InfoSec LAB

RustScan

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/compromised]
└─$ rustscan --no-banner --scripts none -a $IP 
 
Open 192.168.225.152:80
Open 192.168.225.152:135
Open 192.168.225.152:139
Open 192.168.225.152:443
Open 192.168.225.152:445
Open 192.168.225.152:5985
Open 192.168.225.152:49666
192.168.225.152 -> [80,135,139,443,445,5985,49666]

Nmap

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/compromised]
└─$ nmap -Pn -p- -T5 --min-parallelism 100 --max-parallelism 100 $IP --open 
Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-28 19:45 CEST
Nmap scan report for 192.168.225.152
Host is up (0.021s latency).
Not shown: 65528 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT      STATE SERVICE
80/tcp    open  http
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
443/tcp   open  https
445/tcp   open  microsoft-ds
5985/tcp  open  wsman
49666/tcp open  unknown
 
Nmap done: 1 IP address (1 host up) scanned in 74.81 seconds
 
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/compromised]
└─$ nmap -Pn -sC -sV -p80,135,139,443,445,5985,49666 $IP        
Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-28 19:48 CEST
Nmap scan report for 192.168.225.152
Host is up (0.021s latency).
 
PORT      STATE SERVICE       VERSION
80/tcp    open  http          Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-title: IIS Windows Server
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
443/tcp   open  ssl/http      Microsoft IIS httpd 10.0
| tls-alpn: 
|_  http/1.1
|_http-title: IIS Windows Server
|_ssl-date: 2025-06-28T17:50:15+00:00; -3s from scanner time.
| ssl-cert: Subject: commonName=PowerShellWebAccessTestWebSite
| Not valid before: 2021-06-01T08:00:08
|_Not valid after:  2021-08-30T08:00:08
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/10.0
445/tcp   open  microsoft-ds?
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
49666/tcp open  msrpc         Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
 
Host script results:
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2025-06-28T17:49:36
|_  start_date: N/A
|_clock-skew: mean: -3s, deviation: 0s, median: -4s
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 100.64 seconds

The target system appears to be a Windows host.

UDP

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/compromised]
└─$ sudo nmap -Pn -sU --top-ports 1000 $IP --open
Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-28 19:45 CEST
Nmap scan report for 192.168.225.152
Host is up.
All 1000 scanned ports on 192.168.225.152 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
 
Nmap done: 1 IP address (1 host up) scanned in 206.92 seconds

InfoSec LAB

Explorer

Compromised_Recon

RustScan

Nmap

UDP

Interactive Graph View

Table of Contents

Backlinks