RustScan
┌──(kali㉿kali)-[~/archive/htb/labs/streamio]
└─$ rustscan -a $IP -b 25000
________________________________________
: https://discord.gg/GFrQsGy :
: https://github.com/RustScan/RustScan :
--------------------------------------
Nmap? More like slowmap.🐢
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
open 10.10.11.158:53
open 10.10.11.158:80
open 10.10.11.158:88
open 10.10.11.158:139
open 10.10.11.158:135
open 10.10.11.158:389
open 10.10.11.158:443
open 10.10.11.158:445
open 10.10.11.158:464
open 10.10.11.158:593
open 10.10.11.158:636
open 10.10.11.158:3269
open 10.10.11.158:3268
open 10.10.11.158:5985
open 10.10.11.158:9389
open 10.10.11.158:49667
open 10.10.11.158:49673
open 10.10.11.158:49674
open 10.10.11.158:49690
open 10.10.11.158:49704Nmap
┌──(kali㉿kali)-[~/archive/htb/labs/streamio]
└─$ nmap -sC -sV -p- $IP
Starting Nmap 7.94 ( https://nmap.org ) at 2023-11-13 18:51 CET
Nmap scan report for 10.10.11.158
Host is up (0.097s latency).
Not shown: 65517 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
53/tcp open domain Simple DNS Plus
80/tcp open http Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
|_http-title: IIS Windows Server
| http-methods:
|_ Potentially risky methods: TRACE
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2023-11-13 18:07:24Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: streamIO.htb0., Site: Default-First-Site-Name)
443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
| tls-alpn:
|_ http/1.1
| ssl-cert: Subject: commonName=streamIO/countryName=EU
| Subject Alternative Name: DNS:streamIO.htb, DNS:watch.streamIO.htb
| Not valid before: 2022-02-22T07:03:28
|_Not valid after: 2022-03-24T07:03:28
|_ssl-date: 2023-11-13T18:09:05+00:00; +12m59s from scanner time.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
445/tcp open microsoft-ds?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: streamIO.htb0., Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
49667/tcp open msrpc Microsoft Windows RPC
49673/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49674/tcp open msrpc Microsoft Windows RPC
49690/tcp open msrpc Microsoft Windows RPC
49704/tcp open msrpc Microsoft Windows RPC
Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: 12m56s, deviation: 2s, median: 12m54s
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| smb2-time:
| date: 2023-11-13T18:08:25
|_ start_date: N/A
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 279.67 secondsThe target system appears to be a Domain Controller in an Active Directory environment
The domain is streamIO.htb
The FQDN of the target system is yet to be revealed at this point
However, the web application running over TLS on the target port 443 seems to have its DNS record registered to watch.streamIO.htb
Further investigation would be required to verify this information
UDP
┌──(kali㉿kali)-[~/archive/htb/labs/streamio]
└─$ sudo nmap -sU -top-ports 1000 $IP
starting nmap 7.94 ( https://nmap.org ) at 2023-11-13 18:35 CET
Nmap scan report for 10.10.11.158
Host is up (0.098s latency).
not shown: 996 open|filtered udp ports (no-response)
PORT STATE SERVICE
53/udp open domain
88/udp open kerberos-sec
123/udp open ntp
389/udp open ldap
nmap done: 1 IP address (1 host up) scanned in 16.03 seconds