PORT     STATE SERVICE           REASON          VERSION                                                                                            
53/tcp open domain? syn-ack ttl 127
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
88/tcp open spark syn-ack ttl 127 Apache Spark
135/tcp open msrpc? syn-ack ttl 127
139/tcp open netbios-ssn? syn-ack ttl 127
464/tcp open kpasswd5? syn-ack ttl 127
593/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
636/tcp open ldapssl? syn-ack ttl 127
3268/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: htb.local, Site: Default-First-Site-Name)
3269/tcp open globalcatLDAPssl? syn-ack ttl 127\
5985/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
| http-methods:
|_ Supported Methods: HEAD
9389/tcp open adws? syn-ack ttl 127
Host script results:
|_clock-skew: mean: 3h40m48s, deviation: 4h57m02s, median: 10m45s
| smb-os-discovery:
| OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)
| Computer name: FOREST
| NetBIOS computer name: FOREST\x00
| Domain name: htb.local
| Forest name: htb.local
| FQDN: FOREST.htb.local
|_ System time: 2021-05-11T11:43:01-07:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: required
| smb2-security-mode:
| 2.02:
|_ Message signing enabled and required
|_smb2-time: Protocol negotiation failed (SMB2)

PORT 139/445 (SMB)

PORT 3268 (LDAP)

LDAP stands for Lightweight Directory Access Protocol , it is used for querying /locating data about organizations, individuals and other resources such as files and devices in a network so there is a tool for performing searches for users ,groups and etc.

python3 bloodhound.py -d 'htb.local' -u 'svc-alfresco' -p 's3rvice' -gc 'FOREST.htb.local' -c all -ns



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store