Accueil

Posts

Enumeration Nmap nmap -sV -sC 10.10.11.41 -v --min-rate 1000 -Pn -T4 -p- PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-08-03 11:05:11Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: certified.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: | Subject Alternative Name: DNS:DC01.certified.htb, DNS:certified.htb, DNS:CERTIFIED | Issuer: commonName=certified-DC01-CA | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2025-06-11T21:04:20 | Not valid after: 2105-05-23T21:04:20 | MD5: 3b59:90a0:ed2e:5d54:1f81:c21d:c0f0:1258 |_SHA-1: c77f:527a:24d3:9c55:fda8:fadf:269f:7958:9c88:baea |_ssl-date: 2025-08-03T11:06:41+00:00; +7h00m00s from scanner time. 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: certified.htb0., Site: Default-First-Site-Name) |_ssl-date: 2025-08-03T11:06:40+00:00; +7h00m01s from scanner time. | ssl-cert: Subject: | Subject Alternative Name: DNS:DC01.certified.htb, DNS:certified.htb, DNS:CERTIFIED | Issuer: commonName=certified-DC01-CA | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2025-06-11T21:04:20 | Not valid after: 2105-05-23T21:04:20 | MD5: 3b59:90a0:ed2e:5d54:1f81:c21d:c0f0:1258 |_SHA-1: c77f:527a:24d3:9c55:fda8:fadf:269f:7958:9c88:baea 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: certified.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: | Subject Alternative Name: DNS:DC01.certified.htb, DNS:certified.htb, DNS:CERTIFIED | Issuer: commonName=certified-DC01-CA | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2025-06-11T21:04:20 | Not valid after: 2105-05-23T21:04:20 | MD5: 3b59:90a0:ed2e:5d54:1f81:c21d:c0f0:1258 |_SHA-1: c77f:527a:24d3:9c55:fda8:fadf:269f:7958:9c88:baea |_ssl-date: 2025-08-03T11:06:40+00:00; +7h00m01s from scanner time. 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: certified.htb0., Site: Default-First-Site-Name) | ssl-cert: Subject: | Subject Alternative Name: DNS:DC01.certified.htb, DNS:certified.htb, DNS:CERTIFIED | Issuer: commonName=certified-DC01-CA | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2025-06-11T21:04:20 | Not valid after: 2105-05-23T21:04:20 | MD5: 3b59:90a0:ed2e:5d54:1f81:c21d:c0f0:1258 |_SHA-1: c77f:527a:24d3:9c55:fda8:fadf:269f:7958:9c88:baea |_ssl-date: 2025-08-03T11:06:40+00:00; +7h00m01s from scanner time. 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-title: Not Found |_http-server-header: Microsoft-HTTPAPI/2.0 9389/tcp open mc-nmf .NET Message Framing 49666/tcp open msrpc Microsoft Windows RPC 49689/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 49690/tcp open msrpc Microsoft Windows RPC 49691/tcp open msrpc Microsoft Windows RPC 49720/tcp open msrpc Microsoft Windows RPC 49728/tcp open msrpc Microsoft Windows RPC Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-time: | date: 2025-08-03T11:06:04 |_ start_date: N/A |_clock-skew: mean: 7h00m00s, deviation: 0s, median: 7h00m00s | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required python3 bloodyAD.py –host “10.10.11.41” -d “certified.htb” -u “judith.mader” -p “judith09” set owner management judith.mader ...

3 min · Michel NYOBE

Enumeration Nmap

1 min · Michel NYOBE

Enumeration Nmap nmap -sV -sC 10.129.48.163 -vv -p- –min-rate 1000 -Pn PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.13 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 28:c7:f1:96:f9:53:64:11:f8:70:55:68:0b:e5:3c:22 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMIbLmW6I3vlf8QRrAaFLhH3Ao7CFIvqPPmQG0Z14i0SlPfX9IZobRkjLOB0ncKb5oQ/0SXLnU60rnUe+7Xe6BU= | 256 02:43:d2:ba:4e:87:de:77:72:ce:5a:fa:86:5c:0d:f4 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGL/2c6HVh+6F9RbNsZpoYJ2jv4C8SGqtskv0GGuU2P 80/tcp open http syn-ack ttl 62 Apache httpd 2.4.56 |_http-title: 403 Forbidden | http-methods: |_ Supported Methods: GET POST OPTIONS HEAD |_http-server-header: Apache/2.4.56 (Debian) Service Info: Host: 172.17.0.2; OS: Linux; CPE: cpe:/o:linux:linux_kernel Web gobuster dir -u http://10.129.48.163 -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt ...

1 min · Michel NYOBE

enumeration Nmap

1 min · Michel NYOBE

Enumeration nmap PORT STATE SERVICE REASON VERSION 53/tcp open domain syn-ack ttl 126 Simple DNS Plus 88/tcp open kerberos-sec syn-ack ttl 126 Microsoft Windows Kerberos (server time: 2026-01-31 09:46:07Z) 135/tcp open msrpc syn-ack ttl 126 Microsoft Windows RPC 139/tcp open netbios-ssn syn-ack ttl 126 Microsoft Windows netbios-ssn 389/tcp open ldap syn-ack ttl 126 Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 445/tcp open microsoft-ds? syn-ack ttl 126 464/tcp open kpasswd5? syn-ack ttl 126 593/tcp open ncacn_http syn-ack ttl 126 Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped syn-ack ttl 126 3268/tcp open ldap syn-ack ttl 126 Microsoft Windows Active Directory LDAP (Domain: SOUPEDECODE.LOCAL0., Site: Default-First-Site-Name) 3269/tcp open tcpwrapped syn-ack ttl 126 3389/tcp open ms-wbt-server syn-ack ttl 126 Microsoft Terminal Services | rdp-ntlm-info: | Target_Name: SOUPEDECODE | NetBIOS_Domain_Name: SOUPEDECODE | NetBIOS_Computer_Name: DC01 | DNS_Domain_Name: SOUPEDECODE.LOCAL | DNS_Computer_Name: DC01.SOUPEDECODE.LOCAL | Product_Version: 10.0.20348 |_ System_Time: 2026-01-31T09:46:56+00:00 |_ssl-date: 2026-01-31T09:47:36+00:00; -2s from scanner time. | ssl-cert: Subject: commonName=DC01.SOUPEDECODE.LOCAL | Issuer: commonName=DC01.SOUPEDECODE.LOCAL | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2026-01-30T09:39:33 | Not valid after: 2026-08-01T09:39:33 | MD5: 6f4e:c1e8:213f:2155:8f12:2f95:e707:a8d0 | SHA-1: d7c3:df44:4c7b:9430:1534:7adc:b999:c58a:9f5a:7b3c | -----BEGIN CERTIFICATE----- | MIIC8DCCAdigAwIBAgIQTvulgCBMwqpCJNB34w9sDDANBgkqhkiG9w0BAQsFADAh | MR8wHQYDVQQDExZEQzAxLlNPVVBFREVDT0RFLkxPQ0FMMB4XDTI2MDEzMDA5Mzkz | M1oXDTI2MDgwMTA5MzkzM1owITEfMB0GA1UEAxMWREMwMS5TT1VQRURFQ09ERS5M | T0NBTDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLOW5lCftIBAbnh | vgZyV0NTv1D2NCS+2YzIDPze1v5M27PoJBKiUyBn959sNE5YnBMbQAubChYFzBEC | wbwvH4pOpgEjdoteXhAGQdTcPhqyqD/daGEAeFtB0BMhNcWGx67PTf4ewWqSQ56Z | g9ivRetAVuiuSs2KIwIY6ldqQI2fb8HwtR8WUXm7GU4VNJjZwzTj+dMq61cazu/r | bBkWgalhw7MWKISoBc2X+fb+bb3aroMFUfVHzc8JlAps7/t+Y40btAGwfY5uqLRf | dezaKEDkr6XELGkecFppPUJ2O6mDzkNke8Zdeo6LV60C3pGF20Sj88vT09u0TQOF | POUa71UCAwEAAaMkMCIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgQw | MA0GCSqGSIb3DQEBCwUAA4IBAQAn/A2IRFUgh0+inMRpGm6I4My23SIaIEBkay3q | yMWgMihrEUSMuIF+XKG4o8iLUzxEQygzUdlvSTKmHwK69JTTkEvMHlgyAvpvHOkw | NlqV22sIECHoM+BrNiYemtqmxPxeAoHGvQZ7ySSPWO8Dcp6Xo17tDuL96SQCe/Dd | XhEeZmbik+fz99XjDNgLHk7pWM7cYeU48cFN6hmwmPgDCgZqWpJ3nI9eBCJFtlkc | riLNV/sJ/Hir0uHD/g8YoZLHZAoXJwcYfdofC/y5frBEkjOOms5zPZP0qoEVtP8f | aAeOqA3IP4fbWK0LQjv3+qALuBdvZWZrAw1cWsVbe8TCaUlb |_-----END CERTIFICATE----- 9389/tcp open mc-nmf syn-ack ttl 126 .NET Message Framing 49664/tcp open msrpc syn-ack ttl 126 Microsoft Windows RPC 49670/tcp open msrpc syn-ack ttl 126 Microsoft Windows RPC 49671/tcp open ncacn_http syn-ack ttl 126 Microsoft Windows RPC over HTTP 1.0 49714/tcp open msrpc syn-ack ttl 126 Microsoft Windows RPC 49799/tcp open msrpc syn-ack ttl 126 Microsoft Windows RPC Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | p2p-conficker: | Checking for Conficker.C or higher... | Check 1 (port 60770/tcp): CLEAN (Timeout) | Check 2 (port 49560/tcp): CLEAN (Timeout) | Check 3 (port 19044/udp): CLEAN (Timeout) | Check 4 (port 24349/udp): CLEAN (Timeout) |_ 0/4 checks are positive: Host is CLEAN or ports are blocked | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required | smb2-time: | date: 2026-01-31T09:46:58 |_ start_date: N/A |_clock-skew: mean: -2s, deviation: 0s, median: -2s

2 min · Michel NYOBE