RustScan
┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ rustscan --no-banner --scripts none -a $IP
Open 10.10.183.209:21
Open 10.10.183.209:22
Open 10.10.183.209:80
Open 10.10.183.209:1311
Open 10.10.183.209:3389
Open 10.10.183.209:7680
10.10.183.209 -> [21,22,80,1311,3389,7680]Nmap
┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ nmap -Pn -p- -T5 --min-parallelism 100 --max-parallelism 100 $IP --open
Starting Nmap 7.95 ( https://nmap.org ) at 2025-07-05 15:54 CEST
Nmap scan report for 10.10.183.209
Host is up (0.037s latency).
Not shown: 65529 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
1311/tcp open rxmon
3389/tcp open ms-wbt-server
7680/tcp open pando-pub
Nmap done: 1 IP address (1 host up) scanned in 120.21 seconds
┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ nmap -Pn -sC -sV -p21,22,80,1311,3389,7680 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-07-05 15:57 CEST
Nmap scan report for 10.10.183.209
Host is up (0.038s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 06-28-23 02:58PM 3722 Credit-Cards-We-Pwned.txt
|_06-28-23 03:00PM 1022126 stolen-passport.png
| ftp-syst:
|_ SYST: Windows_NT
22/tcp open ssh OpenSSH for_Windows_7.7 (protocol 2.0)
| ssh-hostkey:
| 2048 0d:fa:da:de:c9:dd:99:8d:2e:8e:eb:3b:93:ff:e2:6c (RSA)
| 256 5d:0c:df:32:26:d3:71:a2:8e:6e:9a:1c:43:fc:1a:03 (ECDSA)
|_ 256 c4:25:e7:09:d6:c9:d9:86:5f:6e:8a:8b:ec:13:4a:8b (ED25519)
80/tcp open http Microsoft IIS httpd 10.0
|_http-title: HackSmarterSec
|_http-server-header: Microsoft-IIS/10.0
| http-methods:
|_ Potentially risky methods: TRACE
1311/tcp open ssl/rxmon?
| ssl-cert: Subject: commonName=hacksmartersec/organizationName=Dell Inc/stateOrProvinceName=TX/countryName=US
| Not valid before: 2023-06-30T19:03:17
|_Not valid after: 2025-06-29T19:03:17
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 200
| Strict-Transport-Security: max-age=0
| X-Frame-Options: SAMEORIGIN
| X-Content-Type-Options: nosniff
| X-XSS-Protection: 1; mode=block
| vary: accept-encoding
| Content-Type: text/html;charset=UTF-8
| Date: Sat, 05 Jul 2025 13:58:07 GMT
| Connection: close
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
| <html>
| <head>
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
| <title>OpenManage™</title>
| <link type="text/css" rel="stylesheet" href="/oma/css/loginmaster.css">
| <style type="text/css"></style>
| <script type="text/javascript" src="/oma/js/prototype.js" language="javascript"></script><script type="text/javascript" src="/oma/js/gnavbar.js" language="javascript"></script><script type="text/javascript" src="/oma/js/Clarity.js" language="javascript"></script><script language="javascript">
| HTTPOptions:
| HTTP/1.1 200
| Strict-Transport-Security: max-age=0
| X-Frame-Options: SAMEORIGIN
| X-Content-Type-Options: nosniff
| X-XSS-Protection: 1; mode=block
| vary: accept-encoding
| Content-Type: text/html;charset=UTF-8
| Date: Sat, 05 Jul 2025 13:58:12 GMT
| Connection: close
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
| <html>
| <head>
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
| <title>OpenManage™</title>
| <link type="text/css" rel="stylesheet" href="/oma/css/loginmaster.css">
| <style type="text/css"></style>
|_ <script type="text/javascript" src="/oma/js/prototype.js" language="javascript"></script><script type="text/javascript" src="/oma/js/gnavbar.js" language="javascript"></script><script type="text/javascript" src="/oma/js/Clarity.js" language="javascript"></script><script language="javascript">
3389/tcp open ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
| Target_Name: HACKSMARTERSEC
| NetBIOS_Domain_Name: HACKSMARTERSEC
| NetBIOS_Computer_Name: HACKSMARTERSEC
| DNS_Domain_Name: hacksmartersec
| DNS_Computer_Name: hacksmartersec
| Product_Version: 10.0.17763
|_ System_Time: 2025-07-05T13:58:36+00:00
|_ssl-date: 2025-07-05T13:58:41+00:00; -3s from scanner time.
| ssl-cert: Subject: commonName=hacksmartersec
| Not valid before: 2025-07-04T13:54:09
|_Not valid after: 2026-01-03T13:54:09
7680/tcp open pando-pub?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port1311-TCP:V=7.95%T=SSL%I=7%D=7/5%Time=68692F72%P=x86_64-pc-linux-gnu
SF:%r(GetRequest,1089,"HTTP/1\.1\x20200\x20\r\nStrict-Transport-Security:\
SF:x20max-age=0\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-Content-Type-Option
SF:s:\x20nosniff\r\nX-XSS-Protection:\x201;\x20mode=block\r\nvary:\x20acce
SF:pt-encoding\r\nContent-Type:\x20text/html;charset=UTF-8\r\nDate:\x20Sat
SF:,\x2005\x20Jul\x202025\x2013:58:07\x20GMT\r\nConnection:\x20close\r\n\r
SF:\n<!DOCTYPE\x20html\x20PUBLIC\x20\"-//W3C//DTD\x20XHTML\x201\.0\x20Stri
SF:ct//EN\"\x20\"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r
SF:\n<html>\r\n<head>\r\n<META\x20http-equiv=\"Content-Type\"\x20content=\
SF:"text/html;\x20charset=UTF-8\">\r\n<title>OpenManage™</title>\r\n
SF:<link\x20type=\"text/css\"\x20rel=\"stylesheet\"\x20href=\"/oma/css/log
SF:inmaster\.css\">\r\n<style\x20type=\"text/css\"></style>\r\n<script\x20
SF:type=\"text/javascript\"\x20src=\"/oma/js/prototype\.js\"\x20language=\
SF:"javascript\"></script><script\x20type=\"text/javascript\"\x20src=\"/om
SF:a/js/gnavbar\.js\"\x20language=\"javascript\"></script><script\x20type=
SF:\"text/javascript\"\x20src=\"/oma/js/Clarity\.js\"\x20language=\"javasc
SF:ript\"></script><script\x20language=\"javascript\">\r\n\x20")%r(HTTPOpt
SF:ions,1089,"HTTP/1\.1\x20200\x20\r\nStrict-Transport-Security:\x20max-ag
SF:e=0\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-Content-Type-Options:\x20nos
SF:niff\r\nX-XSS-Protection:\x201;\x20mode=block\r\nvary:\x20accept-encodi
SF:ng\r\nContent-Type:\x20text/html;charset=UTF-8\r\nDate:\x20Sat,\x2005\x
SF:20Jul\x202025\x2013:58:12\x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTY
SF:PE\x20html\x20PUBLIC\x20\"-//W3C//DTD\x20XHTML\x201\.0\x20Strict//EN\"\
SF:x20\"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-strict\.dtd\">\r\n<html>\
SF:r\n<head>\r\n<META\x20http-equiv=\"Content-Type\"\x20content=\"text/htm
SF:l;\x20charset=UTF-8\">\r\n<title>OpenManage™</title>\r\n<link\x20
SF:type=\"text/css\"\x20rel=\"stylesheet\"\x20href=\"/oma/css/loginmaster\
SF:.css\">\r\n<style\x20type=\"text/css\"></style>\r\n<script\x20type=\"te
SF:xt/javascript\"\x20src=\"/oma/js/prototype\.js\"\x20language=\"javascri
SF:pt\"></script><script\x20type=\"text/javascript\"\x20src=\"/oma/js/gnav
SF:bar\.js\"\x20language=\"javascript\"></script><script\x20type=\"text/ja
SF:vascript\"\x20src=\"/oma/js/Clarity\.js\"\x20language=\"javascript\"></
SF:script><script\x20language=\"javascript\">\r\n\x20");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: -3s, deviation: 0s, median: -3s
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 54.65 secondsThe target system is a Windows host.
The hostname is HACKSMARTERSEC
UDP
┌──(kali㉿kali)-[~/archive/thm/hacksmartersecurity]
└─$ sudo nmap -Pn -sU -top-ports 1000 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-07-05 15:54 CEST
Nmap scan report for 10.10.183.209
Host is up.
All 1000 scanned ports on 10.10.183.209 are in ignored states.
Not shown: 1000 open|filtered udp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 206.88 seconds