Medium Lab
May 18, 2024
# Nmap 7.94 scan initiated Sat May 18 00:33:17 2024 as: nmap -sC -sV -sS -oN nmap -vv 10.129.202.41
Nmap scan report for 10.129.202.41
Host is up, received echo-reply ttl 127 (0.29s latency).
Scanned at 2024-05-18 00:33:18 PST for 107s
Not shown: 994 closed tcp ports (reset)
PORT STATE SERVICE REASON VERSION
111/tcp open rpcbind syn-ack ttl 127 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/tcp6 rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100000 2,3,4 111/udp6 rpcbind
| 100003 2,3 2049/udp nfs
| 100003 2,3 2049/udp6 nfs
| 100003 2,3,4 2049/tcp nfs
| 100003 2,3,4 2049/tcp6 nfs
| 100005 1,2,3 2049/tcp mountd
| 100005 1,2,3 2049/tcp6 mountd
| 100005 1,2,3 2049/udp mountd
| 100005 1,2,3 2049/udp6 mountd
| 100021 1,2,3,4 2049/tcp nlockmgr
| 100021 1,2,3,4 2049/tcp6 nlockmgr
| 100021 1,2,3,4 2049/udp nlockmgr
| 100021 1,2,3,4 2049/udp6 nlockmgr
| 100024 1 2049/tcp status
| 100024 1 2049/tcp6 status
| 100024 1 2049/udp status
|_ 100024 1 2049/udp6 status
135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC
139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn
445/tcp open microsoft-ds? syn-ack ttl 127
2049/tcp open nlockmgr syn-ack ttl 127 1-4 (RPC #100021)
3389/tcp open ms-wbt-server syn-ack ttl 127 Microsoft Terminal Services
|_ssl-date: 2024-05-17T16:35:02+00:00; +3s from scanner time.
| ssl-cert: Subject: commonName=WINMEDIUM
| Issuer: commonName=WINMEDIUM
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-05-16T16:31:08
| Not valid after: 2024-11-15T16:31:08
| MD5: 9e56:26fa:d8bf:3278:17e9:7b85:c601:258e
| SHA-1: fc99:f1c2:c7b1:9885:1e2b:8e88:c7d1:175f:aa5c:4d3b
| -----BEGIN CERTIFICATE-----
| MIIC1jCCAb6gAwIBAgIQGPITOA3tdIBCgx2Mi4BeSDANBgkqhkiG9w0BAQsFADAU
| MRIwEAYDVQQDEwlXSU5NRURJVU0wHhcNMjQwNTE2MTYzMTA4WhcNMjQxMTE1MTYz
| MTA4WjAUMRIwEAYDVQQDEwlXSU5NRURJVU0wggEiMA0GCSqGSIb3DQEBAQUAA4IB
| DwAwggEKAoIBAQDUzzxYqO7XT7EAwcx6rPUSVl2Cs8Wu4JVrw7c6Wir4Of7uPRb3
| GB+jEGOJWsA2CO0rAhZQI5+0eBW7XY314kaeIetAq3n92kvUho4j8yLCXbI8WCFl
| Ef3t/Oi6cn9RzO/wjsTs7yHaYFeMlgsokw3YFwgKoqsz2L6u2XdWINKmNFnlQHVr
| MRweKqj3qnSSU9robwaCTE7LH+N2yQaZluKlhWWqNoJG7kTBmKavKgA/m2gAVFIN
| p05YpbeA+QQTZC++2SO4UphJIJ6E71MFyqmpICYQJ2n6D9LOIq1qzOZycjYA0UEd
| iRceT/kih/WJKxmFezCF0T2wYja2y0tLGad5AgMBAAGjJDAiMBMGA1UdJQQMMAoG
| CCsGAQUFBwMBMAsGA1UdDwQEAwIEMDANBgkqhkiG9w0BAQsFAAOCAQEASBTbLWfx
| S5WVVRfGNkdsWXyl4YUEgSb0IlJeq19oyLVJzEoogCtqdI0U3r9mxIUlr4tL+Jge
| d/4Lb3tMvdw2xZzK6sHAT2w0oz72N9ac9cwNr5tAqERiKITNHMI0b5/OMsG9rCYv
| 6sACitefwVYIoK53qFjg6bJ604hnIqg8hocYypJCDxFNn0gYzZpamhghh80n4Mdl
| 6HCttN/Kax0/zZZejpe98FxcWN62UwgNoQUem4dRJ8pF4VOX5NYcT8Cu1vuqw3sx
| OFT3UIosQU6UwhdDVr4NeoJ2PZSAja+VfzN8TrX+tf0Smce5oYm1vaL0lh8v8/4G
| 6pwEk2uLSPXdkg==
|_-----END CERTIFICATE-----
| rdp-ntlm-info:
| Target_Name: WINMEDIUM
| NetBIOS_Domain_Name: WINMEDIUM
| NetBIOS_Computer_Name: WINMEDIUM
| DNS_Domain_Name: WINMEDIUM
| DNS_Computer_Name: WINMEDIUM
| Product_Version: 10.0.17763
|_ System_Time: 2024-05-17T16:34:36+00:00
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: 3s, deviation: 0s, median: 3s
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 47689/tcp): CLEAN (Couldn't connect)
| Check 2 (port 46177/tcp): CLEAN (Couldn't connect)
| Check 3 (port 28088/udp): CLEAN (Timeout)
| Check 4 (port 27218/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
| smb2-time:
| date: 2024-05-17T16:34:39
|_ start_date: N/A
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat May 18 00:35:05 2024 -- 1 IP address (1 host up) scanned in 107.71 seconds
Then i try using rdp to login as alex user
After that just run as a admin user the mssql studio
Last updated