LinkedIn

nmap

  ___                        
 ( _ ) _ __ ___   __ _ _ __  
 / _ \| '_ ` _ \ / _` | '_ \ 
| (_) | | | | | | (_| | |_) |
 \___/|_| |_| |_|\__,_| .__/ 
                      |_|    
          adot8 <3

[+] Scanning 10.10.11.108 [65535 TCP ports]


[+] Enumerating 10.10.11.108 [53,80,88,135,139,389,445,464,593,636,3268,3269,5985,9389,47001,49664,49665,49666,49667,49671,49676,49677,49678,49681,49734]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-07-02 06:22 CDT
Nmap scan report for 10.10.11.108
Host is up (0.13s latency).

PORT      STATE SERVICE       VERSION
53/tcp    open  domain        Simple DNS Plus
80/tcp    open  http          Microsoft IIS httpd 10.0
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-title: HTB Printer Admin Panel
|_http-server-header: Microsoft-IIS/10.0
88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2024-07-02 11:41:41Z)
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: return.local0., Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds?
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: return.local0., Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
9389/tcp  open  mc-nmf        .NET Message Framing
47001/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
49664/tcp open  msrpc         Microsoft Windows RPC
49665/tcp open  msrpc         Microsoft Windows RPC
49666/tcp open  msrpc         Microsoft Windows RPC
49667/tcp open  msrpc         Microsoft Windows RPC
49671/tcp open  msrpc         Microsoft Windows RPC
49676/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
49677/tcp open  msrpc         Microsoft Windows RPC
49678/tcp open  msrpc         Microsoft Windows RPC
49681/tcp open  msrpc         Microsoft Windows RPC
49734/tcp open  msrpc         Microsoft Windows RPC
Service Info: Host: PRINTER; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-time: 
|   date: 2024-07-02T11:42:33
|_  start_date: N/A
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled and required
|_clock-skew: 18m34s

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 70.81 seconds

[+] Enumerating 10.10.11.108 for vulnerabilities [53,80,88,135,139,389,445,464,593,636,3268,3269,5985,9389,47001,49664,49665,49666,49667,49671,49676,49677,49678,49681,49734]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-07-02 06:24 CDT
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for 10.10.11.108
Host is up (0.13s latency).

PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.11.108
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://10.10.11.108:80/settings.php
|     Form id: 
|_    Form action: 
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
|_ssl-ccs-injection: No reply from server (TIMEOUT)
5985/tcp  open  wsman
9389/tcp  open  adws
47001/tcp open  winrm
49664/tcp open  unknown
49665/tcp open  unknown
49666/tcp open  unknown
49667/tcp open  unknown
49671/tcp open  unknown
49676/tcp open  unknown
49677/tcp open  unknown
49678/tcp open  unknown
49681/tcp open  unknown
49734/tcp open  unknown

Host script results:
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
|_samba-vuln-cve-2012-1182: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR

Nmap done: 1 IP address (1 host up) scanned in 571.22 seconds

[+] Scanning 10.10.11.108 [1000 UDP ports]
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-07-02 06:33 CDT
Initiating Ping Scan at 06:33
Scanning 10.10.11.108 [4 ports]
Completed Ping Scan at 06:33, 0.18s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 06:33
Completed Parallel DNS resolution of 1 host. at 06:33, 0.01s elapsed
Initiating UDP Scan at 06:33
Scanning 10.10.11.108 [100 ports]
Discovered open port 53/udp on 10.10.11.108
Increasing send delay for 10.10.11.108 from 0 to 50 due to max_successful_tryno increase to 5
Increasing send delay for 10.10.11.108 from 50 to 100 due to max_successful_tryno increase to 6
Warning: 10.10.11.108 giving up on port because retransmission cap hit (6).
Discovered open port 123/udp on 10.10.11.108
Increasing send delay for 10.10.11.108 from 100 to 200 due to 11 out of 14 dropped probes since last increase.
Increasing send delay for 10.10.11.108 from 200 to 400 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 10.10.11.108 from 400 to 800 due to 11 out of 18 dropped probes since last increase.
Discovered open port 88/udp on 10.10.11.108
Increasing send delay for 10.10.11.108 from 800 to 1000 due to 11 out of 21 dropped probes since last increase.
Completed UDP Scan at 06:35, 104.07s elapsed (100 total ports)
Nmap scan report for 10.10.11.108
Host is up (0.17s latency).
Not shown: 80 closed udp ports (port-unreach)
PORT      STATE         SERVICE
53/udp    open          domain
88/udp    open          kerberos-sec
123/udp   open          ntp
137/udp   open|filtered netbios-ns
138/udp   open|filtered netbios-dgm
500/udp   open|filtered isakmp
515/udp   open|filtered printer
520/udp   open|filtered route
631/udp   open|filtered ipp
1029/udp  open|filtered solid-mux
1719/udp  open|filtered h323gatestat
2223/udp  open|filtered rockwell-csp2
3456/udp  open|filtered IISrpc-or-vat
4444/udp  open|filtered krb524
4500/udp  open|filtered nat-t-ike
5353/udp  open|filtered zeroconf
31337/udp open|filtered BackOrifice
32771/udp open|filtered sometimes-rpc6
33281/udp open|filtered unknown
65024/udp open|filtered unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 104.43 seconds
           Raw packets sent: 448 (28.167KB) | Rcvd: 96 (7.726KB)

[+] Completed!
PreviousReconNextEumeration

Last updated

Was this helpful?