NMAP OF VICTIM
{
nmap victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 15:57 EDT
Nmap scan report for victim (10.10.10.134)
Host is up (0.038s latency).
rDNS record for 10.10.10.134: victim.com
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
Nmap done: 1 IP address (1 host up) scanned in 0.92 seconds
}//end nmap reg scan
NMAP ALL PORTS
{
nmap -p- -T4 victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:00 EDT
Nmap scan report for victim (10.10.10.134)
Host is up (0.036s latency).
rDNS record for 10.10.10.134: victim.com
Not shown: 65522 closed ports
PORT STATE SERVICE
22/tcp open ssh
135/tcp open msrpc
139/tnmapcp open netbios-ssn
445/tcp open microsoft-ds
5985/tcp open wsman
47001/tcp open winrm
49664/tcp open unknown
49665/tcp open unknown
49666/tcp open unknown
49667/tcp open unknown
49668/tcp open unknown
49669/tcp open unknown
49670/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 26.78 seconds
}//end all ports scan
NMAP SERVICE SCAN ON PORT 5985
{
nmap -sV -p 5985 victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:02 EDT
Nmap scan report for victim (10.10.10.134)
Host is up (0.036s latency).
rDNS record for 10.10.10.134: victim.com
PORT STATE SERVICE VERSION
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/
Nmap done: 1 IP address (1 host up) scanned in 7.10 seconds
}//end service scan on port 5985
NMAP SERVICE SCAN ON PORT 47001
{
nmap -sV -p 47001 victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:05 EDT
Nmap scan report for victim (10.10.10.134)
Host is up (0.057s latency).
rDNS record for 10.10.10.134: victim.com
PORT STATE SERVICE VERSION
47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/
Nmap done: 1 IP address (1 host up) scanned in 12.94 seconds
}//end service scan
NMAP SERVICE SCAN ON PORT 49670
{
nmap -sV -p 49670 victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:06 EDT
Nmap scan report for victim (10.10.10.134)
Host is up (0.14s latency).
rDNS record for 10.10.10.134: victim.com
PORT STATE SERVICE VERSION
49670/tcp open msrpc Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/
Nmap done: 1 IP address (1 host up) scanned in 55.43 seconds
}//end service scan on port 49670
NMAP SCAN ON PORTS 49664-49670
{
nmap -sV -p 49670,49669,49668,49667,49666,49665,49664 victim
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-25 16:11 EDT
Nmap scan report for victim (10.10.10.134)
Host is up (0.041s latency).
rDNS record for 10.10.10.134: victim.com
PORT STATE SERVICE VERSION
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49670/tcp open msrpc Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/
Nmap done: 1 IP address (1 host up) scanned in 55.62 seconds
}//end port scan on 49664-49670
HOW TO VIEW SMB FILESrrnm
{
Pull up explorer in Linux.........smb://ipaddress
}
MOUNT COMMAND TO MOUNT
{
guestmount --add /root/Desktop/9b9cfbc3-369e-11e9-a17c-806e6f6e6963.vhd --inspector /mnt/remote -v
}
SSH LOGIN
{
ssh L4mpje@10.10.10.134
PASS: bureaulampje
}