Recon

$ nmap -p- --min-rate=1000 -Pn -v 192.168.166.45
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 21:19 CDT
Initiating Parallel DNS resolution of 1 host. at 21:19
Completed Parallel DNS resolution of 1 host. at 21:19, 0.03s elapsed
Initiating Connect Scan at 21:19
Scanning 192.168.166.45 [65535 ports]
Discovered open port 139/tcp on 192.168.166.45
Discovered open port 3389/tcp on 192.168.166.45
Discovered open port 80/tcp on 192.168.166.45
Discovered open port 135/tcp on 192.168.166.45
Discovered open port 445/tcp on 192.168.166.45
Discovered open port 49155/tcp on 192.168.166.45
Discovered open port 49152/tcp on 192.168.166.45
Discovered open port 3573/tcp on 192.168.166.45
Discovered open port 49153/tcp on 192.168.166.45
Discovered open port 49158/tcp on 192.168.166.45
Discovered open port 49159/tcp on 192.168.166.45
Discovered open port 49154/tcp on 192.168.166.45
Completed Connect Scan at 21:19, 32.06s elapsed (65535 total ports)
Nmap scan report for 192.168.166.45
Host is up (0.048s latency).
Not shown: 65523 closed tcp ports (conn-refused)
PORT      STATE SERVICE
80/tcp    open  http
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-wbt-server
3573/tcp  open  tag-ups-1
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49158/tcp open  unknown
49159/tcp open  unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 32.18 seconds

$ nmap -p 80,135,139,445,2289,3573,49152-49159 -sC -sV -Pn -v 192.168.166.45
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-08-15 21:20 CDT
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating NSE at 21:20
Completed NSE at 21:20, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 21:20
Completed Parallel DNS resolution of 1 host. at 21:20, 0.02s elapsed
Initiating Connect Scan at 21:20
Scanning 192.168.166.45 [14 ports]
Discovered open port 80/tcp on 192.168.166.45
Discovered open port 135/tcp on 192.168.166.45
Discovered open port 49159/tcp on 192.168.166.45
Discovered open port 3573/tcp on 192.168.166.45
Discovered open port 49153/tcp on 192.168.166.45
Discovered open port 49158/tcp on 192.168.166.45
Discovered open port 49152/tcp on 192.168.166.45
Discovered open port 49155/tcp on 192.168.166.45
Discovered open port 49154/tcp on 192.168.166.45
Discovered open port 445/tcp on 192.168.166.45
Discovered open port 139/tcp on 192.168.166.45
Completed Connect Scan at 21:20, 1.15s elapsed (14 total ports)
Initiating Service scan at 21:20
Scanning 11 services on 192.168.166.45
Service scan Timing: About 45.45% done; ETC: 21:22 (0:00:44 remaining)
Completed Service scan at 21:21, 59.44s elapsed (11 services on 1 host)
NSE: Script scanning 192.168.166.45.
Initiating NSE at 21:21
Completed NSE at 21:22, 8.36s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.55s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Nmap scan report for 192.168.166.45
Host is up (0.082s latency).

PORT      STATE  SERVICE      VERSION
80/tcp    open   http         GoAhead WebServer
| http-methods: 
|_  Supported Methods: GET HEAD
|_http-server-header: GoAhead-Webs
| http-title: HP Power Manager
|_Requested resource was http://192.168.166.45/index.asp
135/tcp   open   msrpc        Microsoft Windows RPC
139/tcp   open   netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open   microsoft-ds Windows 7 Ultimate N 7600 microsoft-ds (workgroup: WORKGROUP)
2289/tcp  closed dict-lookup
3573/tcp  open   tag-ups-1?
49152/tcp open   msrpc        Microsoft Windows RPC
49153/tcp open   msrpc        Microsoft Windows RPC
49154/tcp open   msrpc        Microsoft Windows RPC
49155/tcp open   msrpc        Microsoft Windows RPC
49156/tcp closed unknown
49157/tcp closed unknown
49158/tcp open   msrpc        Microsoft Windows RPC
49159/tcp open   msrpc        Microsoft Windows RPC
Service Info: Host: KEVIN; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-time: 
|   date: 2024-08-16T02:21:53
|_  start_date: 2024-08-16T02:19:01
| nbstat: NetBIOS name: KEVIN, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:86:a6:fe (VMware)
| Names:
|   KEVIN<00>            Flags: <unique><active>
|   WORKGROUP<00>        Flags: <group><active>
|   WORKGROUP<1e>        Flags: <group><active>
|   KEVIN<20>            Flags: <unique><active>
|   WORKGROUP<1d>        Flags: <unique><active>
|_  \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb-os-discovery: 
|   OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
|   OS CPE: cpe:/o:microsoft:windows_7::-
|   Computer name: kevin
|   NetBIOS computer name: KEVIN\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2024-08-15T19:21:53-07:00
|_clock-skew: mean: 2h19m59s, deviation: 4h02m29s, median: -1s
| smb2-security-mode: 
|   2:1:0: 
|_    Message signing enabled but not required

NSE: Script Post-scanning.
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Initiating NSE at 21:22
Completed NSE at 21:22, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 70.12 seconds

PreviousKevin NextEnumeration

Last updated 1 year ago