> For the complete documentation index, see [llms.txt](https://oklencodes.gitbook.io/untitled/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oklencodes.gitbook.io/untitled/ctfs/healthcare-openemr-system-thm-plotted-emr/exploring-the-ports-found.md).

# Exploring the ports found

Now to explore the 5 open ports.

### **Port 23**

I could ftp into the port /23 with anonymous. Within the ftp I wanted to see where I was/ what directory I was working with. so I first I ran pwd (print working directory). It said "/ is the current directory". So i next I wanted to list everything in the directory, ls -la .The file names were in "-" and "." which I had to navigate through.&#x20;

The filename with "..." had a text file within it called, "you\_are\_determined.txt". I then typed "get you\_are\_determined.txt" which allowed me to download it and exited the ftp. Once I did that I then attempted to cat the file to see what was in it, it was indeed a waste of time...

![](/files/ujtt3Lh3z6hmEfdYqHmO)

It gave me a hint to use admin. Wasn't much of a hint but I made a note of it.

### Port 5900 MySQL Server

To show the mysql server databases, first I had to install the MariaDB with "*apt install mariadb-client-core-10.1 -y"* then when that was finished. I eventually ran mysql -u admin -h 10.10.107.144 -P 5900 The "-u" is for the user "-h" is for the host and the "-P" was for the port I initially found it on within Nmap.&#x20;

Interesting i got the admin access into the mysql server.. First i did "*show databases;*"

3 databases popped up. I typed "*show tables;*". I then typed "*select \* from user"*.&#x20;

![](/files/W5XT09wgeZlOPztr27Eq)

![](/files/0rVJFnWpOXSqKc3wQ9te)

![](/files/jdgayQ2we13sGA0O2BKZ)

Interesting note I made was that although I was not able to find any users with password. I was able to create a user, give them a password and then choose their privilege's. This may come in handy but for the mean time I could not do anything with it because I do not know if the sql server had any of the flags I needed.

### Port 8890

![](/files/CivvkYEToz3f1aPXm2Jn)
