nmap

  ___                        
 ( _ ) _ __ ___   __ _ _ __  
 / _ \| '_ ` _ \ / _` | '_ \ 
| (_) | | | | | | (_| | |_) |
 \___/|_| |_| |_|\__,_| .__/ 
                      |_|    

[+] Scanning 10.10.10.175 [65535 TCP ports]


[+] Enumerating 10.10.10.175 [53,80,88,135,139,389,445,464,593,636,3268,3269,5985,9389,49667,49673,49674,49675,49732]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-28 11:47 CDT
Nmap scan report for sauna (10.10.10.175)
Host is up (0.047s latency).

PORT      STATE SERVICE       VERSION
53/tcp    open  domain        Simple DNS Plus
80/tcp    open  http          Microsoft IIS httpd 10.0
|_http-title: Egotistical Bank :: Home
|_http-server-header: Microsoft-IIS/10.0
| http-methods: 
|_  Potentially risky methods: TRACE
88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2024-05-28 23:47:26Z)
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.LOCAL0., Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds?
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.LOCAL0., Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
9389/tcp  open  mc-nmf        .NET Message Framing
49667/tcp open  msrpc         Microsoft Windows RPC
49673/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
49674/tcp open  msrpc         Microsoft Windows RPC
49675/tcp open  msrpc         Microsoft Windows RPC
49732/tcp open  msrpc         Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: 7h00m00s
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled and required
| smb2-time: 
|   date: 2024-05-28T23:48:17
|_  start_date: N/A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 96.31 seconds

[+] Enumerating 10.10.10.175 for vulnerabilities [53,80,88,135,139,389,445,464,593,636,3268,3269,5985,9389,49667,49673,49674,49675,49732]

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-28 11:48 CDT
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Nmap scan report for sauna (10.10.10.175)
Host is up (0.050s latency).

PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=sauna
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://sauna:80/
|     Form id: email
|     Form action: #
|     
|     Path: http://sauna:80/contact.html
|     Form id: 
|     Form action: #
|     
|     Path: http://sauna:80/single.html
|     Form id: 
|     Form action: #
|     
|     Path: http://sauna:80/single.html
|     Form id: 
|     Form action: #
|     
|     Path: http://sauna:80/index.html
|     Form id: email
|     Form action: #
|     
|     Path: http://sauna:80/about.html
|     Form id: email
|_    Form action: #
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
593/tcp   open  http-rpc-epmap
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
5985/tcp  open  wsman
9389/tcp  open  adws
49667/tcp open  unknown
49673/tcp open  unknown
49674/tcp open  unknown
49675/tcp open  unknown
49732/tcp open  unknown

Host script results:
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
|_samba-vuln-cve-2012-1182: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR

Nmap done: 1 IP address (1 host up) scanned in 274.68 seconds

[+] Scanning 10.10.10.175 [1000 UDP ports]
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-28 11:53 CDT
Initiating Ping Scan at 11:53
Scanning 10.10.10.175 [4 ports]
Completed Ping Scan at 11:53, 0.10s elapsed (1 total hosts)
Initiating UDP Scan at 11:53
Scanning sauna (10.10.10.175) [100 ports]
Discovered open port 53/udp on 10.10.10.175
Discovered open port 123/udp on 10.10.10.175
Increasing send delay for 10.10.10.175 from 0 to 50 due to 11 out of 13 dropped probes since last increase.
Discovered open port 88/udp on 10.10.10.175
Completed UDP Scan at 11:53, 23.49s elapsed (100 total ports)
Nmap scan report for sauna (10.10.10.175)
Host is up (0.044s latency).
Not shown: 97 open|filtered udp ports (no-response)
PORT    STATE SERVICE
53/udp  open  domain
88/udp  open  kerberos-sec
123/udp open  ntp

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 23.75 seconds
           Raw packets sent: 282 (16.789KB) | Rcvd: 6 (372B)

[+] Completed!
PreviousRecon NextEumeration
Last updated 9 months ago
Was this helpful?