InfoSec LAB

RustScan

┌──(kali㉿kali)-[~/archive/htb/labs/forest]
└─$ rustscan -a $IP --ulimit=5000
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
0day was here ♥
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
open 10.10.10.161:53
open 10.10.10.161:88
open 10.10.10.161:135
open 10.10.10.161:139
open 10.10.10.161:389
open 10.10.10.161:445
open 10.10.10.161:464
open 10.10.10.161:593
open 10.10.10.161:5985
open 10.10.10.161:9389
open 10.10.10.161:47001
open 10.10.10.161:49664
open 10.10.10.161:49665
open 10.10.10.161:49667
open 10.10.10.161:49671
open 10.10.10.161:49676
open 10.10.10.161:49666
open 10.10.10.161:49677
open 10.10.10.161:49684
open 10.10.10.161:49706
open 10.10.10.161:49931

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/forest]
└─$ nmap -sC -sV -p- $IP
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-22 12:24 CET
Nmap scan report for 10.10.10.161
Host is up (0.028s latency).
Not shown: 65512 closed tcp ports (conn-refused)
PORT      STATE SERVICE      VERSION
53/tcp    open  domain       Simple DNS Plus
88/tcp    open  kerberos-sec Microsoft Windows Kerberos (server time: 2023-01-22 11:31:48Z)
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
389/tcp   open  ldap         Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: HTB)
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http   Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap         Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
5985/tcp  open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
9389/tcp  open  mc-nmf       .NET Message Framing
47001/tcp open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
49664/tcp open  msrpc        Microsoft Windows RPC
49665/tcp open  msrpc        Microsoft Windows RPC
49666/tcp open  msrpc        Microsoft Windows RPC
49667/tcp open  msrpc        Microsoft Windows RPC
49671/tcp open  msrpc        Microsoft Windows RPC
49676/tcp open  ncacn_http   Microsoft Windows RPC over HTTP 1.0
49677/tcp open  msrpc        Microsoft Windows RPC
49684/tcp open  msrpc        Microsoft Windows RPC
49706/tcp open  msrpc        Microsoft Windows RPC
Service Info: Host: FOREST; OS: Windows; CPE: cpe:/o:microsoft:windows
 
Host script results:
|_clock-skew: mean: 2h46m48s, deviation: 4h37m08s, median: 6m47s
| smb2-time: 
|   date: 2023-01-22T11:32:39
|_  start_date: 2023-01-22T11:26:35
| smb2-security-mode: 
|   311: 
|_    Message signing enabled and required
| smb-security-mode: 
|   account_used: <blank>
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: required
| smb-os-discovery: 
|   OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)
|   Computer name: FOREST
|   NetBIOS computer name: FOREST\x00
|   Domain name: htb.local
|   Forest name: htb.local
|   FQDN: FOREST.htb.local
|_  System time: 2023-01-22T03:32:38-08:00
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 86.02 seconds

The target system is Microsoft Windows Server 2016 Standard 14393 The target host is a domain controller in an Active Directory environment

InfoSec LAB

Explorer

Forest_Recon

RustScan

Nmap

Interactive Graph View

Table of Contents

Backlinks