Realizaremos un reconocimiento con nmappara ver los puertos que están expuestos en la máquina TheFrizz. Este resultado lo almacenaremos en un archivo llamado allPorts.
❯ nmap -p- --open -sS --min-rate 1000 -vvv -Pn -n 10.129.236.59 -oG allPorts
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-17 19:17 CET
Initiating SYN Stealth Scan at 19:17
Scanning 10.129.236.59 [65535 ports]
Discovered open port 135/tcp on 10.129.236.59
Discovered open port 80/tcp on 10.129.236.59
Discovered open port 445/tcp on 10.129.236.59
Discovered open port 139/tcp on 10.129.236.59
Discovered open port 53/tcp on 10.129.236.59
Discovered open port 22/tcp on 10.129.236.59
Discovered open port 56095/tcp on 10.129.236.59
Discovered open port 464/tcp on 10.129.236.59
SYN Stealth Scan Timing: About 23.04% done; ETC: 19:19 (0:01:44 remaining)
Discovered open port 49670/tcp on 10.129.236.59
SYN Stealth Scan Timing: About 47.64% done; ETC: 19:19 (0:01:07 remaining)
Discovered open port 3269/tcp on 10.129.236.59
Discovered open port 54878/tcp on 10.129.236.59
Discovered open port 9389/tcp on 10.129.236.59
Discovered open port 88/tcp on 10.129.236.59
Discovered open port 49667/tcp on 10.129.236.59
Discovered open port 54866/tcp on 10.129.236.59
Discovered open port 5985/tcp on 10.129.236.59
Discovered open port 389/tcp on 10.129.236.59
Discovered open port 636/tcp on 10.129.236.59
Discovered open port 3268/tcp on 10.129.236.59
Discovered open port 593/tcp on 10.129.236.59
Discovered open port 49664/tcp on 10.129.236.59
Completed SYN Stealth Scan at 19:19, 116.07s elapsed (65535 total ports)
Nmap scan report for 10.129.236.59
Host is up, received user-set (0.076s latency).
Scanned at 2025-03-17 19:17:40 CET for 116s
Not shown: 65514 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 127
53/tcp open domain syn-ack ttl 127
80/tcp open http syn-ack ttl 127
88/tcp open kerberos-sec syn-ack ttl 127
135/tcp open msrpc syn-ack ttl 127
139/tcp open netbios-ssn syn-ack ttl 127
389/tcp open ldap syn-ack ttl 127
445/tcp open microsoft-ds syn-ack ttl 127
464/tcp open kpasswd5 syn-ack ttl 127
593/tcp open http-rpc-epmap syn-ack ttl 127
636/tcp open ldapssl syn-ack ttl 127
3268/tcp open globalcatLDAP syn-ack ttl 127
3269/tcp open globalcatLDAPssl syn-ack ttl 127
5985/tcp open wsman syn-ack ttl 127
9389/tcp open adws syn-ack ttl 127
49664/tcp open unknown syn-ack ttl 127
49667/tcp open unknown syn-ack ttl 127
49670/tcp open unknown syn-ack ttl 127
54866/tcp open unknown syn-ack ttl 127
54878/tcp open unknown syn-ack ttl 127
56095/tcp open unknown syn-ack ttl 127
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 116.18 seconds
Raw packets sent: 131129 (5.770MB) | Rcvd: 156 (9.064KB)
If you need a hint or want to discuss anything related to the box, feel free to reach out to me on Discord.
⚠️ This box is still active on HackTheBox. Once retired, this article will be published for public access as per .
