# NerdHerd ## Nmap As usual we kick off with a nmap scanning using -p- -sS -v switches to quickly scan all ports and show verberose information whilst scanning so we can start enumerating ports before the scan finished. ``` sudo nmap 10.10.237.0 -p- -sS -v Discovered open port 21/tcp on 10.10.237.0 Discovered open port 139/tcp on 10.10.237.0 Discovered open port 445/tcp on 10.10.237.0 Discovered open port 22/tcp on 10.10.237.0 Discovered open port 1337/tcp on 10.10.237.0 Nmap scan report for 10.10.237.0 PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1337/tcp open waste ``` ## FTP Our first discovered port is FTP on TCP 21. I check for anonymous login and find we are allowed access. We have a directory called "pub" and in this we have a .png image file. Opening the file shows nothing interesting apart from the NerdHerd logo. ![](/files/-MLPBogex_IUtWNEhV95) ### Testing for file upload I tried to upload a file to FTP to see if we had anything here for a potential reverse shell however, we have no permission to perform this. ![](/files/-MLPCYacP5kpPTyi9bk5) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://viperone.gitbook.io/pentest-everything/writeups/tryhackme/linux/nerdherd.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.