LinkedIn

nmap

adot@kali:~/htb/Classics/Legacy$ sudo nmap -p 135,139,445 -A --script vuln -v -T4  10.10.10.4
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-01 05:39 CDT
NSE: Loaded 150 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 05:39
NSE Timing: About 47.37% done; ETC: 05:41 (0:00:36 remaining)
Completed NSE at 05:40, 34.66s elapsed
Initiating NSE at 05:40
Completed NSE at 05:40, 0.00s elapsed
Pre-scan script results:
| broadcast-avahi-dos: 
|   Discovered hosts:
|     224.0.0.251
|   After NULL UDP avahi packet DoS (CVE-2011-1002).
|_  Hosts are all up (not vulnerable).
Initiating Ping Scan at 05:40
Scanning 10.10.10.4 [4 ports]
Completed Ping Scan at 05:40, 0.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 05:40
Completed Parallel DNS resolution of 1 host. at 05:40, 0.02s elapsed
Initiating SYN Stealth Scan at 05:40
Scanning 10.10.10.4 [3 ports]
Discovered open port 135/tcp on 10.10.10.4
Discovered open port 445/tcp on 10.10.10.4
Discovered open port 139/tcp on 10.10.10.4
Completed SYN Stealth Scan at 05:40, 0.09s elapsed (3 total ports)
Initiating Service scan at 05:40
Scanning 3 services on 10.10.10.4
Completed Service scan at 05:40, 6.22s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 10.10.10.4
Retrying OS detection (try #2) against 10.10.10.4
Initiating Traceroute at 05:40
Completed Traceroute at 05:40, 0.05s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 05:40
Completed Parallel DNS resolution of 2 hosts. at 05:40, 0.02s elapsed
NSE: Script scanning 10.10.10.4.
Initiating NSE at 05:40
Completed NSE at 05:40, 5.13s elapsed
Initiating NSE at 05:40
Completed NSE at 05:40, 0.01s elapsed
Nmap scan report for 10.10.10.4
Host is up (0.044s latency).

PORT    STATE SERVICE      VERSION
135/tcp open  msrpc        Microsoft Windows RPC
139/tcp open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp open  microsoft-ds Microsoft Windows XP microsoft-ds
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Microsoft Windows XP SP2 or SP3 (96%), Microsoft Windows XP SP3 (96%), Microsoft Windows Server 2003 SP1 or SP2 (94%), Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows Server 2003 SP1 (94%), Microsoft Windows 2003 SP2 (93%), Microsoft Windows XP Professional SP2 or Windows Server 2003 (93%), Microsoft Windows 2000 SP3/SP4 or Windows XP SP1/SP2 (93%), Microsoft Windows XP SP2 or SP3, or Windows Embedded Standard 2009 (93%), Microsoft Windows XP SP2 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp

Host script results:
| smb-vuln-ms08-067: 
|   VULNERABLE:
|   Microsoft Windows system vulnerable to remote code execution (MS08-067)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2008-4250
|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary
|           code via a crafted RPC request that triggers the overflow during path canonicalization.
|           
|     Disclosure date: 2008-10-23
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250
|_      https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
|_smb-vuln-ms10-061: ERROR: Script execution failed (use -d to debug)
|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED
|_smb-vuln-ms10-054: false
| smb-vuln-ms17-010: 
|   VULNERABLE:
|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2017-0143
|     Risk factor: HIGH
|       A critical remote code execution vulnerability exists in Microsoft SMBv1
|        servers (ms17-010).
|           
|     Disclosure date: 2017-03-14
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
|       https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
|_      https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

TRACEROUTE (using port 135/tcp)
HOP RTT      ADDRESS
1   45.88 ms 10.10.14.1
2   45.97 ms 10.10.10.4

NSE: Script Post-scanning.
Initiating NSE at 05:40
Completed NSE at 05:40, 0.00s elapsed
Initiating NSE at 05:40
Completed NSE at 05:40, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 50.07 seconds
           Raw packets sent: 49 (3.560KB) | Rcvd: 38 (2.664KB)
PreviousReconNextEumeration

Last updated

Was this helpful?