InfoSec LAB

RustScan

┌──(kali㉿kali)-[~/archive/htb/labs/return]
└─$ rustscan -a $IP -b 20000
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
please contribute more quotes to our github https://github.com/rustscan/rustscan
 
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
open 10.10.11.108:53
open 10.10.11.108:80
open 10.10.11.108:88
open 10.10.11.108:135
open 10.10.11.108:139
open 10.10.11.108:389
open 10.10.11.108:445
open 10.10.11.108:464
open 10.10.11.108:593
open 10.10.11.108:636
open 10.10.11.108:3268
open 10.10.11.108:3269
open 10.10.11.108:5985
open 10.10.11.108:9389
open 10.10.11.108:47001
open 10.10.11.108:49664
open 10.10.11.108:49671
open 10.10.11.108:49679
open 10.10.11.108:49667
open 10.10.11.108:49665
open 10.10.11.108:49674
open 10.10.11.108:49675
open 10.10.11.108:49666
open 10.10.11.108:49682
open 10.10.11.108:49694
open 10.10.11.108:54510

Nmap

┌──(kali㉿kali)-[~/archive/htb/labs/return]
└─$ nmap -sC -sV -p- $IP
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-23 09:39 CET
Nmap scan report for 10.10.11.108
Host is up (0.030s latency).
Not shown: 65509 closed tcp ports (conn-refused)
PORT      STATE SERVICE       VERSION
53/tcp    open  domain        Simple DNS Plus
80/tcp    open  http          Microsoft IIS httpd 10.0
|_http-title: HTB Printer Admin Panel
|_http-server-header: Microsoft-IIS/10.0
| http-methods: 
|_  Potentially risky methods: TRACE
88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2023-03-23 08:58:11Z)
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: return.local0., Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds?
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: return.local0., Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
9389/tcp  open  mc-nmf        .NET Message Framing
47001/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
49664/tcp open  msrpc         Microsoft Windows RPC
49665/tcp open  msrpc         Microsoft Windows RPC
49666/tcp open  msrpc         Microsoft Windows RPC
49667/tcp open  msrpc         Microsoft Windows RPC
49671/tcp open  msrpc         Microsoft Windows RPC
49674/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
49675/tcp open  msrpc         Microsoft Windows RPC
49679/tcp open  msrpc         Microsoft Windows RPC
49682/tcp open  msrpc         Microsoft Windows RPC
49694/tcp open  msrpc         Microsoft Windows RPC
54510/tcp open  msrpc         Microsoft Windows RPC
Service Info: Host: PRINTER; OS: Windows; CPE: cpe:/o:microsoft:windows
 
Host script results:
|_clock-skew: 18m33s
| smb2-time: 
|   date: 2023-03-23T08:59:06
|_  start_date: N/A
| smb2-security-mode: 
|   311: 
|_    Message signing enabled and required
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 92.58 seconds

The target system appears to be a domain controller in an Active Directory environment The domain is RETURN.LOCAL The FQDN of the target host is PRINTER.RETURN.LOCAL

The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution

InfoSec LAB

Explorer

Return_Recon

RustScan

Nmap

Interactive Graph View

Table of Contents

Backlinks