Jab
Description
Automated Scanning
NMap Scan
# Nmap 7.94SVN scan initiated Fri Mar 1 12:45:15 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/jab/nmap.txt 10.10.11.4
Warning: 10.10.11.4 giving up on port because retransmission cap hit (6).
Nmap scan report for jab.htb (10.10.11.4)
Host is up, received conn-refused (0.087s latency).
Scanned at 2024-03-01 12:45:15 EST for 105s
Not shown: 951 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
53/tcp open domain syn-ack Simple DNS Plus
88/tcp open kerberos-sec syn-ack Microsoft Windows Kerberos (server time: 2024-03-01 17:45:48Z)
135/tcp open msrpc syn-ack Microsoft Windows RPC
139/tcp open netbios-ssn syn-ack Microsoft Windows netbios-ssn
222/tcp filtered rsh-spx no-response
389/tcp open ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: jab.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.jab.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.jab.htb
| Issuer: commonName=jab-DC01-CA/domainComponent=jab
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2023-11-01T20:16:18
| Not valid after: 2024-10-31T20:16:18
| MD5: 40f9:01d6:610b:2892:43ca:77de:c48d:f221
| SHA-1: 66ea:c22b:e584:ab5e:07e3:aa8f:5af2:b634:0733:8c06
| -----BEGIN CERTIFICATE-----
| MIIFvzCCBKegAwIBAgITWQAAAAJSWxt6j5iOJQAAAAAAAjANBgkqhkiG9w0BAQUF
| ADBAMRMwEQYKCZImiZPyLGQBGRYDaHRiMRMwEQYKCZImiZPyLGQBGRYDamFiMRQw
| EgYDVQQDEwtqYWItREMwMS1DQTAeFw0yMzExMDEyMDE2MThaFw0yNDEwMzEyMDE2
| MThaMBcxFTATBgNVBAMTDERDMDEuamFiLmh0YjCCASIwDQYJKoZIhvcNAQEBBQAD
| ggEPADCCAQoCggEBALyhhrIoyeCxIBUfY1mo1AQrYI4nNbsonppA338bO9USvrUw
| TR9/V+3rMU4S/vei+s2FigycUrzpaU749n9rySQ9/34p8gtJhnubmlPQW8lhh6qN
| IjOWix7BSlEhhgW0ClbDYsvlQ/dgXtHsEjxbjTsVidZvYh5nL0fQvT61P0Hm8nkO
| p7RTZD+euaq+O+qF1LwMYgU0yAAGlNEUTz44AVv3BcI9I3bQa0uOMdejzU07hf0d
| x1vbjz/6vwKVvv72UegWd7R6ANtNgoy9cO60IA7cEHshrnzfcQWpcaOhJgxMkHFS
| 2ThIJMvVEmBY1Yu1oqP3qcMA2ijUU8FXhJYgvHECAwEAAaOCAtkwggLVMC8GCSsG
| AQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAdBgNV
| HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMHgGCSqG
| SIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglg
| hkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUw
| BwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFHENgbJKRZdbCWcWTu4RAzn7
| mseRMB8GA1UdIwQYMBaAFMn7KguvyJy7fx00uETxw3ADj7zeMIHCBgNVHR8Egbow
| gbcwgbSggbGgga6GgatsZGFwOi8vL0NOPWphYi1EQzAxLUNBLENOPURDMDEsQ049
| Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNv
| bmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
| aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgbkGCCsG
| AQUFBwEBBIGsMIGpMIGmBggrBgEFBQcwAoaBmWxkYXA6Ly8vQ049amFiLURDMDEt
| Q0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz
| LENOPUNvbmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jh
| c2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA4BgNVHREEMTAv
| oB8GCSsGAQQBgjcZAaASBBAWRnnI9GirQq9+bBt8gwIaggxEQzAxLmphYi5odGIw
| DQYJKoZIhvcNAQEFBQADggEBAEwUT144zjzpCYcyp41JW1XTpAHMkw8YNclKebjP
| 699ip5bQjpC0fwpaXKo+iMZSklytnMVzYETvQ/wr1bGhn5DAvXUK4GN4VaKMho5+
| KcsYBaBlAMCZZbB9Z/zX5nGRDw2Qj6rcoaKssQK2ACFTTWYB/4VZjJhuF275SADB
| qeRsu+Hfc1/h73cDybRKj+8jvphAZPS8wdYq853G08RQghdnKhlGCwRY10RN541L
| j97DUyucvHWAqdXMWshe3chacNaWdBaxg3BOeRuMsfEEn8O3G5643+wZbAH+FMGy
| eb2uiaxUOLycSsONAQ6qt4bwEVGmyOJTHbpwTB8YSJBFU0A=
|_-----END CERTIFICATE-----
|_ssl-date: 2024-03-01T17:46:57+00:00; 0s from scanner time.
445/tcp open microsoft-ds? syn-ack
458/tcp filtered appleqtc no-response
464/tcp open kpasswd5? syn-ack
465/tcp filtered smtps no-response
513/tcp filtered login no-response
593/tcp open ncacn_http syn-ack Microsoft Windows RPC over HTTP 1.0
636/tcp open ssl/ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: jab.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=DC01.jab.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.jab.htb
| Issuer: commonName=jab-DC01-CA/domainComponent=jab
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2023-11-01T20:16:18
| Not valid after: 2024-10-31T20:16:18
| MD5: 40f9:01d6:610b:2892:43ca:77de:c48d:f221
| SHA-1: 66ea:c22b:e584:ab5e:07e3:aa8f:5af2:b634:0733:8c06
| -----BEGIN CERTIFICATE-----
| MIIFvzCCBKegAwIBAgITWQAAAAJSWxt6j5iOJQAAAAAAAjANBgkqhkiG9w0BAQUF
| ADBAMRMwEQYKCZImiZPyLGQBGRYDaHRiMRMwEQYKCZImiZPyLGQBGRYDamFiMRQw
| EgYDVQQDEwtqYWItREMwMS1DQTAeFw0yMzExMDEyMDE2MThaFw0yNDEwMzEyMDE2
| MThaMBcxFTATBgNVBAMTDERDMDEuamFiLmh0YjCCASIwDQYJKoZIhvcNAQEBBQAD
| ggEPADCCAQoCggEBALyhhrIoyeCxIBUfY1mo1AQrYI4nNbsonppA338bO9USvrUw
| TR9/V+3rMU4S/vei+s2FigycUrzpaU749n9rySQ9/34p8gtJhnubmlPQW8lhh6qN
| IjOWix7BSlEhhgW0ClbDYsvlQ/dgXtHsEjxbjTsVidZvYh5nL0fQvT61P0Hm8nkO
| p7RTZD+euaq+O+qF1LwMYgU0yAAGlNEUTz44AVv3BcI9I3bQa0uOMdejzU07hf0d
| x1vbjz/6vwKVvv72UegWd7R6ANtNgoy9cO60IA7cEHshrnzfcQWpcaOhJgxMkHFS
| 2ThIJMvVEmBY1Yu1oqP3qcMA2ijUU8FXhJYgvHECAwEAAaOCAtkwggLVMC8GCSsG
| AQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAdBgNV
| HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMHgGCSqG
| SIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglg
| hkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUw
| BwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFHENgbJKRZdbCWcWTu4RAzn7
| mseRMB8GA1UdIwQYMBaAFMn7KguvyJy7fx00uETxw3ADj7zeMIHCBgNVHR8Egbow
| gbcwgbSggbGgga6GgatsZGFwOi8vL0NOPWphYi1EQzAxLUNBLENOPURDMDEsQ049
| Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNv
| bmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
| aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgbkGCCsG
| AQUFBwEBBIGsMIGpMIGmBggrBgEFBQcwAoaBmWxkYXA6Ly8vQ049amFiLURDMDEt
| Q0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz
| LENOPUNvbmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jh
| c2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA4BgNVHREEMTAv
| oB8GCSsGAQQBgjcZAaASBBAWRnnI9GirQq9+bBt8gwIaggxEQzAxLmphYi5odGIw
| DQYJKoZIhvcNAQEFBQADggEBAEwUT144zjzpCYcyp41JW1XTpAHMkw8YNclKebjP
| 699ip5bQjpC0fwpaXKo+iMZSklytnMVzYETvQ/wr1bGhn5DAvXUK4GN4VaKMho5+
| KcsYBaBlAMCZZbB9Z/zX5nGRDw2Qj6rcoaKssQK2ACFTTWYB/4VZjJhuF275SADB
| qeRsu+Hfc1/h73cDybRKj+8jvphAZPS8wdYq853G08RQghdnKhlGCwRY10RN541L
| j97DUyucvHWAqdXMWshe3chacNaWdBaxg3BOeRuMsfEEn8O3G5643+wZbAH+FMGy
| eb2uiaxUOLycSsONAQ6qt4bwEVGmyOJTHbpwTB8YSJBFU0A=
|_-----END CERTIFICATE-----
|_ssl-date: 2024-03-01T17:46:56+00:00; 0s from scanner time.
992/tcp filtered telnets no-response
1022/tcp filtered exp2 no-response
1111/tcp filtered lmsocialserver no-response
1132/tcp filtered kvm-via-ip no-response
1443/tcp filtered ies-lm no-response
1580/tcp filtered tn-tl-r1 no-response
1721/tcp filtered caicci no-response
2042/tcp filtered isis no-response
2604/tcp filtered ospfd no-response
3268/tcp open ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: jab.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2024-03-01T17:46:57+00:00; 0s from scanner time.
| ssl-cert: Subject: commonName=DC01.jab.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.jab.htb
| Issuer: commonName=jab-DC01-CA/domainComponent=jab
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2023-11-01T20:16:18
| Not valid after: 2024-10-31T20:16:18
| MD5: 40f9:01d6:610b:2892:43ca:77de:c48d:f221
| SHA-1: 66ea:c22b:e584:ab5e:07e3:aa8f:5af2:b634:0733:8c06
| -----BEGIN CERTIFICATE-----
| MIIFvzCCBKegAwIBAgITWQAAAAJSWxt6j5iOJQAAAAAAAjANBgkqhkiG9w0BAQUF
| ADBAMRMwEQYKCZImiZPyLGQBGRYDaHRiMRMwEQYKCZImiZPyLGQBGRYDamFiMRQw
| EgYDVQQDEwtqYWItREMwMS1DQTAeFw0yMzExMDEyMDE2MThaFw0yNDEwMzEyMDE2
| MThaMBcxFTATBgNVBAMTDERDMDEuamFiLmh0YjCCASIwDQYJKoZIhvcNAQEBBQAD
| ggEPADCCAQoCggEBALyhhrIoyeCxIBUfY1mo1AQrYI4nNbsonppA338bO9USvrUw
| TR9/V+3rMU4S/vei+s2FigycUrzpaU749n9rySQ9/34p8gtJhnubmlPQW8lhh6qN
| IjOWix7BSlEhhgW0ClbDYsvlQ/dgXtHsEjxbjTsVidZvYh5nL0fQvT61P0Hm8nkO
| p7RTZD+euaq+O+qF1LwMYgU0yAAGlNEUTz44AVv3BcI9I3bQa0uOMdejzU07hf0d
| x1vbjz/6vwKVvv72UegWd7R6ANtNgoy9cO60IA7cEHshrnzfcQWpcaOhJgxMkHFS
| 2ThIJMvVEmBY1Yu1oqP3qcMA2ijUU8FXhJYgvHECAwEAAaOCAtkwggLVMC8GCSsG
| AQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAdBgNV
| HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMHgGCSqG
| SIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglg
| hkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUw
| BwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFHENgbJKRZdbCWcWTu4RAzn7
| mseRMB8GA1UdIwQYMBaAFMn7KguvyJy7fx00uETxw3ADj7zeMIHCBgNVHR8Egbow
| gbcwgbSggbGgga6GgatsZGFwOi8vL0NOPWphYi1EQzAxLUNBLENOPURDMDEsQ049
| Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNv
| bmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
| aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgbkGCCsG
| AQUFBwEBBIGsMIGpMIGmBggrBgEFBQcwAoaBmWxkYXA6Ly8vQ049amFiLURDMDEt
| Q0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz
| LENOPUNvbmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jh
| c2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA4BgNVHREEMTAv
| oB8GCSsGAQQBgjcZAaASBBAWRnnI9GirQq9+bBt8gwIaggxEQzAxLmphYi5odGIw
| DQYJKoZIhvcNAQEFBQADggEBAEwUT144zjzpCYcyp41JW1XTpAHMkw8YNclKebjP
| 699ip5bQjpC0fwpaXKo+iMZSklytnMVzYETvQ/wr1bGhn5DAvXUK4GN4VaKMho5+
| KcsYBaBlAMCZZbB9Z/zX5nGRDw2Qj6rcoaKssQK2ACFTTWYB/4VZjJhuF275SADB
| qeRsu+Hfc1/h73cDybRKj+8jvphAZPS8wdYq853G08RQghdnKhlGCwRY10RN541L
| j97DUyucvHWAqdXMWshe3chacNaWdBaxg3BOeRuMsfEEn8O3G5643+wZbAH+FMGy
| eb2uiaxUOLycSsONAQ6qt4bwEVGmyOJTHbpwTB8YSJBFU0A=
|_-----END CERTIFICATE-----
3269/tcp open ssl/ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: jab.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2024-03-01T17:46:57+00:00; +1s from scanner time.
| ssl-cert: Subject: commonName=DC01.jab.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:DC01.jab.htb
| Issuer: commonName=jab-DC01-CA/domainComponent=jab
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2023-11-01T20:16:18
| Not valid after: 2024-10-31T20:16:18
| MD5: 40f9:01d6:610b:2892:43ca:77de:c48d:f221
| SHA-1: 66ea:c22b:e584:ab5e:07e3:aa8f:5af2:b634:0733:8c06
| -----BEGIN CERTIFICATE-----
| MIIFvzCCBKegAwIBAgITWQAAAAJSWxt6j5iOJQAAAAAAAjANBgkqhkiG9w0BAQUF
| ADBAMRMwEQYKCZImiZPyLGQBGRYDaHRiMRMwEQYKCZImiZPyLGQBGRYDamFiMRQw
| EgYDVQQDEwtqYWItREMwMS1DQTAeFw0yMzExMDEyMDE2MThaFw0yNDEwMzEyMDE2
| MThaMBcxFTATBgNVBAMTDERDMDEuamFiLmh0YjCCASIwDQYJKoZIhvcNAQEBBQAD
| ggEPADCCAQoCggEBALyhhrIoyeCxIBUfY1mo1AQrYI4nNbsonppA338bO9USvrUw
| TR9/V+3rMU4S/vei+s2FigycUrzpaU749n9rySQ9/34p8gtJhnubmlPQW8lhh6qN
| IjOWix7BSlEhhgW0ClbDYsvlQ/dgXtHsEjxbjTsVidZvYh5nL0fQvT61P0Hm8nkO
| p7RTZD+euaq+O+qF1LwMYgU0yAAGlNEUTz44AVv3BcI9I3bQa0uOMdejzU07hf0d
| x1vbjz/6vwKVvv72UegWd7R6ANtNgoy9cO60IA7cEHshrnzfcQWpcaOhJgxMkHFS
| 2ThIJMvVEmBY1Yu1oqP3qcMA2ijUU8FXhJYgvHECAwEAAaOCAtkwggLVMC8GCSsG
| AQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAdBgNV
| HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMHgGCSqG
| SIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglg
| hkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUw
| BwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFHENgbJKRZdbCWcWTu4RAzn7
| mseRMB8GA1UdIwQYMBaAFMn7KguvyJy7fx00uETxw3ADj7zeMIHCBgNVHR8Egbow
| gbcwgbSggbGgga6GgatsZGFwOi8vL0NOPWphYi1EQzAxLUNBLENOPURDMDEsQ049
| Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNv
| bmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
| aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgbkGCCsG
| AQUFBwEBBIGsMIGpMIGmBggrBgEFBQcwAoaBmWxkYXA6Ly8vQ049amFiLURDMDEt
| Q0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz
| LENOPUNvbmZpZ3VyYXRpb24sREM9amFiLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jh
| c2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA4BgNVHREEMTAv
| oB8GCSsGAQQBgjcZAaASBBAWRnnI9GirQq9+bBt8gwIaggxEQzAxLmphYi5odGIw
| DQYJKoZIhvcNAQEFBQADggEBAEwUT144zjzpCYcyp41JW1XTpAHMkw8YNclKebjP
| 699ip5bQjpC0fwpaXKo+iMZSklytnMVzYETvQ/wr1bGhn5DAvXUK4GN4VaKMho5+
| KcsYBaBlAMCZZbB9Z/zX5nGRDw2Qj6rcoaKssQK2ACFTTWYB/4VZjJhuF275SADB
| qeRsu+Hfc1/h73cDybRKj+8jvphAZPS8wdYq853G08RQghdnKhlGCwRY10RN541L
| j97DUyucvHWAqdXMWshe3chacNaWdBaxg3BOeRuMsfEEn8O3G5643+wZbAH+FMGy
| eb2uiaxUOLycSsONAQ6qt4bwEVGmyOJTHbpwTB8YSJBFU0A=
|_-----END CERTIFICATE-----
3659/tcp filtered apple-sasl no-response
3826/tcp filtered wormux no-response
3971/tcp filtered lanrevserver no-response
4321/tcp filtered rwhois no-response
5222/tcp open jabber syn-ack Ignite Realtime Openfire Jabber server 3.10.0 or later
| xmpp-info:
| STARTTLS Failed
| info:
| auth_mechanisms:
| xmpp:
| version: 1.0
| unknown:
| compression_methods:
| features:
| stream_id: 9sggqhrrjr
| errors:
| invalid-namespace
| (timeout)
|_ capabilities:
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=dc01.jab.htb
| Subject Alternative Name: DNS:dc01.jab.htb, DNS:*.dc01.jab.htb
| Issuer: commonName=dc01.jab.htb
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-10-26T22:00:12
| Not valid after: 2028-10-24T22:00:12
| MD5: 3317:65e1:e84a:14c2:9ac4:54ba:b516:26d8
| SHA-1: efd0:8bde:42df:ff04:1a79:7d20:bf87:a740:66b8:d966
| -----BEGIN CERTIFICATE-----
| MIIDGzCCAgOgAwIBAgIIbuO/UNJ13hgwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UE
| AwwMZGMwMS5qYWIuaHRiMB4XDTIzMTAyNjIyMDAxMloXDTI4MTAyNDIyMDAxMlow
| FzEVMBMGA1UEAwwMZGMwMS5qYWIuaHRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
| MIIBCgKCAQEAhcGn/b2gf5Dxe3gJqG4HrYEijGX/ds1W72Py8zNDIX7G0+cA+pYA
| eFWxpjiF8dBJCL+0R2GIA6cBTBtDzaUef9+j3SQMFsFkCRhDQNp/bKxHqKhtlN9/
| oZme6hGGF8OY4J2eiVGz9lRFHTRowE8DCNmMVTQYxzr+SeF3oupizWBBktTu9r9j
| qrW9GmjsVls1KqaZGqA5CaKCYcNMHKHWDbklyF+FtU89kVgm2AdYQUd565kD/LEW
| mahyyTsSDzCbNpweS4P+rv3+JFMEHWpEzMt5tUK7sHfQllIteFlTB3H5epGAKbW3
| 1GFFX2Iq5xqHU9hdDIsqlWUTUQCvqw4XmQIDAQABo2swaTAnBgNVHREEIDAeggxk
| YzAxLmphYi5odGKCDiouZGMwMS5qYWIuaHRiMB0GA1UdDgQWBBTCC/ywRAOodz1W
| S37YI7OhJjTZ6DAfBgNVHSMEGDAWgBTCC/ywRAOodz1WS37YI7OhJjTZ6DANBgkq
| hkiG9w0BAQsFAAOCAQEAP5Qvvsqdy8cHd31YX0ju498doEU665J2e7VT4o3F5vEI
| XV/6BOSc5WBGQifLwAXWpeYjk1CHh3wheh9iQfqi+STxKPDXN159EGRA746bJ684
| AtCqFQAUiqbbwME3aqbhZDvnC0HedaTZN4slWyrn25WK6qTyl3XfCqGRMoGja0tz
| K5nzUPsxH/c46I0BwmjIEY4Gjk487cJdSxLEkeI3ThExso1ib1eICjPGKTkCjLO6
| Jq0a9SrQrlm62x8Ddk9roonWJKYsbnsFjDmMFdMbjnSou4dm0I2BAti0BDDOtTU7
| 2UlHPhyTT552GLTJngvpeF6DVYNUhDaKElcI6DtKXQ==
|_-----END CERTIFICATE-----
5226/tcp filtered hp-status no-response
5269/tcp open xmpp syn-ack Wildfire XMPP Client
| xmpp-info:
| Respects server name
| info:
| xmpp:
| version: 1.0
| capabilities:
| pre_tls:
| xmpp:
| capabilities:
| features:
| TLS
| Server Dialback
| post_tls:
| xmpp:
| lang: en-US
|_ capabilities:
5431/tcp filtered park-agent no-response
5862/tcp filtered unknown no-response
5989/tcp filtered wbem-https no-response
7070/tcp open realserver? syn-ack
| fingerprint-strings:
| DNSStatusRequestTCP, DNSVersionBindReqTCP:
| HTTP/1.1 400 Illegal character CNTL=0x0
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 69
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: Illegal character CNTL=0x0</pre>
| GetRequest:
| HTTP/1.1 200 OK
| Date: Fri, 01 Mar 2024 17:45:48 GMT
| Last-Modified: Wed, 16 Feb 2022 15:55:02 GMT
| Content-Type: text/html
| Accept-Ranges: bytes
| Content-Length: 223
| <html>
| <head><title>Openfire HTTP Binding Service</title></head>
| <body><font face="Arial, Helvetica"><b>Openfire <a href="http://www.xmpp.org/extensions/xep-0124.html">HTTP Binding</a> Service</b></font></body>
| </html>
| HTTPOptions:
| HTTP/1.1 200 OK
| Date: Fri, 01 Mar 2024 17:45:56 GMT
| Allow: GET,HEAD,POST,OPTIONS
| Help:
| HTTP/1.1 400 No URI
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 49
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: No URI</pre>
| RPCCheck:
| HTTP/1.1 400 Illegal character OTEXT=0x80
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 71
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: Illegal character OTEXT=0x80</pre>
| RTSPRequest:
| HTTP/1.1 505 Unknown Version
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 58
| Connection: close
| <h1>Bad Message 505</h1><pre>reason: Unknown Version</pre>
| SSLSessionReq:
| HTTP/1.1 400 Illegal character CNTL=0x16
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 70
| Connection: close
|_ <h1>Bad Message 400</h1><pre>reason: Illegal character CNTL=0x16</pre>
7201/tcp filtered dlip no-response
7443/tcp open ssl/oracleas-https? syn-ack
| ssl-cert: Subject: commonName=dc01.jab.htb
| Subject Alternative Name: DNS:dc01.jab.htb, DNS:*.dc01.jab.htb
| Issuer: commonName=dc01.jab.htb
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-10-26T22:00:12
| Not valid after: 2028-10-24T22:00:12
| MD5: 3317:65e1:e84a:14c2:9ac4:54ba:b516:26d8
| SHA-1: efd0:8bde:42df:ff04:1a79:7d20:bf87:a740:66b8:d966
| -----BEGIN CERTIFICATE-----
| MIIDGzCCAgOgAwIBAgIIbuO/UNJ13hgwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UE
| AwwMZGMwMS5qYWIuaHRiMB4XDTIzMTAyNjIyMDAxMloXDTI4MTAyNDIyMDAxMlow
| FzEVMBMGA1UEAwwMZGMwMS5qYWIuaHRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
| MIIBCgKCAQEAhcGn/b2gf5Dxe3gJqG4HrYEijGX/ds1W72Py8zNDIX7G0+cA+pYA
| eFWxpjiF8dBJCL+0R2GIA6cBTBtDzaUef9+j3SQMFsFkCRhDQNp/bKxHqKhtlN9/
| oZme6hGGF8OY4J2eiVGz9lRFHTRowE8DCNmMVTQYxzr+SeF3oupizWBBktTu9r9j
| qrW9GmjsVls1KqaZGqA5CaKCYcNMHKHWDbklyF+FtU89kVgm2AdYQUd565kD/LEW
| mahyyTsSDzCbNpweS4P+rv3+JFMEHWpEzMt5tUK7sHfQllIteFlTB3H5epGAKbW3
| 1GFFX2Iq5xqHU9hdDIsqlWUTUQCvqw4XmQIDAQABo2swaTAnBgNVHREEIDAeggxk
| YzAxLmphYi5odGKCDiouZGMwMS5qYWIuaHRiMB0GA1UdDgQWBBTCC/ywRAOodz1W
| S37YI7OhJjTZ6DAfBgNVHSMEGDAWgBTCC/ywRAOodz1WS37YI7OhJjTZ6DANBgkq
| hkiG9w0BAQsFAAOCAQEAP5Qvvsqdy8cHd31YX0ju498doEU665J2e7VT4o3F5vEI
| XV/6BOSc5WBGQifLwAXWpeYjk1CHh3wheh9iQfqi+STxKPDXN159EGRA746bJ684
| AtCqFQAUiqbbwME3aqbhZDvnC0HedaTZN4slWyrn25WK6qTyl3XfCqGRMoGja0tz
| K5nzUPsxH/c46I0BwmjIEY4Gjk487cJdSxLEkeI3ThExso1ib1eICjPGKTkCjLO6
| Jq0a9SrQrlm62x8Ddk9roonWJKYsbnsFjDmMFdMbjnSou4dm0I2BAti0BDDOtTU7
| 2UlHPhyTT552GLTJngvpeF6DVYNUhDaKElcI6DtKXQ==
|_-----END CERTIFICATE-----
|_ssl-date: TLS randomness does not represent time
| fingerprint-strings:
| DNSStatusRequestTCP, DNSVersionBindReqTCP:
| HTTP/1.1 400 Illegal character CNTL=0x0
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 69
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: Illegal character CNTL=0x0</pre>
| GetRequest:
| HTTP/1.1 200 OK
| Date: Fri, 01 Mar 2024 17:45:56 GMT
| Last-Modified: Wed, 16 Feb 2022 15:55:02 GMT
| Content-Type: text/html
| Accept-Ranges: bytes
| Content-Length: 223
| <html>
| <head><title>Openfire HTTP Binding Service</title></head>
| <body><font face="Arial, Helvetica"><b>Openfire <a href="http://www.xmpp.org/extensions/xep-0124.html">HTTP Binding</a> Service</b></font></body>
| </html>
| HTTPOptions:
| HTTP/1.1 200 OK
| Date: Fri, 01 Mar 2024 17:46:05 GMT
| Allow: GET,HEAD,POST,OPTIONS
| Help:
| HTTP/1.1 400 No URI
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 49
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: No URI</pre>
| RPCCheck:
| HTTP/1.1 400 Illegal character OTEXT=0x80
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 71
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: Illegal character OTEXT=0x80</pre>
| RTSPRequest:
| HTTP/1.1 505 Unknown Version
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 58
| Connection: close
| <h1>Bad Message 505</h1><pre>reason: Unknown Version</pre>
| SSLSessionReq:
| HTTP/1.1 400 Illegal character CNTL=0x16
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 70
| Connection: close
|_ <h1>Bad Message 400</h1><pre>reason: Illegal character CNTL=0x16</pre>
7777/tcp open socks5 syn-ack (No authentication; connection failed)
| socks-auth-info:
|_ No authentication
7911/tcp filtered unknown no-response
8651/tcp filtered unknown no-response
10566/tcp filtered unknown no-response
19801/tcp filtered unknown no-response
23502/tcp filtered unknown no-response
32776/tcp filtered sometimes-rpc15 no-response
49159/tcp filtered unknown no-response
49400/tcp filtered compaqdiag no-response
55056/tcp filtered unknown no-response
56737/tcp filtered unknown no-response
57294/tcp filtered unknown no-response
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port7070-TCP:V=7.94SVN%I=7%D=3/1%Time=65E2144C%P=x86_64-pc-linux-gnu%r(
SF:GetRequest,189,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Fri,\x2001\x20Mar\x2
SF:02024\x2017:45:48\x20GMT\r\nLast-Modified:\x20Wed,\x2016\x20Feb\x202022
SF:\x2015:55:02\x20GMT\r\nContent-Type:\x20text/html\r\nAccept-Ranges:\x20
SF:bytes\r\nContent-Length:\x20223\r\n\r\n<html>\n\x20\x20<head><title>Ope
SF:nfire\x20HTTP\x20Binding\x20Service</title></head>\n\x20\x20<body><font
SF:\x20face=\"Arial,\x20Helvetica\"><b>Openfire\x20<a\x20href=\"http://www
SF:\.xmpp\.org/extensions/xep-0124\.html\">HTTP\x20Binding</a>\x20Service<
SF:/b></font></body>\n</html>\n")%r(RTSPRequest,AD,"HTTP/1\.1\x20505\x20Un
SF:known\x20Version\r\nContent-Type:\x20text/html;charset=iso-8859-1\r\nCo
SF:ntent-Length:\x2058\r\nConnection:\x20close\r\n\r\n<h1>Bad\x20Message\x
SF:20505</h1><pre>reason:\x20Unknown\x20Version</pre>")%r(HTTPOptions,56,"
SF:HTTP/1\.1\x20200\x20OK\r\nDate:\x20Fri,\x2001\x20Mar\x202024\x2017:45:5
SF:6\x20GMT\r\nAllow:\x20GET,HEAD,POST,OPTIONS\r\n\r\n")%r(RPCCheck,C7,"HT
SF:TP/1\.1\x20400\x20Illegal\x20character\x20OTEXT=0x80\r\nContent-Type:\x
SF:20text/html;charset=iso-8859-1\r\nContent-Length:\x2071\r\nConnection:\
SF:x20close\r\n\r\n<h1>Bad\x20Message\x20400</h1><pre>reason:\x20Illegal\x
SF:20character\x20OTEXT=0x80</pre>")%r(DNSVersionBindReqTCP,C3,"HTTP/1\.1\
SF:x20400\x20Illegal\x20character\x20CNTL=0x0\r\nContent-Type:\x20text/htm
SF:l;charset=iso-8859-1\r\nContent-Length:\x2069\r\nConnection:\x20close\r
SF:\n\r\n<h1>Bad\x20Message\x20400</h1><pre>reason:\x20Illegal\x20characte
SF:r\x20CNTL=0x0</pre>")%r(DNSStatusRequestTCP,C3,"HTTP/1\.1\x20400\x20Ill
SF:egal\x20character\x20CNTL=0x0\r\nContent-Type:\x20text/html;charset=iso
SF:-8859-1\r\nContent-Length:\x2069\r\nConnection:\x20close\r\n\r\n<h1>Bad
SF:\x20Message\x20400</h1><pre>reason:\x20Illegal\x20character\x20CNTL=0x0
SF:</pre>")%r(Help,9B,"HTTP/1\.1\x20400\x20No\x20URI\r\nContent-Type:\x20t
SF:ext/html;charset=iso-8859-1\r\nContent-Length:\x2049\r\nConnection:\x20
SF:close\r\n\r\n<h1>Bad\x20Message\x20400</h1><pre>reason:\x20No\x20URI</p
SF:re>")%r(SSLSessionReq,C5,"HTTP/1\.1\x20400\x20Illegal\x20character\x20C
SF:NTL=0x16\r\nContent-Type:\x20text/html;charset=iso-8859-1\r\nContent-Le
SF:ngth:\x2070\r\nConnection:\x20close\r\n\r\n<h1>Bad\x20Message\x20400</h
SF:1><pre>reason:\x20Illegal\x20character\x20CNTL=0x16</pre>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port7443-TCP:V=7.94SVN%T=SSL%I=7%D=3/1%Time=65E21454%P=x86_64-pc-linux-
SF:gnu%r(GetRequest,189,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Fri,\x2001\x20
SF:Mar\x202024\x2017:45:56\x20GMT\r\nLast-Modified:\x20Wed,\x2016\x20Feb\x
SF:202022\x2015:55:02\x20GMT\r\nContent-Type:\x20text/html\r\nAccept-Range
SF:s:\x20bytes\r\nContent-Length:\x20223\r\n\r\n<html>\n\x20\x20<head><tit
SF:le>Openfire\x20HTTP\x20Binding\x20Service</title></head>\n\x20\x20<body
SF:><font\x20face=\"Arial,\x20Helvetica\"><b>Openfire\x20<a\x20href=\"http
SF:://www\.xmpp\.org/extensions/xep-0124\.html\">HTTP\x20Binding</a>\x20Se
SF:rvice</b></font></body>\n</html>\n")%r(HTTPOptions,56,"HTTP/1\.1\x20200
SF:\x20OK\r\nDate:\x20Fri,\x2001\x20Mar\x202024\x2017:46:05\x20GMT\r\nAllo
SF:w:\x20GET,HEAD,POST,OPTIONS\r\n\r\n")%r(RTSPRequest,AD,"HTTP/1\.1\x2050
SF:5\x20Unknown\x20Version\r\nContent-Type:\x20text/html;charset=iso-8859-
SF:1\r\nContent-Length:\x2058\r\nConnection:\x20close\r\n\r\n<h1>Bad\x20Me
SF:ssage\x20505</h1><pre>reason:\x20Unknown\x20Version</pre>")%r(RPCCheck,
SF:C7,"HTTP/1\.1\x20400\x20Illegal\x20character\x20OTEXT=0x80\r\nContent-T
SF:ype:\x20text/html;charset=iso-8859-1\r\nContent-Length:\x2071\r\nConnec
SF:tion:\x20close\r\n\r\n<h1>Bad\x20Message\x20400</h1><pre>reason:\x20Ill
SF:egal\x20character\x20OTEXT=0x80</pre>")%r(DNSVersionBindReqTCP,C3,"HTTP
SF:/1\.1\x20400\x20Illegal\x20character\x20CNTL=0x0\r\nContent-Type:\x20te
SF:xt/html;charset=iso-8859-1\r\nContent-Length:\x2069\r\nConnection:\x20c
SF:lose\r\n\r\n<h1>Bad\x20Message\x20400</h1><pre>reason:\x20Illegal\x20ch
SF:aracter\x20CNTL=0x0</pre>")%r(DNSStatusRequestTCP,C3,"HTTP/1\.1\x20400\
SF:x20Illegal\x20character\x20CNTL=0x0\r\nContent-Type:\x20text/html;chars
SF:et=iso-8859-1\r\nContent-Length:\x2069\r\nConnection:\x20close\r\n\r\n<
SF:h1>Bad\x20Message\x20400</h1><pre>reason:\x20Illegal\x20character\x20CN
SF:TL=0x0</pre>")%r(Help,9B,"HTTP/1\.1\x20400\x20No\x20URI\r\nContent-Type
SF::\x20text/html;charset=iso-8859-1\r\nContent-Length:\x2049\r\nConnectio
SF:n:\x20close\r\n\r\n<h1>Bad\x20Message\x20400</h1><pre>reason:\x20No\x20
SF:URI</pre>")%r(SSLSessionReq,C5,"HTTP/1\.1\x20400\x20Illegal\x20characte
SF:r\x20CNTL=0x16\r\nContent-Type:\x20text/html;charset=iso-8859-1\r\nCont
SF:ent-Length:\x2070\r\nConnection:\x20close\r\n\r\n<h1>Bad\x20Message\x20
SF:400</h1><pre>reason:\x20Illegal\x20character\x20CNTL=0x16</pre>");
Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 52338/tcp): CLEAN (Couldn't connect)
| Check 2 (port 37501/tcp): CLEAN (Couldn't connect)
| Check 3 (port 7339/udp): CLEAN (Failed to receive data)
| Check 4 (port 24498/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
|_clock-skew: mean: 0s, deviation: 0s, median: 0s
| smb2-time:
| date: 2024-03-01T17:46:44
|_ start_date: N/A
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar 1 12:47:00 2024 -- 1 IP address (1 host up) scanned in 105.83 seconds
Gobuster (DNS) Scan
DirBuster Scan
No Results
Nuclei Scan
[caa-fingerprint] [dns] [info] jab.htb
[smb-enum] [javascript] [info] jab.htb:445 ["OSVersion: 10.0.17763","NetBIOSComputerName: DC01","NetBIOSDomainName: JAB","DNSComputerNamen: DC01.jab.htb","DNSComputerName: DC01.jab.htb","ForestName: jab.htb"]
[smb2-capabilities] [javascript] [info] jab.htb:445 ["[\"DFSSupport\",\"LargeMTU\",\"Leasing\"]"]
Automation Summary
The Nmap scan reveals several open ports and services on the target machine "jab.htb" (IP: 10.10.11.4). Notably, there are services such as domain (53/tcp), Kerberos (88/tcp), MSRPC (135/tcp), NetBIOS (139/tcp), LDAP (389/tcp, 636/tcp, 3268/tcp, 3269/tcp), and RPC over HTTP (593/tcp). These services suggest that the machine is likely a Windows domain controller or part of a Windows Active Directory environment. Additionally, there are SSL certificates associated with LDAP services, indicating secure communication. Some ports like 445/tcp (microsoft-ds), 464/tcp (kpasswd5), and 3268/tcp, 3269/tcp (LDAP over SSL) are open, suggesting potential avenues for further exploration, possibly for exploiting vulnerabilities or misconfigurations in these services. The presence of SSL certificates suggests the use of encryption for secure communication, which can impact potential attack vectors.
AI Generated
User Own
Root Own
Summary
AI Generated