TCP
# Nmap 7.92 scan initiated Thu Jul 14 16:06:41 2022 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/kali/Heist/results/192.168.105.165/scans/_full_tcp_nmap.txt -oX /home/kali/Heist/results/192.168.105.165/scans/xml/_full_tcp_nmap.xml 192.168.105.165
Nmap scan report for 192.168.105.165
Host is up, received user-set (0.054s latency).
Scanned at 2022-07-14 16:06:42 EDT for 215s
Not shown: 65514 filtered tcp ports (no-response)
PORT STATE SERVICE REASON VERSION
53/tcp open domain syn-ack ttl 127 Simple DNS Plus
88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2022-07-14 20:08:33Z)
135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC
139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn
389/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: heist.offsec0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds? syn-ack ttl 127
464/tcp open kpasswd5? syn-ack ttl 127
593/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped syn-ack ttl 127
3268/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: heist.offsec0., Site: Default-First-Site-Name)
3269/tcp open tcpwrapped syn-ack ttl 127
3389/tcp open ms-wbt-server syn-ack ttl 127 Microsoft Terminal Services
| rdp-ntlm-info:
| Target_Name: HEIST
| NetBIOS_Domain_Name: HEIST
| NetBIOS_Computer_Name: DC01
| DNS_Domain_Name: heist.offsec
| DNS_Computer_Name: DC01.heist.offsec
| DNS_Tree_Name: heist.offsec
| Product_Version: 10.0.17763
|_ System_Time: 2022-07-14T20:09:35+00:00
|_ssl-date: 2022-07-14T20:10:14+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=DC01.heist.offsec
| Issuer: commonName=DC01.heist.offsec
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-07-13T19:58:56
| Not valid after: 2023-01-12T19:58:56
| MD5: 2866 f5ae 7817 9aac d4af 416d 41c6 41c0
| SHA-1: 82a3 9949 50bb 2afd 01f9 7525 79bd 7ada bb6a 46c7
| -----BEGIN CERTIFICATE-----
| MIIC5jCCAc6gAwIBAgIQHvSVzyrE/phEdjAq98ArTTANBgkqhkiG9w0BAQsFADAc
| MRowGAYDVQQDExFEQzAxLmhlaXN0Lm9mZnNlYzAeFw0yMjA3MTMxOTU4NTZaFw0y
| MzAxMTIxOTU4NTZaMBwxGjAYBgNVBAMTEURDMDEuaGVpc3Qub2Zmc2VjMIIBIjAN
| BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d//i4V6OG6wOjxG8GO/bhiycqkG
| URq9tHaq0rx/u9CARasoAn+lSllwYmDQAlx16IMorY+/xEHZDLSTA1g3PEWvkuLh
| /SjCXrkC0kjn2u8ZWg7O4H1/KL5sak6MJXkGWwGEPG77tXx7/p3/yaCtTXU5TkXc
| zyxRbZwZe+sujD9B0eh1UDo55kBj2qDASgpbeULaO3o+SOjrWdSBPd7edpeCZgGO
| U0bavcs2+FJDvXdfMRkiI/S2wdAKyPAeQD8O7DcQ+bbeebscbGg56WrC698X+ChZ
| mcotIH2mb+sVDHKbINJ3Ym0nY2iVqaLPJe6ejKxlw9HRBaB3TVhRD1u+SQIDAQAB
| oyQwIjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBDAwDQYJKoZIhvcN
| AQELBQADggEBAEldNPqvXBeLwpzzNwvsKIdDzqmK3xntZ0cPgxFgsUukLxPVc/QE
| gCJ34UBTljTCgvB9YJQvV6nk7rnITBhP9jrv7B5GjCVsbInAsOihBP6Zp6CHmpJ1
| VjwD8sqqP305V74PRPA7i5Hr1ZFZtX/bJ3W5UTq0lLo0N9ZI4Xs5ELpdbNWUK50z
| fdFm+7tp+w1QtUaKaMp/66fx4hggtAbfl1XgZruz3SyKyIAOs8l7V2W1TiBaov2k
| xpKRiCDKGFLt41RyA43bN0DEBkdssFFVrCJbPgo6ri3EDyMtV6+wl1NCdvUH8Vit
| RlBow0qO4KP95BwRrPUzWNq1GmEN9FzOy1o=
|_-----END CERTIFICATE-----
5985/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
8080/tcp open http syn-ack ttl 127 Werkzeug httpd 2.0.1 (Python 3.9.0)
|_http-server-header: Werkzeug/2.0.1 Python/3.9.0
|_http-title: Super Secure Web Browser
| http-methods:
|_ Supported Methods: HEAD OPTIONS GET
9389/tcp open mc-nmf syn-ack ttl 127 .NET Message Framing
49668/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC
49673/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
49674/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC
49677/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC
49703/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC
49753/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
TCP/IP fingerprint:
SCAN(V=7.92%E=4%D=7/14%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=62D07829%P=x86_64-pc-linux-gnu)
SEQ(SP=105%GCD=1%ISR=107%TI=I%II=I%SS=S%TS=U)
OPS(O1=M551NW8NNS%O2=M551NW8NNS%O3=M551NW8%O4=M551NW8NNS%O5=M551NW8NNS%O6=M551NNS)
WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)
ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M551NW8NNS%CC=Y%Q=)
T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=80%CD=Z)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3.1.1:
|_ Message signing enabled and required
| smb2-time:
| date: 2022-07-14T20:09:39
|_ start_date: N/A
|_clock-skew: mean: 0s, deviation: 0s, median: 0s
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 54195/tcp): CLEAN (Timeout)
| Check 2 (port 63069/tcp): CLEAN (Timeout)
| Check 3 (port 33594/udp): CLEAN (Timeout)
| Check 4 (port 7640/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
TRACEROUTE (using port 3389/tcp)
HOP RTT ADDRESS
1 56.46 ms 192.168.49.1
2 56.71 ms 192.168.105.165
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Jul 14 16:10:17 2022 -- 1 IP address (1 host up) scanned in 216.05 secondsLast updated