Facts

Let’s add our target machine to /etc/hosts: mairon $ echo 10.129.24.44 facts.htb | sudo tee -a /etc/hosts Next, enumeration: mairon $ rustscan -a facts.htb --ulimit 5000 -- -Pn -n -v --open -A -sCV | tee rustscan.txt .----. .-. .-. .----..---. .----. .---. .--. .-. .-. | {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| | | .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ | `-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-' The Modern Day Port Scanner. ________________________________________ : http://discord.skerritt.blog : : https://github.com/RustScan/RustScan : -------------------------------------- To scan or not to scan? That is the question. [~] The config file is expected to be at "/home/mairon/.rustscan.toml" [~] Automatically increasing ulimit value to 5000. Open 10.129.24.44:22 Open 10.129.24.44:80 Open 10.129.24.44:54321 [~] Starting Script(s) [>] Running script "nmap -vvv -p {{port}} -{{ipversion}} {{ip}} -Pn -n -v --open -A -sCV" on ip 10.129.24.44 Depending on the complexity of the script, results may take some time to appear. [~] Starting Nmap 7.98 ( https://nmap.org ) at 2026-02-01 13:13 +0100 NSE: Loaded 158 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.00s elapsed NSE: Starting runlevel 2 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.00s elapsed NSE: Starting runlevel 3 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.00s elapsed Initiating Connect Scan at 13:13 Scanning 10.129.24.44 [3 ports] Discovered open port 80/tcp on 10.129.24.44 Discovered open port 22/tcp on 10.129.24.44 Discovered open port 54321/tcp on 10.129.24.44 Completed Connect Scan at 13:13, 0.01s elapsed (3 total ports) Initiating Service scan at 13:13 Scanning 3 services on 10.129.24.44 Completed Service scan at 13:13, 28.46s elapsed (3 services on 1 host) NSE: Script scanning 10.129.24.44. NSE: Starting runlevel 1 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.51s elapsed NSE: Starting runlevel 2 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.04s elapsed NSE: Starting runlevel 3 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.00s elapsed Nmap scan report for 10.129.24.44 Host is up, received user-set (0.0088s latency). Scanned at 2026-02-01 13:13:20 CET for 29s PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 9.9p1 Ubuntu 3ubuntu3.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 4d:d7:b2:8c:d4:df:57:9c:a4:2f:df:c6:e3:01:29:89 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNYjzL0v+zbXt5Zvuhd63ZMVGK/8TRBsYpIitcmtFPexgvOxbFiv6VCm9ZzRBGKf0uoNaj69WYzveCNEWxdQUww= | 256 a3:ad:6b:2f:4a:bf:6f:48:ac:81:b9:45:3f:de:fb:87 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCNb2NXAGnDBofpLTCGLMyF/N6Xe5LIri/onyTBifIK 80/tcp open http syn-ack nginx 1.26.3 (Ubuntu) |_http-server-header: nginx/1.26.3 (Ubuntu) |_http-title: Did not follow redirect to http://facts.htb/ | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS 54321/tcp open http syn-ack Golang net/http server | http-methods: |_ Supported Methods: GET OPTIONS |_http-title: Site doesn't have a title (application/xml). | fingerprint-strings: | FourOhFourRequest: | HTTP/1.0 400 Bad Request | Accept-Ranges: bytes | Content-Length: 303 | Content-Type: application/xml | Server: MinIO | Strict-Transport-Security: max-age=31536000; includeSubDomains | Vary: Origin | X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 | X-Amz-Request-Id: 18901E598030C266 | X-Content-Type-Options: nosniff | X-Xss-Protection: 1; mode=block | Date: Sun, 01 Feb 2026 12:13:43 GMT | <?xml version="1.0" encoding="UTF-8"?> | <Error><Code>InvalidRequest</Code><Message>Invalid Request (invalid argument)</Message><Resource>/nice ports,/Trinity.txt.bak</Resource><RequestId>18901E598030C266</RequestId><HostId>dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8</HostId></Error> | GenericLines, Help, RTSPRequest, SSLSessionReq: | HTTP/1.1 400 Bad Request | Content-Type: text/plain; charset=utf-8 | Connection: close | Request | GetRequest: | HTTP/1.0 400 Bad Request | Accept-Ranges: bytes | Content-Length: 276 | Content-Type: application/xml | Server: MinIO | Strict-Transport-Security: max-age=31536000; includeSubDomains | Vary: Origin | X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8 | X-Amz-Request-Id: 18901E55B628B6E7 | X-Content-Type-Options: nosniff | X-Xss-Protection: 1; mode=block | Date: Sun, 01 Feb 2026 12:13:27 GMT | <?xml version="1.0" encoding="UTF-8"?> | <Error><Code>InvalidRequest</Code><Message>Invalid Request (invalid argument)</Message><Resource>/</Resource><RequestId>18901E55B628B6E7</RequestId><HostId>dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8</HostId></Error> | HTTPOptions: | HTTP/1.0 200 OK | Vary: Origin | Date: Sun, 01 Feb 2026 12:13:27 GMT |_ Content-Length: 0 |_http-server-header: MinIO 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port54321-TCP:V=7.98%I=7%D=2/1%Time=697F4366%P=x86_64-pc-linux-gnu%r(Ge SF:nericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t SF:ext/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x SF:20Request")%r(GetRequest,2B0,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nAcc SF:ept-Ranges:\x20bytes\r\nContent-Length:\x20276\r\nContent-Type:\x20appl SF:ication/xml\r\nServer:\x20MinIO\r\nStrict-Transport-Security:\x20max-ag SF:e=31536000;\x20includeSubDomains\r\nVary:\x20Origin\r\nX-Amz-Id-2:\x20d SF:d9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nX-Am SF:z-Request-Id:\x2018901E55B628B6E7\r\nX-Content-Type-Options:\x20nosniff SF:\r\nX-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Sun,\x2001\x20Feb SF:\x202026\x2012:13:27\x20GMT\r\n\r\n<\?xml\x20version=\"1\.0\"\x20encodi SF:ng=\"UTF-8\"\?>\n<Error><Code>InvalidRequest</Code><Message>Invalid\x20 SF:Request\x20\(invalid\x20argument\)</Message><Resource>/</Resource><Requ SF:estId>18901E55B628B6E7</RequestId><HostId>dd9025bab4ad464b049177c95eb6e SF:bf374d3b3fd1af9251148b658df7ac2e3e8</HostId></Error>")%r(HTTPOptions,59 SF:,"HTTP/1\.0\x20200\x20OK\r\nVary:\x20Origin\r\nDate:\x20Sun,\x2001\x20F SF:eb\x202026\x2012:13:27\x20GMT\r\nContent-Length:\x200\r\n\r\n")%r(RTSPR SF:equest,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/ SF:plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Re SF:quest")%r(Help,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\ SF:x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20B SF:ad\x20Request")%r(SSLSessionReq,67,"HTTP/1\.1\x20400\x20Bad\x20Request\ SF:r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20clos SF:e\r\n\r\n400\x20Bad\x20Request")%r(FourOhFourRequest,2CB,"HTTP/1\.0\x20 SF:400\x20Bad\x20Request\r\nAccept-Ranges:\x20bytes\r\nContent-Length:\x20 SF:303\r\nContent-Type:\x20application/xml\r\nServer:\x20MinIO\r\nStrict-T SF:ransport-Security:\x20max-age=31536000;\x20includeSubDomains\r\nVary:\x SF:20Origin\r\nX-Amz-Id-2:\x20dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9 SF:251148b658df7ac2e3e8\r\nX-Amz-Request-Id:\x2018901E598030C266\r\nX-Cont SF:ent-Type-Options:\x20nosniff\r\nX-Xss-Protection:\x201;\x20mode=block\r SF:\nDate:\x20Sun,\x2001\x20Feb\x202026\x2012:13:43\x20GMT\r\n\r\n<\?xml\x SF:20version=\"1\.0\"\x20encoding=\"UTF-8\"\?>\n<Error><Code>InvalidReques SF:t</Code><Message>Invalid\x20Request\x20\(invalid\x20argument\)</Message SF:><Resource>/nice\x20ports,/Trinity\.txt\.bak</Resource><RequestId>18901 SF:E598030C266</RequestId><HostId>dd9025bab4ad464b049177c95eb6ebf374d3b3fd SF:1af9251148b658df7ac2e3e8</HostId></Error>"); Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.00s elapsed NSE: Starting runlevel 2 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.00s elapsed NSE: Starting runlevel 3 (of 3) scan. Initiating NSE at 13:13 Completed NSE at 13:13, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 29.27 seconds ...