Introduction 💡 DISCLAIMER: The content presented in this write-up is for educational purposes only. It demonstrates concepts related to computer security, system processes, and vulnerabilities. The information provided is not intended to encourage or condone any form of malicious activity. Users are expected to use this knowledge responsibly, ethically, and in compliance with all applicable laws and regulations. The author does not endorse or support any illegal or unauthorized use of the information presented in this write-up.
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-04 07:55 IST Nmap scan report for 10.129.136.40 (10.129.136.40) Host is up (0.080s latency). Not shown: 65534 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) | ssl-cert: Subject: commonName=atsserver.acute.local | Subject Alternative Name: DNS:atsserver.acute.local, DNS:atsserver | Not valid before: 2022-01-06T06:34:58 |_Not valid after: 2030-01-04T06:34:58 |_http-server-header: Microsoft-HTTPAPI/2.0 |_ssl-date: 2022-07-04T02:43:16+00:00; +15m23s from scanner time. | tls-alpn: |_ http/1.
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-07 22:44 IST Nmap scan report for 10.129.96.155 (10.129.96.155) Host is up (0.078s latency). Not shown: 65511 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-07-07 10:23:33Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.
Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-07 07:05 IST Nmap scan report for 10.129.95.180 (10.129.95.180) Host is up (0.071s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE |_http-title: Egotistical Bank :: Home 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-07-07 08:37:43Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.
Enumeration nmap # Nmap 7.92 scan initiated Sun Jul 3 11:41:02 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.25.107 (10.129.25.107) Host is up (0.080s latency). Not shown: 65533 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 7680/tcp open pando-pub? 8080/tcp open http Apache httpd 2.4.43 ((Win64) OpenSSL/1.1.1g PHP/7.4.6) |_http-title: mrb3n's Bro Hut |_http-open-proxy: Proxy might be redirecting requests |_http-server-header: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.
Enumeration nmap # Nmap 7.92 scan initiated Thu Jun 30 18:27:50 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.134.93 (10.129.134.93) Host is up (0.085s latency). Not shown: 65533 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 445/tcp open microsoft-ds? 4386/tcp open unknown | fingerprint-strings: | DNSStatusRequestTCP, DNSVersionBindReqTCP, Kerberos, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NULL, RPCCheck, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServer, TerminalServerCookie, X11Probe: | Reporting Service V1.
Enumeration nmap scan Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-29 17:45 IST Nmap scan report for 10.129.134.71 (10.129.134.71) Host is up (0.076s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-06-29 12:17:20Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: MEGABANK.
Enumeration nmap scan ➜ mostwanted002@Loki Forest please nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt [sudo] password for mostwanted002: Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-23 18:24 IST Nmap scan report for 10.129.95.210 (10.129.95.210) Host is up (0.074s latency). Not shown: 65512 closed tcp ports (reset) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-06-23 13:01:56Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: htb.
Enumeration nmap scan # Nmap 7.92 scan initiated Wed Jun 22 05:43:29 2022 as: nmap -sC -sV -T3 -oA nmap-tcp-all-ports -p- -iL ip.txt Nmap scan report for 10.129.121.9 (10.129.121.9) Host is up (0.070s latency). Not shown: 65530 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 |_http-title: Fidelity |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE 135/tcp open msrpc Microsoft Windows RPC 3306/tcp open mysql?