NMAP OF VICTIM { nmap victim Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 15:57 EDT Nmap scan report for victim (10.10.10.134) Host is up (0.038s latency). rDNS record for 10.10.10.134: victim.com Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds Nmap done: 1 IP address (1 host up) scanned in 0.92 seconds }//end nmap reg scan NMAP ALL PORTS { nmap -p- -T4 victim Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:00 EDT Nmap scan report for victim (10.10.10.134) Host is up (0.036s latency). rDNS record for 10.10.10.134: victim.com Not shown: 65522 closed ports PORT STATE SERVICE 22/tcp open ssh 135/tcp open msrpc 139/tnmapcp open netbios-ssn 445/tcp open microsoft-ds 5985/tcp open wsman 47001/tcp open winrm 49664/tcp open unknown 49665/tcp open unknown 49666/tcp open unknown 49667/tcp open unknown 49668/tcp open unknown 49669/tcp open unknown 49670/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 26.78 seconds }//end all ports scan NMAP SERVICE SCAN ON PORT 5985 { nmap -sV -p 5985 victim Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:02 EDT Nmap scan report for victim (10.10.10.134) Host is up (0.036s latency). rDNS record for 10.10.10.134: victim.com PORT STATE SERVICE VERSION 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 7.10 seconds }//end service scan on port 5985 NMAP SERVICE SCAN ON PORT 47001 { nmap -sV -p 47001 victim Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:05 EDT Nmap scan report for victim (10.10.10.134) Host is up (0.057s latency). rDNS record for 10.10.10.134: victim.com PORT STATE SERVICE VERSION 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 12.94 seconds }//end service scan NMAP SERVICE SCAN ON PORT 49670 { nmap -sV -p 49670 victim Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:06 EDT Nmap scan report for victim (10.10.10.134) Host is up (0.14s latency). rDNS record for 10.10.10.134: victim.com PORT STATE SERVICE VERSION 49670/tcp open msrpc Microsoft Windows RPC Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 55.43 seconds }//end service scan on port 49670 NMAP SCAN ON PORTS 49664-49670 { nmap -sV -p 49670,49669,49668,49667,49666,49665,49664 victim Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:11 EDT Nmap scan report for victim (10.10.10.134) Host is up (0.041s latency). rDNS record for 10.10.10.134: victim.com PORT STATE SERVICE VERSION 49664/tcp open msrpc Microsoft Windows RPC 49665/tcp open msrpc Microsoft Windows RPC 49666/tcp open msrpc Microsoft Windows RPC 49667/tcp open msrpc Microsoft Windows RPC 49668/tcp open msrpc Microsoft Windows RPC 49669/tcp open msrpc Microsoft Windows RPC 49670/tcp open msrpc Microsoft Windows RPC Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 55.62 seconds }//end port scan on 49664-49670 HOW TO VIEW SMB FILESrrnm { Pull up explorer in Linux.........smb://ipaddress } MOUNT COMMAND TO MOUNT VHkcirtap12zdx { guestmount --add /root/Desktop/9b9cfbc3-369e-11e9-a17c-806e6f6e6963.vhd --inspector /mnt/remote -v } SSH LOGIN { ssh L4mpje@10.10.10.134 PASS: bureaulampje }