nmap

adot@kali:~/htb/Classics/Mantis$ nmap -p 53,88,135,139,389,445,464,593,636,1337,1433,3268,3269,5722,8080,9389,49142-50255 -A -T4 -v -Pn 10.10.10.52  
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-02 06:29 CDT
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 06:29
Completed NSE at 06:29, 0.00s elapsed
Initiating NSE at 06:29
Completed NSE at 06:29, 0.00s elapsed
Initiating NSE at 06:29
Completed NSE at 06:29, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 06:29
Completed Parallel DNS resolution of 1 host. at 06:29, 0.01s elapsed
Initiating Connect Scan at 06:29
Scanning 10.10.10.52 [1130 ports]
Discovered open port 53/tcp on 10.10.10.52
Discovered open port 8080/tcp on 10.10.10.52
Discovered open port 139/tcp on 10.10.10.52
Discovered open port 135/tcp on 10.10.10.52
Discovered open port 445/tcp on 10.10.10.52
Discovered open port 49167/tcp on 10.10.10.52
Discovered open port 1433/tcp on 10.10.10.52
Discovered open port 50255/tcp on 10.10.10.52
Discovered open port 3269/tcp on 10.10.10.52
Discovered open port 636/tcp on 10.10.10.52
Increasing send delay for 10.10.10.52 from 0 to 5 due to 47 out of 117 dropped probes since last increase.
Discovered open port 88/tcp on 10.10.10.52
Discovered open port 593/tcp on 10.10.10.52
Discovered open port 49172/tcp on 10.10.10.52
Discovered open port 49157/tcp on 10.10.10.52
Discovered open port 49152/tcp on 10.10.10.52
Discovered open port 49158/tcp on 10.10.10.52
Discovered open port 389/tcp on 10.10.10.52
Discovered open port 5722/tcp on 10.10.10.52
Discovered open port 49154/tcp on 10.10.10.52
Discovered open port 49155/tcp on 10.10.10.52
Discovered open port 464/tcp on 10.10.10.52
Discovered open port 49173/tcp on 10.10.10.52
Discovered open port 9389/tcp on 10.10.10.52
Discovered open port 3268/tcp on 10.10.10.52
Discovered open port 1337/tcp on 10.10.10.52
Discovered open port 49153/tcp on 10.10.10.52
Completed Connect Scan at 06:30, 12.88s elapsed (1130 total ports)
Initiating Service scan at 06:30
Scanning 26 services on 10.10.10.52
Completed Service scan at 06:31, 59.99s elapsed (26 services on 1 host)
NSE: Script scanning 10.10.10.52.
Initiating NSE at 06:31
Completed NSE at 06:31, 15.10s elapsed
Initiating NSE at 06:31
Completed NSE at 06:31, 4.18s elapsed
Initiating NSE at 06:31
Completed NSE at 06:31, 0.00s elapsed
Nmap scan report for 10.10.10.52
Host is up (0.047s latency).
Not shown: 1104 closed tcp ports (conn-refused)
PORT      STATE SERVICE      VERSION
53/tcp    open  domain       Microsoft DNS 6.1.7601 (1DB15CD4) (Windows Server 2008 R2 SP1)
| dns-nsid: 
|_  bind.version: Microsoft DNS 6.1.7601 (1DB15CD4)
88/tcp    open  kerberos-sec Microsoft Windows Kerberos (server time: 2024-04-02 11:30:13Z)
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
389/tcp   open  ldap         Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds (workgroup: HTB)
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http   Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
1337/tcp  open  http         Microsoft IIS httpd 7.5
| http-methods: 
|   Supported Methods: OPTIONS TRACE GET HEAD POST
|_  Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/7.5
|_http-title: IIS7
1433/tcp  open  ms-sql-s     Microsoft SQL Server 2014 12.00.2000.00; RTM
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2024-04-02T11:26:10
| Not valid after:  2054-04-02T11:26:10
| MD5:   4858:5655:c6b0:c1a0:8269:62fd:1b0b:bb96
|_SHA-1: 0d89:c913:9005:067d:0e06:5c7c:16f8:5217:70c1:4caa
| ms-sql-info: 
|   10.10.10.52:1433: 
|     Version: 
|       name: Microsoft SQL Server 2014 RTM
|       number: 12.00.2000.00
|       Product: Microsoft SQL Server 2014
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433
| ms-sql-ntlm-info: 
|   10.10.10.52:1433: 
|     Target_Name: HTB
|     NetBIOS_Domain_Name: HTB
|     NetBIOS_Computer_Name: MANTIS
|     DNS_Domain_Name: htb.local
|     DNS_Computer_Name: mantis.htb.local
|     DNS_Tree_Name: htb.local
|_    Product_Version: 6.1.7601
|_ssl-date: 2024-04-02T11:31:22+00:00; 0s from scanner time.
3268/tcp  open  ldap         Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
5722/tcp  open  msrpc        Microsoft Windows RPC
8080/tcp  open  http         Microsoft IIS httpd 7.5
|_http-title: Tossed Salad - Blog
|_http-server-header: Microsoft-IIS/7.5
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
9389/tcp  open  mc-nmf       .NET Message Framing
49152/tcp open  msrpc        Microsoft Windows RPC
49153/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49155/tcp open  msrpc        Microsoft Windows RPC
49157/tcp open  ncacn_http   Microsoft Windows RPC over HTTP 1.0
49158/tcp open  msrpc        Microsoft Windows RPC
49167/tcp open  msrpc        Microsoft Windows RPC
49172/tcp open  msrpc        Microsoft Windows RPC
49173/tcp open  msrpc        Microsoft Windows RPC
50255/tcp open  ms-sql-s     Microsoft SQL Server 2014 12.00.2000.00; RTM
| ms-sql-info: 
|   10.10.10.52:50255: 
|     Version: 
|       name: Microsoft SQL Server 2014 RTM
|       number: 12.00.2000.00
|       Product: Microsoft SQL Server 2014
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 50255
|_ssl-date: 2024-04-02T11:31:21+00:00; -1s from scanner time.
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2024-04-02T11:26:10
| Not valid after:  2054-04-02T11:26:10
| MD5:   4858:5655:c6b0:c1a0:8269:62fd:1b0b:bb96
|_SHA-1: 0d89:c913:9005:067d:0e06:5c7c:16f8:5217:70c1:4caa
| ms-sql-ntlm-info: 
|   10.10.10.52:50255: 
|     Target_Name: HTB
|     NetBIOS_Domain_Name: HTB
|     NetBIOS_Computer_Name: MANTIS
|     DNS_Domain_Name: htb.local
|     DNS_Computer_Name: mantis.htb.local
|     DNS_Tree_Name: htb.local
|_    Product_Version: 6.1.7601
Service Info: Host: MANTIS; OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1, cpe:/o:microsoft:windows

Host script results:
| smb2-security-mode: 
|   2:1:0: 
|_    Message signing enabled and required
| smb2-time: 
|   date: 2024-04-02T11:31:09
|_  start_date: 2024-04-02T11:25:45
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: required
|_clock-skew: mean: 34m17s, deviation: 1h30m44s, median: 0s
| smb-os-discovery: 
|   OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1)
|   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
|   Computer name: mantis
|   NetBIOS computer name: MANTIS\x00
|   Domain name: htb.local
|   Forest name: htb.local
|   FQDN: mantis.htb.local
|_  System time: 2024-04-02T07:31:10-04:00

NSE: Script Post-scanning.
Initiating NSE at 06:31
Completed NSE at 06:31, 0.00s elapsed
Initiating NSE at 06:31
Completed NSE at 06:31, 0.00s elapsed
Initiating NSE at 06:31
Completed NSE at 06:31, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 92.58 seconds
PreviousReconNextEumeration

Last updated

Was this helpful?