InfoSec LAB

Active_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/archive/htb/labs/active]
└─$ rustscan -a $IP --ulimit=5000 
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
😵 https://admin.tryhackme.com
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
open 10.10.10.100:53
open 10.10.10.100:88
open 10.10.10.100:135
open 10.10.10.100:139
open 10.10.10.100:389
open 10.10.10.100:445
open 10.10.10.100:464
open 10.10.10.100:593
open 10.10.10.100:3268
open 10.10.10.100:3269
open 10.10.10.100:5722
open 10.10.10.100:9389
open 10.10.10.100:49152
open 10.10.10.100:49153
open 10.10.10.100:49154
open 10.10.10.100:49155
open 10.10.10.100:49157
open 10.10.10.100:49158
open 10.10.10.100:49165
open 10.10.10.100:49171
open 10.10.10.100:49170

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/active]
└─$ nmap -sC -sV -p- $IP                                   
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-31 09:43 CET
Nmap scan report for 10.10.10.100
Host is up (0.029s latency).
Not shown: 65513 closed tcp ports (conn-refused)
PORT      STATE SERVICE       VERSION
53/tcp    open  domain        Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1)
| dns-nsid: 
|_  bind.version: Microsoft DNS 6.1.7601 (1DB15D39)
88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2023-01-31 08:43:44Z)
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: active.htb, Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds?
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: active.htb, Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
5722/tcp  open  msrpc         Microsoft Windows RPC
9389/tcp  open  mc-nmf        .NET Message Framing
49152/tcp open  msrpc         Microsoft Windows RPC
49153/tcp open  msrpc         Microsoft Windows RPC
49154/tcp open  msrpc         Microsoft Windows RPC
49155/tcp open  msrpc         Microsoft Windows RPC
49157/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
49158/tcp open  msrpc         Microsoft Windows RPC
49165/tcp open  msrpc         Microsoft Windows RPC
49170/tcp open  msrpc         Microsoft Windows RPC
49171/tcp open  msrpc         Microsoft Windows RPC
Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1, cpe:/o:microsoft:windows
 
Host script results:
| smb2-time: 
|   date: 2023-01-31T08:44:40
|_  start_date: 2023-01-31T08:40:46
| smb2-security-mode: 
|   210: 
|_    Message signing enabled and required
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 99.98 seconds

The target system is Microsoft Windows

Interactive Graph View

Backlinks