PORT STATE SERVICE 53/tcp open domain 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3269/tcp open globalcatLDAPssl 3389/tcp open ms-wbt-server 9389/tcp open adws 49666/tcp open unknown 49669/tcp open unknown 49671/tcp open unknown 49672/tcp open unknown 49709/tcp open unknown 49884/tcp open unknown
PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 |_http-server-header: Microsoft-IIS/10.0 | http-methods: |_ Potentially risky methods: TRACE 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open tcpwrapped 3269/tcp open tcpwrapped 3389/tcp open ms-wbt-server Microsoft Terminal Services | ssl-cert:Subject: commonName=DC.COOCTUS.CORP | Not valid before:2026-02-18T10:03:12 |_Not valid after:2026-08-20T10:03:12 | rdp-ntlm-info: | Target_Name: COOCTUS | NetBIOS_Domain_Name: COOCTUS | NetBIOS_Computer_Name: DC | DNS_Domain_Name: COOCTUS.CORP | DNS_Computer_Name: DC.COOCTUS.CORP | Product_Version:10.0.17763 |_ System_Time:2026-02-19T10:13:58+00:00 |_ssl-date:2026-02-19T10:14:37+00:00; 0s from scanner time. 9389/tcp open mc-nmf .NET Message Framing Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2019 (97%) OS CPE: cpe:/o:microsoft:windows_server_2019 Aggressive OS guesses: Windows Server 2019 (97%) No exact OS matches for host (test conditions non-ideal). Service Info:OS: Windows; CPE: cpe:/o:microsoft:windows
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done:1 IP address (1 host up) scanned in71.11 seconds
password-reset David Ben evan Varg jon kevin pars yumeko cryillic karen Fawaz admCroccCrew Howard Steve Spooks Jeff mark Visitor krbtgt Guest Administrator
SMB10.48.160.160445 DC Share Permissions Remark SMB10.48.160.160445 DC ----- ----------- ------ SMB10.48.160.160445 DC ADMIN$ Remote Admin SMB10.48.160.160445 DC C$ Default share SMB10.48.160.160445 DC Home READ SMB10.48.160.160445 DC IPC$ READ Remote IPC SMB10.48.160.160445 DC NETLOGON READ Logon server share SMB10.48.160.160445 DC SYSVOL READ Logon server share
查看共享
1 2 3 4 5 6 7 8
# 连接 Home 共享 smbclient //10.48.160.160/Home -U 'COOCTUS.CORP/Visitor%GuestLogin!'