After getting connected to the SOHOplesslyBroken VPN, we did an nmap scan of the local IP range for any devices. This as an update to show what flags have already been captured.
nmap 192.168.10.0/24
Control4 Open Source Software Notice
| PORT | STATE | SERVICE |
|---|---|---|
| 21/tcp | closed | ftp |
| 22/tcp | closed | ssh |
| 80/tcp | open | http |
Current State: Has not been accessed. Possible vulnerability in ssh used by server (dropbear).
Link Clicker
| PORT | STATE | SERVICE |
|---|---|---|
| 80/tcp | open | http |
No flag, is used as a link clicker that will access any url provided to it.
NUUO Network Video Recorder
| PORT | STATE | SERVICE |
|---|---|---|
| 21/tcp | open | ftp |
| 22/tcp | open | ssh |
| 80/tcp | open | http |
| 443/tcp | open | https |
Current State: Flag has been captured.
Any time & Any where, IP Surveillance for Your Life
| PORT | STATE | SERVICE |
|---|---|---|
| 80/tcp | open | http |
| 554/tcp | open | rtsp |
Current State: Flag not captured. It is likely a DVR that might have vulnerabilities.
GEO Vision - GV-SNVR0811
| PORT | STATE | SERVICE |
|---|---|---|
| 80/tcp | open | http |
| 443/tcp | open | https |
| 10000/tcp | open | snet-sensor-mgmt |
Current State: Flag Captured.
192.168.10.208
url: http://192.168.10.208/login
| PORT | STATE | SERVICE |
|---|---|---|
| 22/tcp | open | ssh |
| 80/tcp | open | http |
| 113/tcp | closed | ident |
| 443/tcp | open | https |
| 541/tcp | open | uucp-rlogin |
| 8000/tcp | closed | http-alt |
| 8009/tcp | open | ajp13 |
Current State: This was a fortinet machine. Flag Captured.
DCS-930LB1
| PORT | STATE | SERVICE |
|---|---|---|
| 23/tcp | open | telnet |
| 80/tcp | open | http |
| 443/tcp | open | https |
| 749/tcp | filtered | kerberos-adm |
| 4444/tcp | open | krb524 |
Current State: No new information on this machine.