InfoSec LAB

Heist_Recon

Created: 2 min read

RustScan

┌──(kali㉿kali)-[~/archive/htb/labs/heist]
└─$ rustscan -a $IP -b 40000
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
🌍HACK THE PLANET🌍
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
open 10.10.10.149:80
open 10.10.10.149:135
open 10.10.10.149:445
open 10.10.10.149:5985
open 10.10.10.149:49669

RustScan reveal 5 open ports on the target host

Performing an Nmap scan for service/version enumeration

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/heist]
└─$ sudo nmap -AO -p- $IP                      
Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-10 20:27 CEST
Nmap scan report for 10.10.10.149
Host is up (0.031s latency).
Not shown: 65530 filtered tcp ports (no-response)
PORT      STATE SERVICE       VERSION
80/tcp    open  http          Microsoft IIS httpd 10.0
| http-methods: 
|_  Potentially risky methods: TRACE
| http-title: Support Login Page
|_Requested resource was login.php
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-server-header: Microsoft-IIS/10.0
135/tcp   open  msrpc         Microsoft Windows RPC
445/tcp   open  microsoft-ds?
Host script results:
|_clock-skew: -1s
| smb2-security-mode: 
|   3.1.1: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2022-10-10T18:29:57
|_  start_date: N/A
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
49669/tcp open  msrpc         Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
 
TRACEROUTE (using port 135/tcp)
HOP RTT      ADDRESS
1   34.03 ms 10.10.14.1
2   34.10 ms 10.10.10.149
 
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 205.75 seconds

Nmap scan returns open ports of:

  • 80: Microsoft IIS httpd 10.0
  • 135: Microsoft Windows RPC
  • 445: Microsoft Windows Directory Service
  • 5985: Microsoft Windows Remote Management
  • 49669: Microsoft Windows RPC

Interactive Graph View

Backlinks