InfoSec LAB

Cerberus_Recon

Created: 3 min read

RustScan

┌──(kali㉿kali)-[~/archive/htb/labs/cerberus]
└─$ rustscan -a $IP -b 25000
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Real hackers hack time
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
open 10.10.11.205:8080

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/cerberus]
└─$ nmap -Pn -p- $IP           
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-01-17 08:05 CET
Nmap scan report for 10.10.11.205
Host is up (0.026s latency).
Not shown: 65534 filtered tcp ports (no-response)
PORT     STATE SERVICE
8080/tcp open  http-proxy
 
Nmap done: 1 IP address (1 host up) scanned in 106.67 seconds
 
 
┌──(kali㉿kali)-[~/archive/htb/labs/cerberus]
└─$ nmap -Pn -sC -sV -p8080 $IP
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-01-17 08:05 CET
Nmap scan report for 10.10.11.205
Host is up (0.028s latency).
 
PORT     STATE SERVICE VERSION
8080/tcp open  http    Apache httpd 2.4.52 ((Ubuntu))
|_http-server-header: Apache/2.4.52 (Ubuntu)
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: Did not follow redirect to http://icinga.cerberus.local:8080/icingaweb2
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.62 seconds

The target system appears to be Ubuntu

UDP

┌──(kali㉿kali)-[~/archive/htb/labs/cerberus]
└─$ sudo nmap -sU -top-ports 1000 $IP
starting nmap 7.94svn ( https://nmap.org ) at 2024-01-17 08:03 CET
Nmap scan report for 10.10.11.205
Host is up (0.029s latency).
not shown: 997 open|filtered udp ports (no-response)
PORT    STATE SERVICE
53/udp  open  domain
88/udp  open  kerberos-sec
123/udp open  ntp
 
nmap done: 1 IP address (1 host up) scanned in 10.35 seconds
 
┌──(kali㉿kali)-[~/archive/htb/labs/cerberus]
└─$ sudo nmap -sU -sC -sV -p53,88 $IP
[sudo] password for kali: 
starting nmap 7.94svn ( https://nmap.org ) at 2024-01-17 08:20 CET
Nmap scan report for icinga (10.10.11.205)
Host is up (0.034s latency).
 
PORT   STATE SERVICE      VERSION
53/udp open  domain       Simple DNS Plus
88/udp open  kerberos-sec microsoft windows kerberos (server time: 2024-01-17 07:20:08Z)
service info: OS: Windows; CPE: cpe:/o:microsoft:windows
 
service detection performed. please report any incorrect results at https://nmap.org/submit/ .
nmap done: 1 IP address (1 host up) scanned in 16.54 seconds

The observed system seems to function as a Domain Controller within an Active Directory setup, as evidenced by the active and responsive UDP ports 53 and 88. Although the scanning results deviate from those of a fully exposed domain controller, where services like LDAPs and MSRPC are readily accessible, it is plausible that these specific services are being restricted by a firewall.

Interactive Graph View

Backlinks