Scribd
Upload
53 views1 page

Notes Privesc 10.10.10.15

The document discusses external pentesting and uploading nmap binaries, and lists open ports found on a network scan including 135, 139, 445, and vulnerabilities such as smbghost.

Uploaded by

wajatip139
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
53 views1 page

Notes Privesc 10.10.10.15

The document discusses external pentesting and uploading nmap binaries, and lists open ports found on a network scan including 135, 139, 445, and vulnerabilities such as smbghost.

Uploaded by

wajatip139
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Beware of the fact that you're required to do external pentesting, see the PoC

picture
----------------------------------------------------------------------------

Upload a static binary of nmap on adminuser/dnsrecon.py; Nmap is very slow with


proxychain
use bloodhound

############################################################# NMAP SCAN


#############################

PORT STATE SERVICE


53/tcp open domain
88/tcp open kerberos
135/tcp open loc-srv
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd
593/tcp open unknown
636/tcp open ldaps
this is .225
and the other 3
PORT STATE SERVICE
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds

################################################ VULNS
###########################################

smb version is 3.1.1


its vulnerable to smbghost => https://github.com/chompie1337/SMBGhost_RCE_PoC

You might also like