Flo Aberger | Cyber Notes Structured writeups for labs, CTFs, and security projects.

Credential Attacks

Practice

Notes and commands for Practice.

2024-04-01
Tags passwordspractice
Back to Pentest Notes Search Notes

└─$ sudo nmap -A -sV -sC -F 10.129.142.44

[sudo] password for momo

Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-04-01 12:16 CDT

Nmap scan report for 10.129.142.44

Host is up (0.037s latency).

Not shown: 93 closed tcp ports (reset)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH for_Windows_7.7 (protocol 2.0)

| ssh-hostkey

| 2048 f8:7f:1a:49:37:df:4d:9f:1b:13:c3:9a:bd:de:55:b4 (RSA)

| 256 b9:c9:3a:f1:fc:3b:85:27:09:2a:69:c1:43:0b:97:9b (ECDSA)

|_ 256 d1:a8:1a:e9:26:82:4b:a2:48:92:06:f8:ed:13:5d:71 (ED25519)

111/tcp open rpcbind?

| rpcinfo

| program version port/proto service

| 100003 2,3 2049/udp nfs

| 100003 2,3 2049/udp6 nfs

| 100003 2,3,4 2049/tcp nfs

|_ 100003 2,3,4 2049/tcp6 nfs

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds?

2049/tcp open nfs 2-4 (RPC #100003)

3389/tcp open ms-wbt-server Microsoft Terminal Services

| ssl-cert: Subject: commonName=WINSRV

| Not valid before: 2024-03-31T17:14:09

|_Not valid after: 2024-09-30T17:14:09

| rdp-ntlm-info

| Target_Name: WINSRV

| NetBIOS_Domain_Name: WINSRV

| NetBIOS_Computer_Name: WINSRV

| DNS_Domain_Name: WINSRV

| DNS_Computer_Name: WINSRV

| Product_Version: 10.0.17763

|_ System_Time: 2024-04-01T17:17:52+00:00

|_ssl-date: 2024-04-01T17:18:05+00:00; 0s from scanner time.

No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint

OS:SCAN(V=7.94SVN%E=4%D=4/1%OT=22%CT=7%CU=33428%PV=Y%DS=2%DC=T%G=Y%TM=660AE

OS:C4F%P=x86_64-pc-linux-gnu)SEQ(CI=I)SEQ(CI=I%II=I%TS=U)SEQ(SP=103%GCD=1%I

OS:SR=10E%TI=I%CI=I%II=I%SS=S%TS=U)OPS(O1=M53CNW8NNS%O2=M53CNW8NNS%O3=M53CN

OS:W8%O4=M53CNW8NNS%O5=M53CNW8NNS%O6=M53CNNS)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4

OS:=FFFF%W5=FFFF%W6=FF70)ECN(R=N)ECN(R=Y%DF=Y%T=80%W=FFFF%O=M53CNW8NNS%CC=Y

OS:%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%

OS:F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y

OS:%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%R

OS:D=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%

OS:S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPC

OS:K=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)

Network Distance: 2 hops

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

| smb2-time

| date: 2024-04-01T17:17:56

|_ start_date: N/A

| 3:1:1

|_ Message signing enabled but not required

TRACEROUTE (using port 53/tcp)

HOP RTT ADDRESS

1 2545.60 ms 10.10.14.1

2 2546.21 ms 10.129.142.44

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/.

Nmap done: 1 IP address (1 host up) scanned in 85.72 seconds