Port 21 — FTP We can find out the version of the FTP either by scanning with nmap or by connecting it using nc or ftp. ftp 192.168.1.101 nc 192.168.1.101 21 nmap -sV 192.168.1.101 -p 21 Metasploit ftp_version module can be also used to scan a range of IP addresses and determine the version…

Risk: Medium CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI] CVE-ID: CVE-2021–27330 CWE-ID: CWE-79 — Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerable software version: Datepicker Calendar < 3.76 Exploit DB: https://www.exploit-db.com/exploits/49597 Google Dork: inurl:/calendar/calendar_form.php Mitigation: Install updates from the vendor’s website.

Enumeration

Enumeration Nmap Nmap reveals that port number 3000 is open and it is using Node.js Express framework. Let’s visit port number 3000 in web browser.

Weakness:Web Parameter Tampering Two Factor Authentication, also known as 2FA is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them,Using a Two Factor Authentication process can help…

SMTP stands for Simple Mail Transfer Protocol is a TCP/IP protocol for sending E-mail messages between servers.SMTP usually is implemented to operate over Internet port 25. Nmap (Network Mapper) is the most popular port scanner which is designed to probe a server or host for open ports. The following are the open ports that I identified on Open-xchange’s Sandbox domain sandbox.open-xchange.com (185.27.181.34)