgroup: WORKGROUP
445	tcp	open	netbios-ssn	syn-ack	Samba smbd	3.0.20-Debian	workgroup: WORKGROUP
512	tcp	open	exec	syn-ack	netkit-rsh rexecd
513	tcp	open	login	syn-ack	OpenBSD or Solaris rlogind
514	tcp	open	tcpwrapped	syn-ack
1099	tcp	open	java-rmi	syn-ack	GNU Classpath grmiregistry
1524	tcp	open	bindshell	syn-ack	Metasploitable root shell
2049	tcp	open	nfs	syn-ack		2-4	RPC #100003
2121	tcp	open	ftp	syn-ack	ProFTPD	1.3.1
3306	tcp	open	mysql	syn-ack	MySQL	5.0.51a-3ubuntu5
	mysql-info	Protocol: 10 Version: 5.0.51a-3ubuntu5 Thread ID: 8 Capabilities flags: 43564 Some Capabilities: ConnectWithDatabase, SupportsTransactions, SwitchToSSLAfterHandshake, Speaks41ProtocolNew, LongColumnFlag, SupportsCompression, Support41Auth Status: Autocommit Salt: :%GxH>=Uwtcq/4W<c_3"
3632	tcp	open	distccd	syn-ack	distccd	v1	(GNU) 4.2.4 (Ubuntu 4.2.4-1ubuntu4)
5432	tcp	open	postgresql	syn-ack	PostgreSQL DB	8.3.0 - 8.3.7
	ssl-cert	Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX Public Key type: rsa Public Key bits: 1024 Signature Algorithm: sha1WithRSAEncryption Not valid before: 2010-03-17T14:07:45 Not valid after: 2010-04-16T14:07:45 MD5: dcd9:ad90:6c8f:2f73:74af:383b:2540:8828 SHA-1: ed09:3088:7066:03bf:d5dc:2373:99b4:98da:2d4d:31c6
	ssl-date	2025-08-04T12:37:08+00:00; 0s from scanner time.
5900	tcp	open	vnc	syn-ack	VNC		protocol 3.3
	vnc-info	Protocol version: 3.3 Security types: VNC Authentication (2)
6000	tcp	open	X11	syn-ack			access denied
6667	tcp	open	irc	syn-ack	UnrealIRCd
	irc-info	users: 2 servers: 1 lusers: 2 lservers: 0 server: irc.Metasploitable.LAN version: Unreal3.2.8.1. irc.Metasploitable.LAN uptime: 0 days, 0:03:13 source ident: nmap source host: 186811F0.9BA27108.FFFA6D49.IP error: Closing Link: znatfomct[192.168.152.131] (Quit: znatfomct)
6697	tcp	open	irc	syn-ack	UnrealIRCd
8009	tcp	open	ajp13	syn-ack	Apache Jserv		Protocol v1.3
	ajp-methods	Failed to get a valid response for the OPTION request
8180	tcp	open	http	syn-ack	Apache Tomcat/Coyote JSP engine	1.1
	http-favicon	Apache Tomcat
	http-title	Apache Tomcat/5.5
	http-server-header	Apache-Coyote/1.1
	http-methods	Supported Methods: GET HEAD POST OPTIONS
8787	tcp	open	drb	syn-ack	Ruby DRb RMI		Ruby 1.8; path /usr/lib/ruby/1.8/drb
49608	tcp	open	java-rmi	syn-ack	GNU Classpath grmiregistry
51350	tcp	open	mountd	syn-ack		1-3	RPC #100005
56404	tcp	open	status	syn-ack		1	RPC #100024
60327	tcp	open	nlockmgr	syn-ack		1-4	RPC #100021

Remote Operating System Detection

Used port: 21/tcp (open)
Used port: 1/tcp (closed)
Used port: 39502/udp (closed)
OS match: Linux 2.6.9 - 2.6.33 (100%)

Host Script Output

Script Name	Output
nbstat	NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown) Names: METASPLOITABLE<00> Flags: <unique><active> METASPLOITABLE<03> Flags: <unique><active> METASPLOITABLE<20> Flags: <unique><active> \x01\x02__MSBROWSE__\x02<01> Flags: <group><active> WORKGROUP<00> Flags: <group><active> WORKGROUP<1d> Flags: <unique><active> WORKGROUP<1e> Flags: <group><active>
smb-os-discovery	OS: Unix (Samba 3.0.20-Debian) Computer name: metasploitable NetBIOS computer name: Domain name: localdomain FQDN: metasploitable.localdomain System time: 2025-08-04T08:37:00-04:00
smb2-time	Protocol negotiation failed (SMB2)
clock-skew	mean: 1h00m00s, deviation: 2h00m01s, median: 0s
smb-security-mode	account_used: <blank> authentication_level: user challenge_response: supported message_signing: disabled (dangerous, but default)

Misc Metrics (click to expand)