Nmap
┌──(kali㉿kali)-[~/archive/htb/labs/conceal]
└─$ nmap -Pn -p1-10000 $IP
starting nmap 7.93 ( https://nmap.org ) at 2022-10-20 18:06 CEST
Nmap scan report for 10.10.10.116
Host is up.
All 10000 scanned ports on 10.10.10.116 are in ignored states.
not shown: 10000 filtered tcp ports (no-response)
nmap done: 1 IP address (1 host up) scanned in 201.41 secondsNot a single open port is shown from 1 to 10000 on TCP scan
Checking UDP..
┌──(kali㉿kali)-[~/archive/htb/labs/conceal]
└─$ sudo nmap -sU -p1-10000 $IP
starting nmap 7.93 ( https://nmap.org ) at 2022-10-20 18:06 CEST
Nmap scan report for 10.10.10.116
Host is up (0.039s latency).
not shown: 9998 open|filtered udp ports (no-response)
PORT STATE SERVICE
161/udp open snmp
500/udp open isakmp
nmap done: 1 IP address (1 host up) scanned in 139.45 seconds2 open UDP ports; 161 and 500
┌──(kali㉿kali)-[~/archive/htb/labs/conceal]
└─$ sudo nmap -sU -sC -sV -p161,500 $IP
starting nmap 7.93 ( https://nmap.org ) at 2023-01-19 20:20 CET
Nmap scan report for 10.10.10.116
Host is up (0.031s latency).
PORT STATE SERVICE VERSION
161/udp open snmp SNMPv1 server (public)
| snmp-interfaces:
| Software Loopback Interface 1\x00
| ip address: 127.0.0.1 Netmask: 255.0.0.0
| type: softwareLoopback Speed: 1 Gbps
| traffic stats: 0.00 Kb sent, 0.00 Kb received
| vmxnet3 Ethernet Adapter\x00
| ip address: 10.10.10.116 Netmask: 255.255.255.0
| mac address: 005056b9d579 (VMware)
| type: ethernetCsmacd Speed: 4 Gbps
| traffic stats: 78.63 Kb sent, 13.22 Mb received
| vmxnet3 Ethernet Adapter-WFP Native MAC Layer LightWeight Filter-0000\x00
| mac address: 005056b9d579 (VMware)
| type: ethernetCsmacd Speed: 4 Gbps
| traffic stats: 78.63 Kb sent, 13.22 Mb received
| vmxnet3 Ethernet Adapter-QoS Packet Scheduler-0000\x00
| mac address: 005056b9d579 (VMware)
| type: ethernetCsmacd Speed: 4 Gbps
| traffic stats: 78.63 Kb sent, 13.22 Mb received
| vmxnet3 Ethernet Adapter-WFP 802.3 MAC Layer LightWeight Filter-0000\x00
| mac address: 005056b9d579 (VMware)
| type: ethernetCsmacd Speed: 4 Gbps
|_ traffic stats: 78.63 Kb sent, 13.22 Mb received
| snmp-win32-services:
| AppX Deployment Service (AppXSVC)
| Application Host Helper Service
| Background Intelligent Transfer Service
| Background Tasks Infrastructure Service
| Base Filtering Engine
| CNG Key Isolation
| COM+ Event System
| COM+ System Application
| Client License Service (ClipSVC)
| Connected Devices Platform Service
| Connected User Experiences and Telemetry
| CoreMessaging
| Cryptographic Services
| DCOM Server Process Launcher
| DHCP Client
| DNS Client
| Data Sharing Service
| Data Usage
| Device Setup Manager
| Diagnostic Policy Service
| Diagnostic Service Host
| Diagnostic System Host
| Distributed Link Tracking Client
| Distributed Transaction Coordinator
| Geolocation Service
| Group Policy Client
| IKE and AuthIP IPsec Keying Modules
| IP Helper
| IPsec Policy Agent
| Local Session Manager
| Microsoft FTP Service
| Microsoft Storage Spaces SMP
| Network Connection Broker
| Network List Service
| Network Location Awareness
| Network Store Interface Service
| Plug and Play
| Power
| Print Spooler
| Program Compatibility Assistant Service
| RPC Endpoint Mapper
| Remote Procedure Call (RPC)
| SNMP Service
| SSDP Discovery
| Security Accounts Manager
| Security Center
| Server
| Shell Hardware Detection
| State Repository Service
| Storage Service
| Superfetch
| System Event Notification Service
| System Events Broker
| TCP/IP NetBIOS Helper
| Task Scheduler
| Themes
| Time Broker
| TokenBroker
| User Manager
| User Profile Service
| VMware Alias Manager and Ticket Service
| VMware CAF Management Agent Service
| VMware Physical Disk Helper Service
| VMware Tools
| WinHTTP Web Proxy Auto-Discovery Service
| Windows Audio
| Windows Audio Endpoint Builder
| Windows Connection Manager
| Windows Defender Antivirus Network Inspection Service
| Windows Defender Antivirus Service
| Windows Defender Security Centre Service
| Windows Driver Foundation - User-mode Driver Framework
| Windows Event Log
| Windows Firewall
| Windows Font Cache Service
| Windows Management Instrumentation
| Windows Process Activation Service
| Windows Push Notifications System Service
| Windows Search
| Windows Time
| Windows Update
| Workstation
|_ World Wide Web Publishing Service
| snmp-processes:
| 1:
| name: System Idle Process
| 4:
| name: System
| 300:
| name: smss.exe
| 316:
| name: svchost.exe
| path: C:\Windows\System32\
| params: -k LocalSystemNetworkRestricted
| 332:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k LocalService
| 336:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k LocalServiceNoNetwork
| 396:
| name: csrss.exe
| 476:
| name: wininit.exe
| 484:
| name: csrss.exe
| 540:
| name: winlogon.exe
| 620:
| name: services.exe
| 628:
| name: lsass.exe
| path: C:\Windows\system32\
| 716:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k DcomLaunch
| 736:
| name: fontdrvhost.exe
| 744:
| name: fontdrvhost.exe
| 756:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k LocalSystemNetworkRestricted
| 784:
| name: svchost.exe
| 832:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k RPCSS
| 884:
| name: MpCmdRun.exe
| path: C:\Program Files\Windows Defender\
| params: -IdleTask -TaskName WdCacheMaintenance
| 924:
| name: dwm.exe
| 964:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k netsvcs
| 980:
| name: svchost.exe
| path: C:\Windows\System32\
| params: -k smphost
| 1012:
| name: svchost.exe
| path: C:\Windows\System32\
| params: -k LocalServiceNetworkRestricted
| 1064:
| name: svchost.exe
| path: C:\Windows\System32\
| params: -k NetworkService
| 1164:
| name: vmacthlp.exe
| path: C:\Program Files\VMware\VMware Tools\
| 1180:
| name: Memory Compression
| 1328:
| name: svchost.exe
| path: C:\Windows\System32\
| params: -k LocalServiceNetworkRestricted
| 1372:
| name: svchost.exe
| path: C:\Windows\System32\
| params: -k LocalServiceNetworkRestricted
| 1380:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k LocalServiceNetworkRestricted
| 1512:
| name: spoolsv.exe
| path: C:\Windows\System32\
| 1632:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k appmodel
| 1748:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k apphost
| 1756:
| name: svchost.exe
| path: C:\Windows\System32\
| params: -k utcsvc
| 1784:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k ftpsvc
| 1852:
| name: snmp.exe
| path: C:\Windows\System32\
| 1864:
| name: SecurityHealthService.exe
| 1900:
| name: VGAuthService.exe
| path: C:\Program Files\VMware\VMware Tools\VMware VGAuth\
| 1912:
| name: vmtoolsd.exe
| path: C:\Program Files\VMware\VMware Tools\
| 1928:
| name: ManagementAgentHost.exe
| path: C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\
| 1936:
| name: conhost.exe
| path: \??\C:\Windows\system32\
| params: 0x4
| 1944:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k iissvcs
| 1956:
| name: MsMpEng.exe
| 2352:
| name: LogonUI.exe
| params: /flags:0x0 /state0:0xa3a28855 /state1:0x41c64e6d
| 2556:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k NetworkServiceNetworkRestricted
| 2864:
| name: WmiPrvSE.exe
| path: C:\Windows\system32\wbem\
| 2880:
| name: SearchIndexer.exe
| path: C:\Windows\system32\
| params: /Embedding
| 3064:
| name: dllhost.exe
| path: C:\Windows\system32\
| params: /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
| 3228:
| name: taskhostw.exe
| 3260:
| name: WmiPrvSE.exe
| path: C:\Windows\system32\wbem\
| 3272:
| name: NisSrv.exe
| 3396:
| name: MpCmdRun.exe
| path: C:\Program Files\Windows Defender\
| params: Scan -ScheduleJob -ScanTrigger 55
| 3472:
| name: msdtc.exe
| path: C:\Windows\System32\
| 3584:
| name: svchost.exe
| path: C:\Windows\system32\
| params: -k LocalServiceAndNoImpersonation
| 3732:
| name: conhost.exe
| path: \??\C:\Windows\system32\
| params: 0x4
| 4604:
| name: MpCmdRun.exe
| path: C:\Program Files\Windows Defender\
|_ params: Scan -ScheduleJob -RestrictPrivileges -ScanType 1 -ScanTrigger 59 -Reinvoke
| snmp-sysdescr: Hardware: AMD64 Family 23 Model 49 Stepping 0 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 15063 Multiprocessor Free)
|_ system uptime: 14m48.22s (88822 timeticks)
| snmp-win32-users:
| Administrator
| DefaultAccount
| Destitute
|_ Guest
| snmp-win32-software:
| microsoft visual c++ 2008 redistributable - x64 9.0.30729.6161; 2021-03-17t15:16:36
| microsoft visual c++ 2008 redistributable - x86 9.0.30729.6161; 2021-03-17t15:16:36
|_ vmware tools; 2021-03-17t15:16:36
| snmp-netstat:
| tcp 0.0.0.0:21 0.0.0.0:0
| tcp 0.0.0.0:80 0.0.0.0:0
| tcp 0.0.0.0:135 0.0.0.0:0
| tcp 0.0.0.0:445 0.0.0.0:0
| tcp 0.0.0.0:49664 0.0.0.0:0
| tcp 0.0.0.0:49665 0.0.0.0:0
| tcp 0.0.0.0:49666 0.0.0.0:0
| tcp 0.0.0.0:49667 0.0.0.0:0
| tcp 0.0.0.0:49668 0.0.0.0:0
| tcp 0.0.0.0:49669 0.0.0.0:0
| tcp 0.0.0.0:49670 0.0.0.0:0
| tcp 10.10.10.116:139 0.0.0.0:0
| udp 0.0.0.0:123 *:*
| udp 0.0.0.0:161 *:*
| udp 0.0.0.0:500 *:*
| udp 0.0.0.0:4500 *:*
| udp 0.0.0.0:5050 *:*
| udp 0.0.0.0:5353 *:*
| udp 0.0.0.0:5355 *:*
| udp 10.10.10.116:137 *:*
| udp 10.10.10.116:138 *:*
| udp 10.10.10.116:1900 *:*
| udp 10.10.10.116:49292 *:*
| udp 127.0.0.1:1900 *:*
|_ udp 127.0.0.1:49293 *:*
500/udp open isakmp Microsoft Windows 8
| ike-version:
| vendor_id: Microsoft Windows 8
| attributes:
| MS NT5 ISAKMPOAKLEY
| RFC 3947 NAT-T
| draft-ietf-ipsec-nat-t-ike-02\n
| IKE FRAGMENTATION
| MS-Negotiation Discovery Capable
|_ IKE CGA version 1
service info: Host: Conceal; OS: Windows 8; CPE: cpe:/o:microsoft:windows:8, cpe:/o:microsoft:windows
service detection performed. please report any incorrect results at https://nmap.org/submit/ .
nmap done: 1 IP address (1 host up) scanned in 125.67 seconds^83ae33 The target system is Microsoft Windows