# Nmap 7.94 scan initiated Sun Jun 11 20:21:13 2023 as: nmap --min-rate 10000 -p- -Pn -oA nmap/ports 10.10.11.202 Nmap scan report for 10.10.11.202 Host is up (0.29s latency). Not shown: 65517 filtered tcp ports (no-response) PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 1433/tcp open ms-sql-s 3268/tcp open globalcatLDAP 5985/tcp open wsman 9389/tcp open adws 49667/tcp open unknown 49687/tcp open unknown 49701/tcp open unknown 49709/tcp open unknown 52716/tcp open unknown
# Nmap done at Sun Jun 11 20:23:00 2023 -- 1 IP address (1 host up) scanned in 107.14 seconds
# Nmap 7.94 scan initiated Sun Jun 11 20:24:02 2023 as: nmap -sT -sC -sV -O -p53,88,135,139,389,445,464,593,636,1433,3268,5985,9389,49667,49687,49701,49709,52716 -oA nmap/detail 10.10.11.202 Nmap scan report for 10.10.11.202 Host is up (0.29s latency). PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2023-06-11 20:23:57Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=dc.sequel.htb | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb | Not valid before: 2022-11-18T21:20:35 |_Not valid after: 2023-11-18T21:20:35 |_ssl-date: 2023-06-11T20:25:40+00:00; +7h59m47s from scanner time. 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=dc.sequel.htb | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb | Not valid before: 2022-11-18T21:20:35 |_Not valid after: 2023-11-18T21:20:35 |_ssl-date: 2023-06-11T20:25:41+00:00; +7h59m46s from scanner time. 1433/tcp open ms-sql-s Microsoft SQL Server 2019 15.00.2000.00; RTM | ms-sql-info: | 10.10.11.202:1433: | Version: | name: Microsoft SQL Server 2019 RTM | number: 15.00.2000.00 | Product: Microsoft SQL Server 2019 | Service pack level: RTM | Post-SP patches applied: false |_ TCP port: 1433 | ms-sql-ntlm-info: | 10.10.11.202:1433: | Target_Name: sequel | NetBIOS_Domain_Name: sequel | Target_Name: sequel | NetBIOS_Domain_Name: sequel | NetBIOS_Computer_Name: DC | DNS_Domain_Name: sequel.htb | DNS_Computer_Name: dc.sequel.htb | DNS_Tree_Name: sequel.htb |_ Product_Version: 10.0.17763 | ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback | Not valid before: 2023-06-10T02:13:41 |_Not valid after: 2053-06-10T02:13:41 |_ssl-date: 2023-06-11T20:25:39+00:00; +7h59m47s from scanner time. 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=dc.sequel.htb | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb | Not valid before: 2022-11-18T21:20:35 |_Not valid after: 2023-11-18T21:20:35 |_ssl-date: 2023-06-11T20:25:40+00:00; +7h59m46s from scanner time. 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found 9389/tcp open mc-nmf .NET Message Framing 49667/tcp open msrpc Microsoft Windows RPC 49687/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 49701/tcp open msrpc Microsoft Windows RPC 49709/tcp open msrpc Microsoft Windows RPC 52716/tcp open msrpc Microsoft Windows RPC Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2019 (86%) Aggressive OS guesses: Microsoft Windows Server 2019 (86%) No exact OS matches for host (test conditions non-ideal). Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required |_clock-skew: mean: 7h59m46s, deviation: 0s, median: 7h59m45s | smb2-time: | date: 2023-06-11T20:24:58 |_ start_date: N/A OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Sun Jun 11 20:25:58 2023 -- 1 IP address (1 host up) scanned in 116.13 seconds
# Nmap 7.94 scan initiated Sun Jun 11 20:24:43 2023 as: nmap --script=vuln -p53,88,135,139,389,445,464,593,636,1433,3268,5985,9389,49667,49687,49701,49709,52716 -oA nmap/vuln 10.10.11.202 Nmap scan report for 10.10.11.202 Host is up (0.36s latency).
PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 1433/tcp open ms-sql-s |_tls-ticketbleed: ERROR: Script execution failed (use -d to debug) 3268/tcp open globalcatLDAP 5985/tcp open wsman 9389/tcp open adws 49667/tcp open unknown 49687/tcp open unknown 49701/tcp open unknown 49709/tcp open unknown 52716/tcp open unknown
Host script results: |_smb-vuln-ms10-061: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR |_samba-vuln-cve-2012-1182: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR |_smb-vuln-ms10-054: false
# Nmap done at Sun Jun 11 20:26:58 2023 -- 1 IP address (1 host up) scanned in 134.59 seconds
