Recon
$ nmap -p- --min-rate=1000 -Pn -v 192.168.166.45
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 21:19 CDT
Initiating Parallel DNS resolution of 1 host. at 21:19
Completed Parallel DNS resolution of 1 host. at 21:19, 0.03s elapsed
Initiating Connect Scan at 21:19
Scanning 192.168.166.45 [65535 ports]
Discovered open port 139/tcp on 192.168.166.45
Discovered open port 3389/tcp on 192.168.166.45
Discovered open port 80/tcp on 192.168.166.45
Discovered open port 135/tcp on 192.168.166.45
Discovered open port 445/tcp on 192.168.166.45
Discovered open port 49155/tcp on 192.168.166.45
Discovered open port 49152/tcp on 192.168.166.45
Discovered open port 3573/tcp on 192.168.166.45
Discovered open port 49153/tcp on 192.168.166.45
Discovered open port 49158/tcp on 192.168.166.45
Discovered open port 49159/tcp on 192.168.166.45
Discovered open port 49154/tcp on 192.168.166.45
Completed Connect Scan at 21:19, 32.06s elapsed (65535 total ports)
Nmap scan report for 192.168.166.45
Host is up (0.048s latency).
Not shown: 65523 closed tcp ports (conn-refused)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
3573/tcp open tag-ups-1
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49158/tcp open unknown
49159/tcp open unknown
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 32.18 seconds$ nmap -p 80,135,139,445,2289,3573,49152-49159 -sC -sV -Pn -v 192.168.166.45
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 21:20 CDT
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 21:20
Completed Parallel DNS resolution of 1 host. at 21:20, 0.02s elapsed
Initiating Connect Scan at 21:20
Scanning 192.168.166.45 [14 ports]
Discovered open port 80/tcp on 192.168.166.45
Discovered open port 135/tcp on 192.168.166.45
Discovered open port 49159/tcp on 192.168.166.45
Discovered open port 3573/tcp on 192.168.166.45
Discovered open port 49153/tcp on 192.168.166.45
Discovered open port 49158/tcp on 192.168.166.45
Discovered open port 49152/tcp on 192.168.166.45
Discovered open port 49155/tcp on 192.168.166.45
Discovered open port 49154/tcp on 192.168.166.45
Discovered open port 445/tcp on 192.168.166.45
Discovered open port 139/tcp on 192.168.166.45
Completed Connect Scan at 21:20, 1.15s elapsed (14 total ports)
Initiating Service scan at 21:20
Scanning 11 services on 192.168.166.45
Service scan Timing: About 45.45% done; ETC: 21:22 (0:00:44 remaining)
Completed Service scan at 21:21, 59.44s elapsed (11 services on 1 host)
NSE: Script scanning 192.168.166.45.
Initiating NSE at 21:21
Completed NSE at 21:22, 8.36s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.55s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Nmap scan report for 192.168.166.45
Host is up (0.082s latency).
PORT STATE SERVICE VERSION
80/tcp open http GoAhead WebServer
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: GoAhead-Webs
| http-title: HP Power Manager
|_Requested resource was http://192.168.166.45/index.asp
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Ultimate N 7600 microsoft-ds (workgroup: WORKGROUP)
2289/tcp closed dict-lookup
3573/tcp open tag-ups-1?
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp closed unknown
49157/tcp closed unknown
49158/tcp open msrpc Microsoft Windows RPC
49159/tcp open msrpc Microsoft Windows RPC
Service Info: Host: KEVIN; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2024-08-16T02:21:53
|_ start_date: 2024-08-16T02:19:01
| nbstat: NetBIOS name: KEVIN, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:86:a6:fe (VMware)
| Names:
| KEVIN<00> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
| WORKGROUP<1e> Flags: <group><active>
| KEVIN<20> Flags: <unique><active>
| WORKGROUP<1d> Flags: <unique><active>
|_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb-os-discovery:
| OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
| OS CPE: cpe:/o:microsoft:windows_7::-
| Computer name: kevin
| NetBIOS computer name: KEVIN\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2024-08-15T19:21:53-07:00
|_clock-skew: mean: 2h19m59s, deviation: 4h02m29s, median: -1s
| smb2-security-mode:
| 2:1:0:
|_ Message signing enabled but not required
NSE: Script Post-scanning.
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 70.12 secondsLast updated