HomePentest NotesHTB Profile

TheFrizz

Reconnaissance

Realizaremos un reconocimiento con nmap para ver los puertos que están expuestos en la máquina TheFrizz. Este resultado lo almacenaremos en un archivo llamado allPorts.

❯ nmap -p- --open -sS --min-rate 1000 -vvv -Pn -n 10.129.236.59 -oG allPorts
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-17 19:17 CET
Initiating SYN Stealth Scan at 19:17
Scanning 10.129.236.59 [65535 ports]
Discovered open port 135/tcp on 10.129.236.59
Discovered open port 80/tcp on 10.129.236.59
Discovered open port 445/tcp on 10.129.236.59
Discovered open port 139/tcp on 10.129.236.59
Discovered open port 53/tcp on 10.129.236.59
Discovered open port 22/tcp on 10.129.236.59
Discovered open port 56095/tcp on 10.129.236.59
Discovered open port 464/tcp on 10.129.236.59
SYN Stealth Scan Timing: About 23.04% done; ETC: 19:19 (0:01:44 remaining)
Discovered open port 49670/tcp on 10.129.236.59
SYN Stealth Scan Timing: About 47.64% done; ETC: 19:19 (0:01:07 remaining)
Discovered open port 3269/tcp on 10.129.236.59
Discovered open port 54878/tcp on 10.129.236.59
Discovered open port 9389/tcp on 10.129.236.59
Discovered open port 88/tcp on 10.129.236.59
Discovered open port 49667/tcp on 10.129.236.59
Discovered open port 54866/tcp on 10.129.236.59
Discovered open port 5985/tcp on 10.129.236.59
Discovered open port 389/tcp on 10.129.236.59
Discovered open port 636/tcp on 10.129.236.59
Discovered open port 3268/tcp on 10.129.236.59
Discovered open port 593/tcp on 10.129.236.59
Discovered open port 49664/tcp on 10.129.236.59
Completed SYN Stealth Scan at 19:19, 116.07s elapsed (65535 total ports)
Nmap scan report for 10.129.236.59
Host is up, received user-set (0.076s latency).
Scanned at 2025-03-17 19:17:40 CET for 116s
Not shown: 65514 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT      STATE SERVICE          REASON
22/tcp    open  ssh              syn-ack ttl 127
53/tcp    open  domain           syn-ack ttl 127
80/tcp    open  http             syn-ack ttl 127
88/tcp    open  kerberos-sec     syn-ack ttl 127
135/tcp   open  msrpc            syn-ack ttl 127
139/tcp   open  netbios-ssn      syn-ack ttl 127
389/tcp   open  ldap             syn-ack ttl 127
445/tcp   open  microsoft-ds     syn-ack ttl 127
464/tcp   open  kpasswd5         syn-ack ttl 127
593/tcp   open  http-rpc-epmap   syn-ack ttl 127
636/tcp   open  ldapssl          syn-ack ttl 127
3268/tcp  open  globalcatLDAP    syn-ack ttl 127
3269/tcp  open  globalcatLDAPssl syn-ack ttl 127
5985/tcp  open  wsman            syn-ack ttl 127
9389/tcp  open  adws             syn-ack ttl 127
49664/tcp open  unknown          syn-ack ttl 127
49667/tcp open  unknown          syn-ack ttl 127
49670/tcp open  unknown          syn-ack ttl 127
54866/tcp open  unknown          syn-ack ttl 127
54878/tcp open  unknown          syn-ack ttl 127
56095/tcp open  unknown          syn-ack ttl 127

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 116.18 seconds
           Raw packets sent: 131129 (5.770MB) | Rcvd: 156 (9.064KB)

⚠️ This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox’s policy on publishing content from their platform.

If you need a hint or want to discuss anything related to the box, feel free to reach out to me on Discord.

AnteriorTombWatcherSiguienteVoleur

Ăšltima actualizaciĂłn

ÂżTe fue Ăştil?