nmap
❯ 8map 10.10.11.72
___
( _ ) _ __ ___ __ _ _ __
/ _ \| '_ ` _ \ / _` | '_ \
| (_) | | | | | | (_| | |_) |
\___/|_| |_| |_|\__,_| .__/
|_|
adot8 <3
[+] Scanning 10.10.11.72 [65535 TCP ports]
[+] Enumerating 10.10.11.72 [80,88,139,389,445,464,593,636,3268,3269,5985,9389,49666,49691,49692,49693,49712]
Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-10 15:47 CDT
Nmap scan report for 10.10.11.72
Host is up (0.13s latency).
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 10.0
| http-methods:
|_ Potentially risky methods: TRACE
|_http-title: IIS Windows Server
|_http-server-header: Microsoft-IIS/10.0
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-10-11 00:47:15Z)
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: tombwatcher.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.tombwatcher.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.tombwatcher.htb
| Not valid before: 2024-11-16T00:47:59
|_Not valid after: 2025-11-16T00:47:59
|_ssl-date: 2025-10-11T00:48:50+00:00; +3h59m59s from scanner time.
445/tcp open microsoft-ds?
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: tombwatcher.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.tombwatcher.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.tombwatcher.htb
| Not valid before: 2024-11-16T00:47:59
|_Not valid after: 2025-11-16T00:47:59
|_ssl-date: 2025-10-11T00:48:50+00:00; +4h00m00s from scanner time.
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: tombwatcher.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.tombwatcher.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.tombwatcher.htb
| Not valid before: 2024-11-16T00:47:59
|_Not valid after: 2025-11-16T00:47:59
|_ssl-date: 2025-10-11T00:48:50+00:00; +3h59m59s from scanner time.
3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: tombwatcher.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.tombwatcher.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.tombwatcher.htb
| Not valid before: 2024-11-16T00:47:59
|_Not valid after: 2025-11-16T00:47:59
|_ssl-date: 2025-10-11T00:48:50+00:00; +4h00m00s from scanner time.
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
9389/tcp open mc-nmf .NET Message Framing
49666/tcp open msrpc Microsoft Windows RPC
49691/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49692/tcp open msrpc Microsoft Windows RPC
49693/tcp open msrpc Microsoft Windows RPC
49712/tcp open msrpc Microsoft Windows RPC
Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| smb2-time:
| date: 2025-10-11T00:48:13
|_ start_date: N/A
|_clock-skew: mean: 3h59m59s, deviation: 0s, median: 3h59m59s
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 101.67 seconds
[+] Scanning 10.10.11.72 [1000 UDP ports]
Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-10 15:48 CDT
Initiating Ping Scan at 15:48
Scanning 10.10.11.72 [4 ports]
Completed Ping Scan at 15:48, 0.11s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:48
Completed Parallel DNS resolution of 1 host. at 15:48, 0.23s elapsed
Initiating UDP Scan at 15:48
Scanning 10.10.11.72 [100 ports]
Discovered open port 53/udp on 10.10.11.72
Discovered open port 88/udp on 10.10.11.72
Discovered open port 123/udp on 10.10.11.72
Completed UDP Scan at 15:48, 3.24s elapsed (100 total ports)
Nmap scan report for 10.10.11.72
Host is up (0.082s latency).
Not shown: 97 open|filtered udp ports (no-response)
PORT STATE SERVICE
53/udp open domain
88/udp open kerberos-sec
123/udp open ntp
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 3.73 seconds
Raw packets sent: 255 (15.491KB) | Rcvd: 6 (416B)
[+] Completed!
Last updated
Was this helpful?