Haze
Última actualización
¿Te fue útil?
Última actualización
¿Te fue útil?
Realizaremos un reconocimiento con nmap para ver los puertos que están expuestos en la máquina Haze. Este resultado lo almacenaremos en un archivo llamado allPorts.
❯ nmap -p- --open -sS --min-rate 1000 -vvv -Pn -n 10.129.140.67 -oG allPorts
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-30 10:49 CEST
Initiating SYN Stealth Scan at 10:49
Scanning 10.129.140.67 [65535 ports]
Discovered open port 445/tcp on 10.129.140.67
Discovered open port 135/tcp on 10.129.140.67
Discovered open port 53/tcp on 10.129.140.67
Discovered open port 139/tcp on 10.129.140.67
Discovered open port 464/tcp on 10.129.140.67
Discovered open port 63777/tcp on 10.129.140.67
Discovered open port 49667/tcp on 10.129.140.67
Discovered open port 49664/tcp on 10.129.140.67
Discovered open port 49668/tcp on 10.129.140.67
Discovered open port 47001/tcp on 10.129.140.67
Discovered open port 3268/tcp on 10.129.140.67
Discovered open port 49672/tcp on 10.129.140.67
Discovered open port 49665/tcp on 10.129.140.67
Discovered open port 49665/tcp on 10.129.140.67
Discovered open port 64517/tcp on 10.129.140.67
Discovered open port 64512/tcp on 10.129.140.67
Discovered open port 8089/tcp on 10.129.140.67
Discovered open port 3269/tcp on 10.129.140.67
Discovered open port 49681/tcp on 10.129.140.67
Discovered open port 8000/tcp on 10.129.140.67
Discovered open port 5985/tcp on 10.129.140.67
Discovered open port 49666/tcp on 10.129.140.67
Discovered open port 389/tcp on 10.129.140.67
Discovered open port 8088/tcp on 10.129.140.67
Discovered open port 64531/tcp on 10.129.140.67
Discovered open port 64551/tcp on 10.129.140.67
Discovered open port 88/tcp on 10.129.140.67
Discovered open port 88/tcp on 10.129.140.67
Discovered open port 9389/tcp on 10.129.140.67
Discovered open port 593/tcp on 10.129.140.67
Discovered open port 49684/tcp on 10.129.140.67
Discovered open port 636/tcp on 10.129.140.67
Completed SYN Stealth Scan at 10:49, 21.56s elapsed (65535 total ports)
Nmap scan report for 10.129.140.67
Host is up, received user-set (0.049s latency).
Scanned at 2025-03-30 10:49:35 CEST for 21s
Not shown: 65256 closed tcp ports (reset), 249 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE REASON
53/tcp open domain syn-ack ttl 127
88/tcp open kerberos-sec syn-ack ttl 127
135/tcp open msrpc syn-ack ttl 127
139/tcp open netbios-ssn syn-ack ttl 127
389/tcp open ldap syn-ack ttl 127
445/tcp open microsoft-ds syn-ack ttl 127
464/tcp open kpasswd5 syn-ack ttl 127
593/tcp open http-rpc-epmap syn-ack ttl 127
636/tcp open ldapssl syn-ack ttl 127
3268/tcp open globalcatLDAP syn-ack ttl 127
3269/tcp open globalcatLDAPssl syn-ack ttl 127
5985/tcp open wsman syn-ack ttl 127
8000/tcp open http-alt syn-ack ttl 127
8088/tcp open radan-http syn-ack ttl 127
8089/tcp open unknown syn-ack ttl 127
9389/tcp open adws syn-ack ttl 127
47001/tcp open winrm syn-ack ttl 127
49664/tcp open unknown syn-ack ttl 127
49665/tcp open unknown syn-ack ttl 127
49666/tcp open unknown syn-ack ttl 127
49667/tcp open unknown syn-ack ttl 127
49668/tcp open unknown syn-ack ttl 127
49672/tcp open unknown syn-ack ttl 127
49681/tcp open unknown syn-ack ttl 127
49684/tcp open unknown syn-ack ttl 127
63777/tcp open unknown syn-ack ttl 127
64512/tcp open unknown syn-ack ttl 127
64517/tcp open unknown syn-ack ttl 127
64531/tcp open unknown syn-ack ttl 127
64551/tcp open unknown syn-ack ttl 127
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 21.67 seconds
Raw packets sent: 75837 (3.337MB) | Rcvd: 67193 (2.688MB)If you need a hint or want to discuss anything related to the box, feel free to reach out to me on Discord.
⚠️ This box is still active on HackTheBox. Once retired, this article will be published for public access as per .
