359 words
2 minutes
TheFrizz
2025-03-24
Uncategorized
No Tags

User Flag#

Nmap scan#

As always, we start our process with an nmap scan

sudo nmap -Pn -p- -A --min-rate 5000 -oN scan.txt 10.10.11.60
# Nmap 7.95 scan initiated Sat Mar 15 21:21:24 2025 as: /usr/lib/nmap/nmap -Pn -p- -A --min-rate 5000 -oN scan.txt 10.10.11.60
Nmap scan report for 10.10.11.60 (10.10.11.60)
Host is up (0.050s latency).
Not shown: 65520 filtered tcp ports (no-response)
PORT      STATE SERVICE       VERSION
22/tcp    open  ssh?
| fingerprint-strings: 
|   NULL: 
|_    Exceeded MaxStartups
53/tcp    open  domain        Simple DNS Plus
80/tcp    open  http          Apache httpd 2.4.58 (OpenSSL/3.1.3 PHP/8.2.12)
|_http-title: Did not follow redirect to http://frizzdc.frizz.htb/home/
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: frizz.htb0., Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
9389/tcp  open  mc-nmf        .NET Message Framing
49667/tcp open  msrpc         Microsoft Windows RPC
64081/tcp open  msrpc         Microsoft Windows RPC
64085/tcp open  msrpc         Microsoft Windows RPC
64093/tcp open  msrpc         Microsoft Windows RPC
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port22-TCP:V=7.95%I=7%D=3/15%Time=67D5EF6F%P=x86_64-pc-linux-gnu%r(NULL
SF:,16,"Exceeded\x20MaxStartups\r\n");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2022|2012|2016 (89%)
OS CPE: cpe:/o:microsoft:windows_server_2022 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016
Aggressive OS guesses: Microsoft Windows Server 2022 (89%), Microsoft Windows Server 2012 R2 (85%), Microsoft Windows Server 2016 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: Hosts: localhost, FRIZZDC; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: 7h00m00s
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled and required
| smb2-time: 
|   date: 2025-03-16T04:22:59
|_  start_date: N/A

TRACEROUTE (using port 139/tcp)
HOP RTT      ADDRESS
1   50.73 ms 10.10.14.1 (10.10.14.1)
2   50.81 ms 10.10.11.60 (10.10.11.60)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Mar 15 21:24:35 2025 -- 1 IP address (1 host up) scanned in 191.48 seconds

I added frizzdc.frizz.htbto /etc/hosts

echo -e "10.10.11.60\tfrizzdc.frizz.htb\tfrizz.htb" | sudo tee -a /etc/hosts
10.10.11.60	frizzdc.frizz.htb frizz.htb
TIP

Full writeup will be posted as soon as the machine expires.

TheFrizz
https://www.dahmanisec.me/posts/thefrizz/thefrizz/
Author
Abderrahim Dahmani
Published at
2025-03-24
© 2025 Abderrahim Dahmani. All Rights Reserved.
Powered by Astro & Fuwari