mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-12 22:37:09 +00:00
Create nmap_ad_example.md
This commit is contained in:
parent
5f144a640a
commit
3d52ee24f0
1 changed files with 451 additions and 0 deletions
451
recon/nmap_ad_example.md
Normal file
451
recon/nmap_ad_example.md
Normal file
|
@ -0,0 +1,451 @@
|
|||
# NMAP and AD Example
|
||||
The following is an example of scanning an AD infrastructure using the [GOAD](https://github.com/Orange-Cyberdefense/GOAD/) intentionally vulnerable AD environment:
|
||||
|
||||
```
|
||||
websploit# nmap -Pn -p- -sC -sV -oA full_scan_goad 192.168.56.10-12,22-23
|
||||
Nmap scan report for sevenkingdoms.local (192.168.56.10)
|
||||
Host is up (0.00066s latency).
|
||||
Not shown: 65511 filtered tcp ports (no-response)
|
||||
PORT STATE SERVICE VERSION
|
||||
53/tcp open domain Simple DNS Plus
|
||||
80/tcp open http Microsoft IIS httpd 10.0
|
||||
|_http-server-header: Microsoft-IIS/10.0
|
||||
| http-methods:
|
||||
|_ Potentially risky methods: TRACE
|
||||
|_http-title: IIS Windows Server
|
||||
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-07-03 15:14:43Z)
|
||||
135/tcp open msrpc Microsoft Windows RPC
|
||||
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|
||||
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ssl-cert: Subject: commonName=kingslanding.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:kingslanding.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T06:55:19
|
||||
|_Not valid after: 2026-06-30T06:55:19
|
||||
445/tcp open microsoft-ds?
|
||||
464/tcp open kpasswd5?
|
||||
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
|
||||
636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
| ssl-cert: Subject: commonName=kingslanding.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:kingslanding.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T06:55:19
|
||||
|_Not valid after: 2026-06-30T06:55:19
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ssl-cert: Subject: commonName=kingslanding.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:kingslanding.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T06:55:19
|
||||
|_Not valid after: 2026-06-30T06:55:19
|
||||
3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
| ssl-cert: Subject: commonName=kingslanding.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:kingslanding.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T06:55:19
|
||||
|_Not valid after: 2026-06-30T06:55:19
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
3389/tcp open ms-wbt-server Microsoft Terminal Services
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ssl-cert: Subject: commonName=kingslanding.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-27T22:40:05
|
||||
|_Not valid after: 2025-12-27T22:40:05
|
||||
| rdp-ntlm-info:
|
||||
| Target_Name: SEVENKINGDOMS
|
||||
| NetBIOS_Domain_Name: SEVENKINGDOMS
|
||||
| NetBIOS_Computer_Name: KINGSLANDING
|
||||
| DNS_Domain_Name: sevenkingdoms.local
|
||||
| DNS_Computer_Name: kingslanding.sevenkingdoms.local
|
||||
| DNS_Tree_Name: sevenkingdoms.local
|
||||
| Product_Version: 10.0.17763
|
||||
|_ System_Time: 2025-07-03T15:16:37+00:00
|
||||
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
|_http-title: Not Found
|
||||
5986/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| tls-alpn:
|
||||
|_ http/1.1
|
||||
| ssl-cert: Subject: commonName=VAGRANT
|
||||
| Subject Alternative Name: DNS:VAGRANT, DNS:vagrant
|
||||
| Not valid before: 2025-06-27T15:18:01
|
||||
|_Not valid after: 2025-06-26T15:18:01
|
||||
|_http-title: Not Found
|
||||
9389/tcp open mc-nmf .NET Message Framing
|
||||
49666/tcp open msrpc Microsoft Windows RPC
|
||||
49667/tcp open msrpc Microsoft Windows RPC
|
||||
49677/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
|
||||
49678/tcp open msrpc Microsoft Windows RPC
|
||||
49680/tcp open msrpc Microsoft Windows RPC
|
||||
49693/tcp open msrpc Microsoft Windows RPC
|
||||
49708/tcp open msrpc Microsoft Windows RPC
|
||||
59098/tcp open msrpc Microsoft Windows RPC
|
||||
MAC Address: 08:00:27:57:A4:F2 (Oracle VirtualBox virtual NIC)
|
||||
Service Info: Host: KINGSLANDING; OS: Windows; CPE: cpe:/o:microsoft:windows
|
||||
|
||||
Host script results:
|
||||
|_nbstat: NetBIOS name: KINGSLANDING, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:57:a4:f2 (Oracle VirtualBox virtual NIC)
|
||||
| smb2-time:
|
||||
| date: 2025-07-03T15:16:34
|
||||
|_ start_date: N/A
|
||||
| smb2-security-mode:
|
||||
| 3.1.1:
|
||||
|_ Message signing enabled and required
|
||||
|
||||
Nmap scan report for winterfell.north.sevenkingdoms.local (192.168.56.11)
|
||||
Host is up (0.00068s latency).
|
||||
Not shown: 65513 filtered tcp ports (no-response)
|
||||
PORT STATE SERVICE VERSION
|
||||
53/tcp open domain Simple DNS Plus
|
||||
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-07-03 15:14:49Z)
|
||||
135/tcp open msrpc Microsoft Windows RPC
|
||||
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|
||||
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
| ssl-cert: Subject: commonName=winterfell.north.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:winterfell.north.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T13:20:52
|
||||
|_Not valid after: 2026-06-30T13:20:52
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
445/tcp open microsoft-ds?
|
||||
464/tcp open kpasswd5?
|
||||
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
|
||||
636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
| ssl-cert: Subject: commonName=winterfell.north.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:winterfell.north.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T13:20:52
|
||||
|_Not valid after: 2026-06-30T13:20:52
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ssl-cert: Subject: commonName=winterfell.north.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:winterfell.north.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T13:20:52
|
||||
|_Not valid after: 2026-06-30T13:20:52
|
||||
3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: sevenkingdoms.local0., Site: Default-First-Site-Name)
|
||||
| ssl-cert: Subject: commonName=winterfell.north.sevenkingdoms.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:winterfell.north.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-30T13:20:52
|
||||
|_Not valid after: 2026-06-30T13:20:52
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
3389/tcp open ms-wbt-server Microsoft Terminal Services
|
||||
| ssl-cert: Subject: commonName=winterfell.north.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-27T22:49:00
|
||||
|_Not valid after: 2025-12-27T22:49:00
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| rdp-ntlm-info:
|
||||
| Target_Name: NORTH
|
||||
| NetBIOS_Domain_Name: NORTH
|
||||
| NetBIOS_Computer_Name: WINTERFELL
|
||||
| DNS_Domain_Name: north.sevenkingdoms.local
|
||||
| DNS_Computer_Name: winterfell.north.sevenkingdoms.local
|
||||
| DNS_Tree_Name: sevenkingdoms.local
|
||||
| Product_Version: 10.0.17763
|
||||
|_ System_Time: 2025-07-03T15:16:36+00:00
|
||||
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
|_http-title: Not Found
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
5986/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
| tls-alpn:
|
||||
|_ http/1.1
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
|_http-title: Not Found
|
||||
| ssl-cert: Subject: commonName=VAGRANT
|
||||
| Subject Alternative Name: DNS:VAGRANT, DNS:vagrant
|
||||
| Not valid before: 2025-06-27T15:21:08
|
||||
|_Not valid after: 2025-06-26T15:21:08
|
||||
9389/tcp open mc-nmf .NET Message Framing
|
||||
49666/tcp open msrpc Microsoft Windows RPC
|
||||
49667/tcp open msrpc Microsoft Windows RPC
|
||||
49669/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
|
||||
49670/tcp open msrpc Microsoft Windows RPC
|
||||
49672/tcp open msrpc Microsoft Windows RPC
|
||||
49702/tcp open msrpc Microsoft Windows RPC
|
||||
65091/tcp open msrpc Microsoft Windows RPC
|
||||
MAC Address: 08:00:27:3E:C3:EF (Oracle VirtualBox virtual NIC)
|
||||
Service Info: Host: WINTERFELL; OS: Windows; CPE: cpe:/o:microsoft:windows
|
||||
|
||||
Host script results:
|
||||
|_nbstat: NetBIOS name: WINTERFELL, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:3e:c3:ef (Oracle VirtualBox virtual NIC)
|
||||
| smb2-time:
|
||||
| date: 2025-07-03T15:16:37
|
||||
|_ start_date: N/A
|
||||
| smb2-security-mode:
|
||||
| 3.1.1:
|
||||
|_ Message signing enabled and required
|
||||
|
||||
Nmap scan report for essos.local (192.168.56.12)
|
||||
Host is up (0.00046s latency).
|
||||
Not shown: 65513 filtered tcp ports (no-response)
|
||||
PORT STATE SERVICE VERSION
|
||||
53/tcp open domain Simple DNS Plus
|
||||
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-07-03 15:15:01Z)
|
||||
135/tcp open msrpc Microsoft Windows RPC
|
||||
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|
||||
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: essos.local, Site: Default-First-Site-Name)
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ssl-cert: Subject: commonName=meereen.essos.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:meereen.essos.local
|
||||
| Not valid before: 2025-06-29T08:30:39
|
||||
|_Not valid after: 2026-06-29T08:30:39
|
||||
445/tcp open microsoft-ds Windows Server 2016 Standard Evaluation 14393 microsoft-ds (workgroup: ESSOS)
|
||||
464/tcp open kpasswd5?
|
||||
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
|
||||
636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: essos.local, Site: Default-First-Site-Name)
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ssl-cert: Subject: commonName=meereen.essos.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:meereen.essos.local
|
||||
| Not valid before: 2025-06-29T08:30:39
|
||||
|_Not valid after: 2026-06-29T08:30:39
|
||||
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: essos.local, Site: Default-First-Site-Name)
|
||||
| ssl-cert: Subject: commonName=meereen.essos.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:meereen.essos.local
|
||||
| Not valid before: 2025-06-29T08:30:39
|
||||
|_Not valid after: 2026-06-29T08:30:39
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: essos.local, Site: Default-First-Site-Name)
|
||||
| ssl-cert: Subject: commonName=meereen.essos.local
|
||||
| Subject Alternative Name: othername:<unsupported>, DNS:meereen.essos.local
|
||||
| Not valid before: 2025-06-29T08:30:39
|
||||
|_Not valid after: 2026-06-29T08:30:39
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
3389/tcp open ms-wbt-server Microsoft Terminal Services
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ssl-cert: Subject: commonName=meereen.essos.local
|
||||
| Not valid before: 2025-06-27T22:40:08
|
||||
|_Not valid after: 2025-12-27T22:40:08
|
||||
| rdp-ntlm-info:
|
||||
| Target_Name: ESSOS
|
||||
| NetBIOS_Domain_Name: ESSOS
|
||||
| NetBIOS_Computer_Name: MEEREEN
|
||||
| DNS_Domain_Name: essos.local
|
||||
| DNS_Computer_Name: meereen.essos.local
|
||||
| DNS_Tree_Name: essos.local
|
||||
| Product_Version: 10.0.14393
|
||||
|_ System_Time: 2025-07-03T15:16:38+00:00
|
||||
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
|_http-title: Not Found
|
||||
5986/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
|_http-title: Not Found
|
||||
| ssl-cert: Subject: commonName=VAGRANT
|
||||
| Subject Alternative Name: DNS:VAGRANT, DNS:vagrant
|
||||
| Not valid before: 2025-06-27T15:23:42
|
||||
|_Not valid after: 2025-06-26T15:23:42
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
| tls-alpn:
|
||||
| h2
|
||||
|_ http/1.1
|
||||
9389/tcp open mc-nmf .NET Message Framing
|
||||
49666/tcp open msrpc Microsoft Windows RPC
|
||||
49667/tcp open msrpc Microsoft Windows RPC
|
||||
49677/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
|
||||
49678/tcp open msrpc Microsoft Windows RPC
|
||||
49680/tcp open msrpc Microsoft Windows RPC
|
||||
49693/tcp open msrpc Microsoft Windows RPC
|
||||
60502/tcp open msrpc Microsoft Windows RPC
|
||||
MAC Address: 08:00:27:33:DF:2F (Oracle VirtualBox virtual NIC)
|
||||
Service Info: Host: MEEREEN; OS: Windows; CPE: cpe:/o:microsoft:windows
|
||||
|
||||
Host script results:
|
||||
| smb2-time:
|
||||
| date: 2025-07-03T15:16:38
|
||||
|_ start_date: 2025-07-03T13:56:01
|
||||
| smb2-security-mode:
|
||||
| 3.1.1:
|
||||
|_ Message signing enabled and required
|
||||
|_nbstat: NetBIOS name: MEEREEN, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:33:df:2f (Oracle VirtualBox virtual NIC)
|
||||
|_clock-skew: mean: 42m00s, deviation: 2h12m50s, median: 0s
|
||||
| smb-security-mode:
|
||||
| account_used: <blank>
|
||||
| authentication_level: user
|
||||
| challenge_response: supported
|
||||
|_ message_signing: required
|
||||
| smb-os-discovery:
|
||||
| OS: Windows Server 2016 Standard Evaluation 14393 (Windows Server 2016 Standard Evaluation 6.3)
|
||||
| Computer name: meereen
|
||||
| NetBIOS computer name: MEEREEN\x00
|
||||
| Domain name: essos.local
|
||||
| Forest name: essos.local
|
||||
| FQDN: meereen.essos.local
|
||||
|_ System time: 2025-07-03T08:16:38-07:00
|
||||
|
||||
Nmap scan report for castelblack.north.sevenkingdoms.local (192.168.56.22)
|
||||
Host is up (0.00066s latency).
|
||||
Not shown: 65525 filtered tcp ports (no-response)
|
||||
PORT STATE SERVICE VERSION
|
||||
80/tcp open http Microsoft IIS httpd 10.0
|
||||
|_http-title: Site doesn't have a title (text/html).
|
||||
| http-methods:
|
||||
|_ Potentially risky methods: TRACE
|
||||
|_http-server-header: Microsoft-IIS/10.0
|
||||
135/tcp open msrpc Microsoft Windows RPC
|
||||
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|
||||
445/tcp open microsoft-ds?
|
||||
1433/tcp open ms-sql-s Microsoft SQL Server 2019 15.00.2000.00; RTM
|
||||
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
|
||||
| Not valid before: 2025-07-03T13:57:05
|
||||
|_Not valid after: 2052-07-03T13:57:05
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
| ms-sql-ntlm-info:
|
||||
| Target_Name: NORTH
|
||||
| NetBIOS_Domain_Name: NORTH
|
||||
| NetBIOS_Computer_Name: CASTELBLACK
|
||||
| DNS_Domain_Name: north.sevenkingdoms.local
|
||||
| DNS_Computer_Name: castelblack.north.sevenkingdoms.local
|
||||
| DNS_Tree_Name: sevenkingdoms.local
|
||||
|_ Product_Version: 10.0.17763
|
||||
3389/tcp open ms-wbt-server Microsoft Terminal Services
|
||||
| ssl-cert: Subject: commonName=castelblack.north.sevenkingdoms.local
|
||||
| Not valid before: 2025-06-27T22:56:08
|
||||
|_Not valid after: 2025-12-27T22:56:08
|
||||
| rdp-ntlm-info:
|
||||
| Target_Name: NORTH
|
||||
| NetBIOS_Domain_Name: NORTH
|
||||
| NetBIOS_Computer_Name: CASTELBLACK
|
||||
| DNS_Domain_Name: north.sevenkingdoms.local
|
||||
| DNS_Computer_Name: castelblack.north.sevenkingdoms.local
|
||||
| DNS_Tree_Name: sevenkingdoms.local
|
||||
| Product_Version: 10.0.17763
|
||||
|_ System_Time: 2025-07-03T15:16:40+00:00
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
|_http-title: Not Found
|
||||
5986/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
| ssl-cert: Subject: commonName=VAGRANT
|
||||
| Subject Alternative Name: DNS:VAGRANT, DNS:vagrant
|
||||
| Not valid before: 2025-06-27T15:26:52
|
||||
|_Not valid after: 2025-06-26T15:26:52
|
||||
| tls-alpn:
|
||||
|_ http/1.1
|
||||
|_http-title: Not Found
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
|_ssl-date: 2025-07-03T15:17:20+00:00; 0s from scanner time.
|
||||
49666/tcp open msrpc Microsoft Windows RPC
|
||||
49677/tcp open msrpc Microsoft Windows RPC
|
||||
MAC Address: 08:00:27:B9:6C:19 (Oracle VirtualBox virtual NIC)
|
||||
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
|
||||
|
||||
Host script results:
|
||||
| smb2-time:
|
||||
| date: 2025-07-03T15:16:38
|
||||
|_ start_date: N/A
|
||||
| ms-sql-info:
|
||||
| 192.168.56.22:1433:
|
||||
| Version:
|
||||
| name: Microsoft SQL Server 2019 RTM
|
||||
| number: 15.00.2000.00
|
||||
| Product: Microsoft SQL Server 2019
|
||||
| Service pack level: RTM
|
||||
| Post-SP patches applied: false
|
||||
|_ TCP port: 1433
|
||||
|_nbstat: NetBIOS name: CASTELBLACK, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:b9:6c:19 (Oracle VirtualBox virtual NIC)
|
||||
| smb2-security-mode:
|
||||
| 3.1.1:
|
||||
|_ Message signing enabled but not required
|
||||
|
||||
Stats: 0:09:09 elapsed; 4 hosts completed (5 up), 1 undergoing Script Scan
|
||||
NSE Timing: About 99.93% done; ETC: 17:20 (0:00:00 remaining)
|
||||
Nmap scan report for braavos.essos.local (192.168.56.23)
|
||||
Host is up (0.00044s latency).
|
||||
Not shown: 65524 filtered tcp ports (no-response)
|
||||
PORT STATE SERVICE VERSION
|
||||
80/tcp open http Microsoft IIS httpd 10.0
|
||||
|_http-server-header: Microsoft-IIS/10.0
|
||||
| http-methods:
|
||||
|_ Potentially risky methods: TRACE
|
||||
|_http-title: IIS Windows Server
|
||||
135/tcp open msrpc Microsoft Windows RPC
|
||||
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|
||||
445/tcp open microsoft-ds Windows Server 2016 Standard Evaluation 14393 microsoft-ds
|
||||
1433/tcp open ms-sql-s Microsoft SQL Server 2019 15.00.2000.00; RTM
|
||||
| ms-sql-ntlm-info:
|
||||
| Target_Name: ESSOS
|
||||
| NetBIOS_Domain_Name: ESSOS
|
||||
| NetBIOS_Computer_Name: BRAAVOS
|
||||
| DNS_Domain_Name: essos.local
|
||||
| DNS_Computer_Name: braavos.essos.local
|
||||
| DNS_Tree_Name: essos.local
|
||||
|_ Product_Version: 10.0.14393
|
||||
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
|
||||
| Not valid before: 2025-07-03T13:57:51
|
||||
|_Not valid after: 2052-07-03T13:57:51
|
||||
|_ssl-date: 2025-07-03T15:20:40+00:00; 0s from scanner time.
|
||||
3389/tcp open ms-wbt-server Microsoft Terminal Services
|
||||
| rdp-ntlm-info:
|
||||
| Target_Name: ESSOS
|
||||
| NetBIOS_Domain_Name: ESSOS
|
||||
| NetBIOS_Computer_Name: BRAAVOS
|
||||
| DNS_Domain_Name: essos.local
|
||||
| DNS_Computer_Name: braavos.essos.local
|
||||
| DNS_Tree_Name: essos.local
|
||||
| Product_Version: 10.0.14393
|
||||
|_ System_Time: 2025-07-03T15:20:00+00:00
|
||||
| ssl-cert: Subject: commonName=braavos.essos.local
|
||||
| Not valid before: 2025-06-27T22:56:08
|
||||
|_Not valid after: 2025-12-27T22:56:08
|
||||
|_ssl-date: 2025-07-03T15:20:40+00:00; 0s from scanner time.
|
||||
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
|_http-title: Not Found
|
||||
5986/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|
||||
| ssl-cert: Subject: commonName=VAGRANT
|
||||
| Subject Alternative Name: DNS:VAGRANT, DNS:vagrant
|
||||
| Not valid before: 2025-06-27T15:30:05
|
||||
|_Not valid after: 2025-06-26T15:30:05
|
||||
| tls-alpn:
|
||||
| h2
|
||||
|_ http/1.1
|
||||
|_ssl-date: 2025-07-03T15:20:40+00:00; 0s from scanner time.
|
||||
|_http-title: Not Found
|
||||
|_http-server-header: Microsoft-HTTPAPI/2.0
|
||||
49669/tcp open msrpc Microsoft Windows RPC
|
||||
49685/tcp open msrpc Microsoft Windows RPC
|
||||
49778/tcp open msrpc Microsoft Windows RPC
|
||||
MAC Address: 08:00:27:A3:67:1D (Oracle VirtualBox virtual NIC)
|
||||
Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE: cpe:/o:microsoft:windows
|
||||
|
||||
Host script results:
|
||||
| smb2-time:
|
||||
| date: 2025-07-03T15:20:00
|
||||
|_ start_date: 2025-07-03T13:57:42
|
||||
|_nbstat: NetBIOS name: BRAAVOS, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:a3:67:1d (Oracle VirtualBox virtual NIC)
|
||||
| ms-sql-info:
|
||||
| 192.168.56.23:1433:
|
||||
| Version:
|
||||
| name: Microsoft SQL Server 2019 RTM
|
||||
| number: 15.00.2000.00
|
||||
| Product: Microsoft SQL Server 2019
|
||||
| Service pack level: RTM
|
||||
| Post-SP patches applied: false
|
||||
|_ TCP port: 1433
|
||||
| smb2-security-mode:
|
||||
| 3.1.1:
|
||||
|_ Message signing enabled but not required
|
||||
| smb-os-discovery:
|
||||
| OS: Windows Server 2016 Standard Evaluation 14393 (Windows Server 2016 Standard Evaluation 6.3)
|
||||
| Computer name: braavos
|
||||
| NetBIOS computer name: BRAAVOS\x00
|
||||
| Domain name: essos.local
|
||||
| Forest name: essos.local
|
||||
| FQDN: braavos.essos.local
|
||||
|_ System time: 2025-07-03T08:20:00-07:00
|
||||
| smb-security-mode:
|
||||
| account_used: guest
|
||||
| authentication_level: user
|
||||
| challenge_response: supported
|
||||
|_ message_signing: disabled (dangerous, but default)
|
||||
|_clock-skew: mean: 52m29s, deviation: 2h28m29s, median: 0s
|
||||
|
||||
Post-scan script results:
|
||||
| clock-skew:
|
||||
| 0s:
|
||||
| 192.168.56.11 (winterfell.north.sevenkingdoms.local)
|
||||
| 192.168.56.22 (castelblack.north.sevenkingdoms.local)
|
||||
| 192.168.56.12 (essos.local)
|
||||
| 192.168.56.10 (sevenkingdoms.local)
|
||||
|_ 192.168.56.23 (braavos.essos.local)
|
||||
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
|
||||
Nmap done: 5 IP addresses (5 hosts up) scanned in 572.00 seconds
|
||||
```
|
Loading…
Reference in a new issue