0 Replies Latest reply on Aug 15, 2019 9:16 PM by rcoleman67

    Help Identifying system within default VMware Fusion Installation

    rcoleman67 Lurker

      I'm running VMware Fusion 10.1.1. on an Apple MacBook Pro 15" mid 2013 running High Sierra 10.13.6, a Kali (Rolling Updates) system from within a default VMware Fusion installation. When I perform host discovery operations using netdiscover and nmap I've found a system that I cannot identify. I'm assuming it might be part of the VMware infrastructure but I have not been able to verify this. As I do penetration testing and security assessments I don't like having unidentified systems in my testing environments. I sure would appreciate some assistance.

       

      Given a single guest vm system (Kali) within my VMWare Fusion environment running in the NAT network mode I can run a netdiscover command from within the Terminal of my Kali system and I get three systems which is what I would expect.

      # netdiscover -i eth0 -r 192.168.72.0/24  

      192.168.72.1 --> my actual host
      192.168.72.2 --> VMware NAT device
      192.168.72.254 --> the VMware DHCP server

      Now if I run a nmap -sn 192.168.72.0/24 from my Kali system I get five (5) systems. I expected four (4). I cannot for the life of me figure out/determine what the fifth (5th) system is.

      # nmap -sn 192.168.72.0/24 
      Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-22 11:30 CDT
      Nmap scan report for 192.168.72.1
      Host is up (0.00012s latency).
      MAC Address: 00:50:56:C0:00:08 (VMware)
      Nmap scan report for 192.168.72.2
      Host is up (0.000078s latency).
      MAC Address: 00:50:56:F6:05:21 (VMware)
      Nmap scan report for 192.168.72.254
      Host is up (0.00015s latency).
      MAC Address: 00:50:56:E4:DB:BF (VMware)
      Nmap scan report for 192.168.72.135
      Host is up.
      Nmap scan report for 192.168.72.141
      Host is up.
      • 192.168.72.1 --> my actual host
      • 192.168.72.2 --> VMware NAT device
      • 192.168.72.254 --> the VMware DHCP server
      • 192.168.72.135 --> the Kali system
      • 192.168.72.141 --> ???

       

      I haven't been able to figure out what the 192.168.72.141 system is.

      I can ping the .141 system.

      # ping 192.168.72.141

      PING 192.168.72.141 (192.168.72.141) 56(84) bytes of data.

      64 bytes from 192.168.72.141: icmp_seq=1 ttl=64 time=0.028 ms

      64 bytes from 192.168.72.141: icmp_seq=2 ttl=64 time=0.055 ms

      64 bytes from 192.168.72.141: icmp_seq=3 ttl=64 time=0.054 ms

      ^C

      --- 192.168.72.141 ping statistics ---

      3 packets transmitted, 3 received, 0% packet loss, time 47ms

      rtt min/avg/max/mdev = 0.028/0.045/0.055/0.014 ms

       

      I can execute an nmap -A it which then tells me it's a Linux box with port 22 open. . .

      # nmap -A 192.168.72.141

      Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-15 23:14 CDT

      Nmap scan report for 192.168.72.141

      Host is up (0.000062s latency).

      Not shown: 999 closed ports

      PORT   STATE SERVICE VERSION

      22/tcp open  ssh     OpenSSH 7.9p1 Debian 10 (protocol 2.0)

      | ssh-hostkey:

      |   2048 51:ce:c8:6d:5d:c7:34:2d:36:ec:a6:97:91:04:97:48 (RSA)

      |   256 f1:13:ef:f1:35:8f:b2:d3:9b:18:fa:28:2d:6f:90:44 (ECDSA)

      |_  256 3e:7c:f5:ee:9f:8e:d3:11:ed:a6:0b:be:c6:63:c5:ea (ED25519)

      Device type: general purpose

      Running: Linux 3.X

      OS CPE: cpe:/o:linux:linux_kernel:3

      OS details: Linux 3.7 - 3.10

      Network Distance: 0 hops

      Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

       

       

      OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

      Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds

       

       

      I tried to ssh into the server but don't know the cert or account/password to successfully login. Does anyone know what this system is?