┌──(root💀kali)-[~/htb/driver] └─# nmap -sC -sV -sT -A 10.10.11.106 1 ⨯ Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-09 23:50 EST Nmap scan report for driver.htb (10.10.11.106) Host is up (0.63s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 | http-auth: | HTTP/1.1 401 Unauthorized\x0D |_ Basic realm=MFP Firmware Update Center. Please enter password for admin | http-methods: |_ Potentially risky methods: TRACE |_http-server-header: Microsoft-IIS/10.0 |_http-title: Site doesn't have a title (text/html; charset=UTF-8). 135/tcp open msrpc Microsoft Windows RPC 445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2008|Vista|7|10 (88%) OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_10 Aggressive OS guesses: Microsoft Windows Server 2008 R2 (88%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (85%), Microsoft Windows 10 1511 - 1607 (85%) No exact OS matches for host (test conditions non-ideal). Network Distance: 2 hops Service Info: Host: DRIVER; OS: Windows; CPE: cpe:/o:microsoft:windows
TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 711.49 ms 10.10.16.1 2 711.54 ms driver.htb (10.10.11.106)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 90.21 seconds
[+] Servers: HTTP server [ON] HTTPS server [ON] WPAD proxy [ON] SMB server [ON] Kerberos server [ON] SQL server [ON] FTP server [ON] IMAP server [ON] POP3 server [ON] SMTP server [ON] DNS server [ON] LDAP server [ON]
[global] client min protocol = CORE client max protocol = SMB3 map to guest = Bad User server role = standalone server usershare allow guests = yes idmap config * : backend = tdb smb ports = 445
[smb] comment = Samba path = /tmp guest ok = yes read only = no browsable = yes force user = smbuser