Manager
Description
Automated Scanning
NMap Scan
# Nmap 7.94SVN scan initiated Fri Mar 1 16:07:13 2024 as: nmap -sC -sV -vvv -T4 -oN Data/Machines/manager/nmap.txt 10.10.11.236
Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service http with the regex '^HTTP/1\.1 \d\d\d (?:[^\r\n]*\r\n(?!\r\n))*?.*\r\nServer: Virata-EmWeb/R([\d_]+)\r\nContent-Type: text/html; ?charset=UTF-8\r\nExpires: .*<title>HP (Color |)LaserJet ([\w._ -]+) '
Nmap scan report for manager.htb (10.10.11.236)
Host is up, received syn-ack (0.097s latency).
Scanned at 2024-03-01 16:07:13 EST for 108s
Not shown: 987 filtered tcp ports (no-response)
PORT STATE SERVICE REASON VERSION
53/tcp open domain syn-ack Simple DNS Plus
80/tcp open http syn-ack Microsoft IIS httpd 10.0
|_http-title: Manager
|_http-server-header: Microsoft-IIS/10.0
| http-methods:
| Supported Methods: OPTIONS TRACE GET HEAD POST
|_ Potentially risky methods: TRACE
88/tcp open kerberos-sec syn-ack Microsoft Windows Kerberos (server time: 2024-03-02 04:07:30Z)
135/tcp open msrpc syn-ack Microsoft Windows RPC
139/tcp open netbios-ssn syn-ack Microsoft Windows netbios-ssn
389/tcp open ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: manager.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2024-03-02T04:09:01+00:00; +7h00m00s from scanner time.
| ssl-cert: Subject: commonName=dc01.manager.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc01.manager.htb
| Issuer: commonName=manager-DC01-CA/domainComponent=manager
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-07-30T13:51:28
| Not valid after: 2024-07-29T13:51:28
| MD5: 8f4d:67bc:2117:e4d5:43e9:76bd:1212:b562
| SHA-1: 6779:9506:0167:b030:ce92:6a31:f81c:0800:1c0e:29fb
| -----BEGIN CERTIFICATE-----
| MIIGMDCCBRigAwIBAgITXwAAAAnyIQ82Fp4XhwAAAAAACTANBgkqhkiG9w0BAQsF
| ADBIMRMwEQYKCZImiZPyLGQBGRYDaHRiMRcwFQYKCZImiZPyLGQBGRYHbWFuYWdl
| cjEYMBYGA1UEAxMPbWFuYWdlci1EQzAxLUNBMB4XDTIzMDczMDEzNTEyOFoXDTI0
| MDcyOTEzNTEyOFowGzEZMBcGA1UEAxMQZGMwMS5tYW5hZ2VyLmh0YjCCASIwDQYJ
| KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6FZPVxgTeMZrtGt8BkU233VTv/sRli
| qkDCEGRyikhD6pf0MUk6v9l09Gp6nq93/96cpaRR+/kvtWr/YwjrF33GWwQDzkU+
| VBVaOXkCxS4EfuFSEFSnzfkHXmhNHnKFBqZkIkLAxWGMIsfqNhWhOsEnegm8nwRX
| 34iT2Y+evoi/2n/JvH2j/aBRMrHBXCURX6sL9hbdEbcLgxSddmmau3Tfchl0x64I
| wUlGXx50v/WPIQ3o5knB7aYRL7slrZMy/5+d6Li4q87BE5GFg9f7qWSfusV7bdGD
| B0yLyyZ5sRivyTd6rnSISAxLiSs9b+9b6fLUrtKM4JDyarQ86z2j/VUCAwEAAaOC
| Az4wggM6MC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8A
| bABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/
| BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3
| DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjAL
| BglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwTwYJKwYBBAGCNxkCBEIw
| QKA+BgorBgEEAYI3GQIBoDAELlMtMS01LTIxLTQwNzgzODIyMzctMTQ5MjE4Mjgx
| Ny0yNTY4MTI3MjA5LTEwMDAwPAYDVR0RBDUwM6AfBgkrBgEEAYI3GQGgEgQQOm30
| bCF+E0qwNjyE3ccVpoIQZGMwMS5tYW5hZ2VyLmh0YjAdBgNVHQ4EFgQUt2gOEWz4
| cWjj7uIqK6lyCs6KVp8wHwYDVR0jBBgwFoAUOsv0Ls2JyCQ2Zo85WAYOIr8wDkww
| gcoGA1UdHwSBwjCBvzCBvKCBuaCBtoaBs2xkYXA6Ly8vQ049bWFuYWdlci1EQzAx
| LUNBLENOPWRjMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
| PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9bWFuYWdlcixEQz1odGI/Y2Vy
| dGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3Ry
| aWJ1dGlvblBvaW50MIHBBggrBgEFBQcBAQSBtDCBsTCBrgYIKwYBBQUHMAKGgaFs
| ZGFwOi8vL0NOPW1hbmFnZXItREMwMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5
| JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1tYW5h
| Z2VyLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm
| aWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEACQf6JKTDh+L5K/Vz
| jmyEc8OlzzW4CUrAkJx2OJDoxSiELEMcdsswqBgQR5XtJIUa4iiPZjbepPgWzyZN
| qY5LiuuuLJdmF3GVr39Bc9/dn8LXqYX9npL5UkV0pFyiNcK5bgdRLMra3vXtjNsQ
| 9fos0a0dSM0Z+Pc40tJFLjQ1unn5kkU9uYA/np8z0q5V1GCP2Wqm0/6+OEaZHFQw
| 5j26ZQnOvmTaOmy+TI2Be3+PQNqUgnTODMgHr0IYuPWTy1U8nMR9NhWtdywa07A3
| 5U81h/XKD4e21fDdv4wge+LFubtqzOqOKWXlrOXcfdc7dBdRt+tD3bIcTO63AQFC
| A0xH1Q==
|_-----END CERTIFICATE-----
445/tcp open microsoft-ds? syn-ack
464/tcp open kpasswd5? syn-ack
593/tcp open ncacn_http syn-ack Microsoft Windows RPC over HTTP 1.0
636/tcp open ssl/ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: manager.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=dc01.manager.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc01.manager.htb
| Issuer: commonName=manager-DC01-CA/domainComponent=manager
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-07-30T13:51:28
| Not valid after: 2024-07-29T13:51:28
| MD5: 8f4d:67bc:2117:e4d5:43e9:76bd:1212:b562
| SHA-1: 6779:9506:0167:b030:ce92:6a31:f81c:0800:1c0e:29fb
| -----BEGIN CERTIFICATE-----
| MIIGMDCCBRigAwIBAgITXwAAAAnyIQ82Fp4XhwAAAAAACTANBgkqhkiG9w0BAQsF
| ADBIMRMwEQYKCZImiZPyLGQBGRYDaHRiMRcwFQYKCZImiZPyLGQBGRYHbWFuYWdl
| cjEYMBYGA1UEAxMPbWFuYWdlci1EQzAxLUNBMB4XDTIzMDczMDEzNTEyOFoXDTI0
| MDcyOTEzNTEyOFowGzEZMBcGA1UEAxMQZGMwMS5tYW5hZ2VyLmh0YjCCASIwDQYJ
| KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6FZPVxgTeMZrtGt8BkU233VTv/sRli
| qkDCEGRyikhD6pf0MUk6v9l09Gp6nq93/96cpaRR+/kvtWr/YwjrF33GWwQDzkU+
| VBVaOXkCxS4EfuFSEFSnzfkHXmhNHnKFBqZkIkLAxWGMIsfqNhWhOsEnegm8nwRX
| 34iT2Y+evoi/2n/JvH2j/aBRMrHBXCURX6sL9hbdEbcLgxSddmmau3Tfchl0x64I
| wUlGXx50v/WPIQ3o5knB7aYRL7slrZMy/5+d6Li4q87BE5GFg9f7qWSfusV7bdGD
| B0yLyyZ5sRivyTd6rnSISAxLiSs9b+9b6fLUrtKM4JDyarQ86z2j/VUCAwEAAaOC
| Az4wggM6MC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8A
| bABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/
| BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3
| DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjAL
| BglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwTwYJKwYBBAGCNxkCBEIw
| QKA+BgorBgEEAYI3GQIBoDAELlMtMS01LTIxLTQwNzgzODIyMzctMTQ5MjE4Mjgx
| Ny0yNTY4MTI3MjA5LTEwMDAwPAYDVR0RBDUwM6AfBgkrBgEEAYI3GQGgEgQQOm30
| bCF+E0qwNjyE3ccVpoIQZGMwMS5tYW5hZ2VyLmh0YjAdBgNVHQ4EFgQUt2gOEWz4
| cWjj7uIqK6lyCs6KVp8wHwYDVR0jBBgwFoAUOsv0Ls2JyCQ2Zo85WAYOIr8wDkww
| gcoGA1UdHwSBwjCBvzCBvKCBuaCBtoaBs2xkYXA6Ly8vQ049bWFuYWdlci1EQzAx
| LUNBLENOPWRjMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
| PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9bWFuYWdlcixEQz1odGI/Y2Vy
| dGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3Ry
| aWJ1dGlvblBvaW50MIHBBggrBgEFBQcBAQSBtDCBsTCBrgYIKwYBBQUHMAKGgaFs
| ZGFwOi8vL0NOPW1hbmFnZXItREMwMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5
| JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1tYW5h
| Z2VyLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm
| aWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEACQf6JKTDh+L5K/Vz
| jmyEc8OlzzW4CUrAkJx2OJDoxSiELEMcdsswqBgQR5XtJIUa4iiPZjbepPgWzyZN
| qY5LiuuuLJdmF3GVr39Bc9/dn8LXqYX9npL5UkV0pFyiNcK5bgdRLMra3vXtjNsQ
| 9fos0a0dSM0Z+Pc40tJFLjQ1unn5kkU9uYA/np8z0q5V1GCP2Wqm0/6+OEaZHFQw
| 5j26ZQnOvmTaOmy+TI2Be3+PQNqUgnTODMgHr0IYuPWTy1U8nMR9NhWtdywa07A3
| 5U81h/XKD4e21fDdv4wge+LFubtqzOqOKWXlrOXcfdc7dBdRt+tD3bIcTO63AQFC
| A0xH1Q==
|_-----END CERTIFICATE-----
|_ssl-date: 2024-03-02T04:09:00+00:00; +7h00m01s from scanner time.
1433/tcp open ms-sql-s syn-ack Microsoft SQL Server 2019 15.00.2000
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-03-01T19:09:36
| Not valid after: 2054-03-01T19:09:36
| MD5: dcbf:e958:043f:6e06:fd90:2948:839e:2877
| SHA-1: 8627:12fd:6e4e:f7f3:fe71:8430:8b48:fedb:4e2e:ffda
| -----BEGIN CERTIFICATE-----
| MIIDADCCAeigAwIBAgIQOs7THvIcJ4xNbgK1EUfJPzANBgkqhkiG9w0BAQsFADA7
| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
| bABsAGIAYQBjAGswIBcNMjQwMzAxMTkwOTM2WhgPMjA1NDAzMDExOTA5MzZaMDsx
| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
| AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKc58bDj
| Q2/KEDyvNukTd+nZ7zp7ywpKgsBDTd5NnwlIvZqbjeAW5fiat2JceR5kcN5HgDAT
| RR0Kf0zfpIuKScFPAoS3s6e//avhRNZgwXqd+lugmkSPGfkk65TdTvfPmku5kFnY
| Js2dHsDKPXdNHBELgLB57XgKYVpKuFI+JYg66Sp2psfPYMP1gGBOqP8r8+eMdK6r
| 5tvD2OH3VCg+hRj+Lc4877SMihH7j/aTHTWX+w4T5tVYaJCLJu4hBS/zPtPfxqQn
| gccYG3Gc/Oq7BLjCxWslBwu7+p6EZFOuy61vqGXlDBHIfbvezx4VcnD3Wp4P2YEW
| TWSez9AtobuOVY0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAHy6d2bwLE/A5aLjG
| QMyPw4QV7DlDmlcIAwn6nEINXSF/VutQYIUwKJBLSHlVlLZY3Su+bo4EsrXsh4Iy
| bmieNVltjooJPXiSM3CugyfkUGru3afCqsulIE4nqUjOJsBFVzeR1JOfvP8vxeEm
| Qk4CWPC5mBvGyjV0mry3vKn7gHBUDsCvNFoU5ACbDzpbEtyUFQadmoeRUZr0pBrX
| YYWwdOUP1pd0rV4XPmUUxb4jWqrUujckzsWinUi9gnRiDqqVuwo0yevP0ChAdo0m
| ICpiFIR0aJztsn8yf7zYH/Q7dXzNHfwenYEMfL4U4XEogh8/hZEHIPVG5zMVBBNh
| Y+EZPA==
|_-----END CERTIFICATE-----
|_ssl-date: 2024-03-02T04:09:01+00:00; +7h00m00s from scanner time.
3268/tcp open ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: manager.htb0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=dc01.manager.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc01.manager.htb
| Issuer: commonName=manager-DC01-CA/domainComponent=manager
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-07-30T13:51:28
| Not valid after: 2024-07-29T13:51:28
| MD5: 8f4d:67bc:2117:e4d5:43e9:76bd:1212:b562
| SHA-1: 6779:9506:0167:b030:ce92:6a31:f81c:0800:1c0e:29fb
| -----BEGIN CERTIFICATE-----
| MIIGMDCCBRigAwIBAgITXwAAAAnyIQ82Fp4XhwAAAAAACTANBgkqhkiG9w0BAQsF
| ADBIMRMwEQYKCZImiZPyLGQBGRYDaHRiMRcwFQYKCZImiZPyLGQBGRYHbWFuYWdl
| cjEYMBYGA1UEAxMPbWFuYWdlci1EQzAxLUNBMB4XDTIzMDczMDEzNTEyOFoXDTI0
| MDcyOTEzNTEyOFowGzEZMBcGA1UEAxMQZGMwMS5tYW5hZ2VyLmh0YjCCASIwDQYJ
| KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6FZPVxgTeMZrtGt8BkU233VTv/sRli
| qkDCEGRyikhD6pf0MUk6v9l09Gp6nq93/96cpaRR+/kvtWr/YwjrF33GWwQDzkU+
| VBVaOXkCxS4EfuFSEFSnzfkHXmhNHnKFBqZkIkLAxWGMIsfqNhWhOsEnegm8nwRX
| 34iT2Y+evoi/2n/JvH2j/aBRMrHBXCURX6sL9hbdEbcLgxSddmmau3Tfchl0x64I
| wUlGXx50v/WPIQ3o5knB7aYRL7slrZMy/5+d6Li4q87BE5GFg9f7qWSfusV7bdGD
| B0yLyyZ5sRivyTd6rnSISAxLiSs9b+9b6fLUrtKM4JDyarQ86z2j/VUCAwEAAaOC
| Az4wggM6MC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8A
| bABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/
| BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3
| DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjAL
| BglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwTwYJKwYBBAGCNxkCBEIw
| QKA+BgorBgEEAYI3GQIBoDAELlMtMS01LTIxLTQwNzgzODIyMzctMTQ5MjE4Mjgx
| Ny0yNTY4MTI3MjA5LTEwMDAwPAYDVR0RBDUwM6AfBgkrBgEEAYI3GQGgEgQQOm30
| bCF+E0qwNjyE3ccVpoIQZGMwMS5tYW5hZ2VyLmh0YjAdBgNVHQ4EFgQUt2gOEWz4
| cWjj7uIqK6lyCs6KVp8wHwYDVR0jBBgwFoAUOsv0Ls2JyCQ2Zo85WAYOIr8wDkww
| gcoGA1UdHwSBwjCBvzCBvKCBuaCBtoaBs2xkYXA6Ly8vQ049bWFuYWdlci1EQzAx
| LUNBLENOPWRjMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
| PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9bWFuYWdlcixEQz1odGI/Y2Vy
| dGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3Ry
| aWJ1dGlvblBvaW50MIHBBggrBgEFBQcBAQSBtDCBsTCBrgYIKwYBBQUHMAKGgaFs
| ZGFwOi8vL0NOPW1hbmFnZXItREMwMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5
| JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1tYW5h
| Z2VyLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm
| aWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEACQf6JKTDh+L5K/Vz
| jmyEc8OlzzW4CUrAkJx2OJDoxSiELEMcdsswqBgQR5XtJIUa4iiPZjbepPgWzyZN
| qY5LiuuuLJdmF3GVr39Bc9/dn8LXqYX9npL5UkV0pFyiNcK5bgdRLMra3vXtjNsQ
| 9fos0a0dSM0Z+Pc40tJFLjQ1unn5kkU9uYA/np8z0q5V1GCP2Wqm0/6+OEaZHFQw
| 5j26ZQnOvmTaOmy+TI2Be3+PQNqUgnTODMgHr0IYuPWTy1U8nMR9NhWtdywa07A3
| 5U81h/XKD4e21fDdv4wge+LFubtqzOqOKWXlrOXcfdc7dBdRt+tD3bIcTO63AQFC
| A0xH1Q==
|_-----END CERTIFICATE-----
|_ssl-date: 2024-03-02T04:09:01+00:00; +7h00m00s from scanner time.
3269/tcp open ssl/ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: manager.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2024-03-02T04:09:00+00:00; +7h00m01s from scanner time.
| ssl-cert: Subject: commonName=dc01.manager.htb
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc01.manager.htb
| Issuer: commonName=manager-DC01-CA/domainComponent=manager
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-07-30T13:51:28
| Not valid after: 2024-07-29T13:51:28
| MD5: 8f4d:67bc:2117:e4d5:43e9:76bd:1212:b562
| SHA-1: 6779:9506:0167:b030:ce92:6a31:f81c:0800:1c0e:29fb
| -----BEGIN CERTIFICATE-----
| MIIGMDCCBRigAwIBAgITXwAAAAnyIQ82Fp4XhwAAAAAACTANBgkqhkiG9w0BAQsF
| ADBIMRMwEQYKCZImiZPyLGQBGRYDaHRiMRcwFQYKCZImiZPyLGQBGRYHbWFuYWdl
| cjEYMBYGA1UEAxMPbWFuYWdlci1EQzAxLUNBMB4XDTIzMDczMDEzNTEyOFoXDTI0
| MDcyOTEzNTEyOFowGzEZMBcGA1UEAxMQZGMwMS5tYW5hZ2VyLmh0YjCCASIwDQYJ
| KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6FZPVxgTeMZrtGt8BkU233VTv/sRli
| qkDCEGRyikhD6pf0MUk6v9l09Gp6nq93/96cpaRR+/kvtWr/YwjrF33GWwQDzkU+
| VBVaOXkCxS4EfuFSEFSnzfkHXmhNHnKFBqZkIkLAxWGMIsfqNhWhOsEnegm8nwRX
| 34iT2Y+evoi/2n/JvH2j/aBRMrHBXCURX6sL9hbdEbcLgxSddmmau3Tfchl0x64I
| wUlGXx50v/WPIQ3o5knB7aYRL7slrZMy/5+d6Li4q87BE5GFg9f7qWSfusV7bdGD
| B0yLyyZ5sRivyTd6rnSISAxLiSs9b+9b6fLUrtKM4JDyarQ86z2j/VUCAwEAAaOC
| Az4wggM6MC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8A
| bABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/
| BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3
| DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjAL
| BglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwTwYJKwYBBAGCNxkCBEIw
| QKA+BgorBgEEAYI3GQIBoDAELlMtMS01LTIxLTQwNzgzODIyMzctMTQ5MjE4Mjgx
| Ny0yNTY4MTI3MjA5LTEwMDAwPAYDVR0RBDUwM6AfBgkrBgEEAYI3GQGgEgQQOm30
| bCF+E0qwNjyE3ccVpoIQZGMwMS5tYW5hZ2VyLmh0YjAdBgNVHQ4EFgQUt2gOEWz4
| cWjj7uIqK6lyCs6KVp8wHwYDVR0jBBgwFoAUOsv0Ls2JyCQ2Zo85WAYOIr8wDkww
| gcoGA1UdHwSBwjCBvzCBvKCBuaCBtoaBs2xkYXA6Ly8vQ049bWFuYWdlci1EQzAx
| LUNBLENOPWRjMDEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
| PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9bWFuYWdlcixEQz1odGI/Y2Vy
| dGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3Ry
| aWJ1dGlvblBvaW50MIHBBggrBgEFBQcBAQSBtDCBsTCBrgYIKwYBBQUHMAKGgaFs
| ZGFwOi8vL0NOPW1hbmFnZXItREMwMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5
| JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1tYW5h
| Z2VyLERDPWh0Yj9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlm
| aWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEACQf6JKTDh+L5K/Vz
| jmyEc8OlzzW4CUrAkJx2OJDoxSiELEMcdsswqBgQR5XtJIUa4iiPZjbepPgWzyZN
| qY5LiuuuLJdmF3GVr39Bc9/dn8LXqYX9npL5UkV0pFyiNcK5bgdRLMra3vXtjNsQ
| 9fos0a0dSM0Z+Pc40tJFLjQ1unn5kkU9uYA/np8z0q5V1GCP2Wqm0/6+OEaZHFQw
| 5j26ZQnOvmTaOmy+TI2Be3+PQNqUgnTODMgHr0IYuPWTy1U8nMR9NhWtdywa07A3
| 5U81h/XKD4e21fDdv4wge+LFubtqzOqOKWXlrOXcfdc7dBdRt+tD3bIcTO63AQFC
| A0xH1Q==
|_-----END CERTIFICATE-----
Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: 7h00m00s, deviation: 0s, median: 6h59m59s
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 4401/tcp): CLEAN (Timeout)
| Check 2 (port 60863/tcp): CLEAN (Timeout)
| Check 3 (port 12164/udp): CLEAN (Timeout)
| Check 4 (port 41228/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
| smb2-time:
| date: 2024-03-02T04:08:22
|_ start_date: N/A
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Mar 1 16:09:01 2024 -- 1 IP address (1 host up) scanned in 108.51 seconds
Gobuster (DNS) Scan
DirBuster Scan
No Results
Nuclei Scan
[caa-fingerprint] [dns] [info] manager.htb
[options-method] [http] [info] http://manager.htb ["OPTIONS, TRACE, GET, HEAD, POST"]
[microsoft-iis-version] [http] [info] http://manager.htb ["Microsoft-IIS/10.0"]
[tech-detect:owl-carousel] [http] [info] http://manager.htb
[tech-detect:font-awesome] [http] [info] http://manager.htb
[tech-detect:bootstrap] [http] [info] http://manager.htb
[tech-detect:google-font-api] [http] [info] http://manager.htb
[tech-detect:ms-iis] [http] [info] http://manager.htb
[old-copyright] [http] [info] http://manager.htb ["© 2019"]
[http-missing-security-headers:x-frame-options] [http] [info] http://manager.htb
[http-missing-security-headers:cross-origin-embedder-policy] [http] [info] http://manager.htb
[http-missing-security-headers:referrer-policy] [http] [info] http://manager.htb
[http-missing-security-headers:clear-site-data] [http] [info] http://manager.htb
[http-missing-security-headers:cross-origin-opener-policy] [http] [info] http://manager.htb
[http-missing-security-headers:strict-transport-security] [http] [info] http://manager.htb
[http-missing-security-headers:content-security-policy] [http] [info] http://manager.htb
[http-missing-security-headers:permissions-policy] [http] [info] http://manager.htb
[http-missing-security-headers:x-content-type-options] [http] [info] http://manager.htb
[http-missing-security-headers:x-permitted-cross-domain-policies] [http] [info] http://manager.htb
[http-missing-security-headers:cross-origin-resource-policy] [http] [info] http://manager.htb
[iis-shortname] [http] [info] http://manager.htb/*~1*/a.aspx'
[waf-detect:modsecurity] [http] [info] http://manager.htb/
[mssql-detect] [javascript] [info] manager.htb:1433
[smb2-capabilities] [javascript] [info] manager.htb:445 ["[\"DFSSupport\",\"LargeMTU\",\"Leasing\"]"]
[smb-enum] [javascript] [info] manager.htb:445 ["OSVersion: 10.0.17763","NetBIOSComputerName: DC01","NetBIOSDomainName: MANAGER","DNSComputerNamen: dc01.manager.htb","DNSComputerName: dc01.manager.htb","ForestName: manager.htb"]
[smb-shares] [javascript] [low] manager.htb:445 ["ADMIN$","C$","IPC$","NETLOGON","SYSVOL"]
Automation Summary
The Nmap scan reveals several open ports and services on the target machine:
- Port 53/tcp is open, running Simple DNS Plus.
- Port 80/tcp is open, serving HTTP with Microsoft IIS 10.0.
- Port 88/tcp is open, likely Kerberos authentication.
- Port 135/tcp is open, indicating Microsoft Windows RPC.
- Port 139/tcp is open for NetBIOS session service.
- Port 389/tcp is open for LDAP, Active Directory services.
- Port 445/tcp is open, possibly for Microsoft-DS (Directory Services).
- Port 464/tcp is open for Kerberos password changing.
- Port 593/tcp is open, which may indicate Microsoft Windows RPC over HTTP.
- Port 636/tcp is open, serving SSL/encrypted LDAP for Active Directory.
- Port 1433/tcp is open for Microsoft SQL Server 2019.
- Port 3268/tcp and 3269/tcp are open for LDAP and SSL/LDAP, respectively, likely part of Active Directory services.
Further exploration and enumeration are required, especially focusing on potential vulnerabilities or misconfigurations in the identified services.
AI Generated
User Own
Root Own
Summary
AI Generated