Lock

#easy #windows

https://app.hackthebox.com/machines/Lock

Enumeración

sudo nmap -p- -sS --min-rate 5000 -Pn -n -vv 10.129.234.64 -oA allPorts

PORT     STATE SERVICE       REASON
80/tcp   open  http          syn-ack ttl 127
445/tcp  open  microsoft-ds  syn-ack ttl 127
3000/tcp open  ppp           syn-ack ttl 127
3389/tcp open  ms-wbt-server syn-ack ttl 127

nmap -p 80,445,3000,3389 -sCV -Pn -n -vv 10.129.234.64 -oA openPortsServicesVersion

PORT     STATE SERVICE       REASON          VERSION
80/tcp   open  http          syn-ack ttl 127 Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
| http-methods: 
|   Supported Methods: OPTIONS TRACE GET HEAD POST
|_  Potentially risky methods: TRACE
|_http-favicon: Unknown favicon MD5: FED84E16B6CCFE88EE7FFAAE5DFEFD34
|_http-title: Lock - Index
445/tcp  open  microsoft-ds? syn-ack ttl 127
3000/tcp open  http          syn-ack ttl 127 Golang net/http server
| http-methods: 
|_  Supported Methods: HEAD GET
|_http-favicon: Unknown favicon MD5: F6E1A9128148EEAD9EFF823C540EF471
|_http-title: Gitea: Git with a cup of tea
| fingerprint-strings: 
|   GenericLines, Help, RTSPRequest: 
|     HTTP/1.1 400 Bad Request
|     Content-Type: text/plain; charset=utf-8
|     Connection: close
|     Request
|   GetRequest: 
|     HTTP/1.0 200 OK
|     Cache-Control: max-age=0, private, must-revalidate, no-transform
|     Content-Type: text/html; charset=utf-8
|     Set-Cookie: i_like_gitea=3ab6c633bf833cd5; Path=/; HttpOnly; SameSite=Lax
|     Set-Cookie: _csrf=zT16U1e8Yr8MZuDfMJX0rsy9xTc6MTc1ODU1MTcyNTc3NzE3NDMwMA; Path=/; Max-Age=86400; HttpOnly; SameSite=Lax
|     X-Frame-Options: SAMEORIGIN
|     Date: Mon, 22 Sep 2025 14:35:26 GMT
|     <!DOCTYPE html>
|     <html lang="en-US" class="theme-auto">
|     <head>
|     <meta name="viewport" content="width=device-width, initial-scale=1">
|     <title>Gitea: Git with a cup of tea</title>
|     <link rel="manifest" href="data:application/json;base64,eyJuYW1lIjoiR2l0ZWE6IEdpdCB3aXRoIGEgY3VwIG9mIHRlYSIsInNob3J0X25hbWUiOiJHaXRlYTogR2l0IHdpdGggYSBjdXAgb2YgdGVhIiwic3RhcnRfdXJsIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwLyIsImljb25zIjpbeyJzcmMiOiJodHRwOi8vbG9jYWxob3N0OjMwMDAvYXNzZXRzL2ltZy9sb2dvLnBuZyIsInR5cGUiOiJpbWFnZS9wbmciLCJzaXplcyI6IjU
|   HTTPOptions: 
|     HTTP/1.0 405 Method Not Allowed
|     Allow: HEAD
|     Allow: HEAD
|     Allow: GET
|     Cache-Control: max-age=0, private, must-revalidate, no-transform
|     Set-Cookie: i_like_gitea=85f985d66a30b9ae; Path=/; HttpOnly; SameSite=Lax
|     Set-Cookie: _csrf=eF5d0w4OTSgzz0HqNKjJt8f26C46MTc1ODU1MTcyNzQ5MTkyNzEwMA; Path=/; Max-Age=86400; HttpOnly; SameSite=Lax
|     X-Frame-Options: SAMEORIGIN
|     Date: Mon, 22 Sep 2025 14:35:27 GMT
|_    Content-Length: 0
3389/tcp open  ms-wbt-server syn-ack ttl 127 Microsoft Terminal Services
|_ssl-date: 2025-09-22T14:36:36+00:00; +3s from scanner time.
| rdp-ntlm-info: 
|   Target_Name: LOCK
|   NetBIOS_Domain_Name: LOCK
|   NetBIOS_Computer_Name: LOCK
|   DNS_Domain_Name: Lock
|   DNS_Computer_Name: Lock
|   Product_Version: 10.0.20348
|_  System_Time: 2025-09-22T14:35:56+00:00
| ssl-cert: Subject: commonName=Lock
| Issuer: commonName=Lock
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2025-09-21T12:55:43
| Not valid after:  2026-03-23T12:55:43
| MD5:   98dd:6b3d:5250:224c:8d7a:89b5:4a2c:3f1d
| SHA-1: 884f:642d:215d:7868:0f1c:3864:35c2:ed7c:636c:f3d0
| -----BEGIN CERTIFICATE-----
| MIICzDCCAbSgAwIBAgIQRjfjKwe87YlBFCPRBa598TANBgkqhkiG9w0BAQsFADAP
| MQ0wCwYDVQQDEwRMb2NrMB4XDTI1MDkyMTEyNTU0M1oXDTI2MDMyMzEyNTU0M1ow
| DzENMAsGA1UEAxMETG9jazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
| AKEneqPn+GcJJO3nN5gUy3IfgemuvHMxq74npj1gPNToJ646EOGLHPUih1Ff6vGD
| uJTpXJEvshDl0NX5qztoo3eYGer0XWbfwU+e119lGDO44lPfwptW2ZAmytQZUzpw
| 4hLMexPmfxvWMyxaSdoV7gEFO3Q9a2GOamkR3zkZFTtUMXiRotPVU2/VolRF6yw1
| NC3nrwtVR2PmJC6uWWpx+ME8bAEN2qGcooQF8OkLxwujCmAoTslIIsIDuZltpM8y
| Y+utUp6ZZAh3u/dNc63ek1zojx0gn3kpm/PiaZ1+rq0SjlsN+3BrNHHppzTMMnfx
| 9qAJM81XMQwaRal0h+LW69kCAwEAAaMkMCIwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
| CwYDVR0PBAQDAgQwMA0GCSqGSIb3DQEBCwUAA4IBAQBRh8zezlT7XQnvYViGdHZY
| neakJgNWQ/u/ndFoDQ3OYJh/91Z+/GZNNQFTv+YvVQ4Defp8EY/uuSyRQf6/JMYA
| lpOZ6HBBazTF6SeNhUj/oUyU47HwwWPRtnHFs5TssIe/GWGYjWBYAW21OSWX6pYi
| 47xMrIQE7TdXQ6ZmNF/GBh+S9C1OoXduxkCYbBi6QVOvPoSSu7Fdqdlk7ZhYT6uP
| u0X6DCrIF3E1OIFvqom6sLNA+xxbvRvTtioOu/0GqnbO/hzJhj7rTMJHdRZ3XGH2
| smgwumfsi23DtDA/+DsE7r9U6hFjqXJ9Khjf1dJrECHcYnMhUlk4x6paFdUu+SyO
|_-----END CERTIFICATE-----
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3000-TCP:V=7.95%I=7%D=9/22%Time=68D15EA9%P=x86_64-pc-linux-gnu%r(Ge
SF:nericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
SF:ext/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x
SF:20Request")%r(GetRequest,1546,"HTTP/1\.0\x20200\x20OK\r\nCache-Control:
SF:\x20max-age=0,\x20private,\x20must-revalidate,\x20no-transform\r\nConte
SF:nt-Type:\x20text/html;\x20charset=utf-8\r\nSet-Cookie:\x20i_like_gitea=
SF:3ab6c633bf833cd5;\x20Path=/;\x20HttpOnly;\x20SameSite=Lax\r\nSet-Cookie
SF::\x20_csrf=zT16U1e8Yr8MZuDfMJX0rsy9xTc6MTc1ODU1MTcyNTc3NzE3NDMwMA;\x20P
SF:ath=/;\x20Max-Age=86400;\x20HttpOnly;\x20SameSite=Lax\r\nX-Frame-Option
SF:s:\x20SAMEORIGIN\r\nDate:\x20Mon,\x2022\x20Sep\x202025\x2014:35:26\x20G
SF:MT\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en-US\"\x20class=\"theme-
SF:auto\">\n<head>\n\t<meta\x20name=\"viewport\"\x20content=\"width=device
SF:-width,\x20initial-scale=1\">\n\t<title>Gitea:\x20Git\x20with\x20a\x20c
SF:up\x20of\x20tea</title>\n\t<link\x20rel=\"manifest\"\x20href=\"data:app
SF:lication/json;base64,eyJuYW1lIjoiR2l0ZWE6IEdpdCB3aXRoIGEgY3VwIG9mIHRlYS
SF:IsInNob3J0X25hbWUiOiJHaXRlYTogR2l0IHdpdGggYSBjdXAgb2YgdGVhIiwic3RhcnRfd
SF:XJsIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwLyIsImljb25zIjpbeyJzcmMiOiJodHRwOi8v
SF:bG9jYWxob3N0OjMwMDAvYXNzZXRzL2ltZy9sb2dvLnBuZyIsInR5cGUiOiJpbWFnZS9wbmc
SF:iLCJzaXplcyI6IjU")%r(Help,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nCon
SF:tent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\
SF:r\n400\x20Bad\x20Request")%r(HTTPOptions,1A4,"HTTP/1\.0\x20405\x20Metho
SF:d\x20Not\x20Allowed\r\nAllow:\x20HEAD\r\nAllow:\x20HEAD\r\nAllow:\x20GE
SF:T\r\nCache-Control:\x20max-age=0,\x20private,\x20must-revalidate,\x20no
SF:-transform\r\nSet-Cookie:\x20i_like_gitea=85f985d66a30b9ae;\x20Path=/;\
SF:x20HttpOnly;\x20SameSite=Lax\r\nSet-Cookie:\x20_csrf=eF5d0w4OTSgzz0HqNK
SF:jJt8f26C46MTc1ODU1MTcyNzQ5MTkyNzEwMA;\x20Path=/;\x20Max-Age=86400;\x20H
SF:ttpOnly;\x20SameSite=Lax\r\nX-Frame-Options:\x20SAMEORIGIN\r\nDate:\x20
SF:Mon,\x2022\x20Sep\x202025\x2014:35:27\x20GMT\r\nContent-Length:\x200\r\
SF:n\r\n")%r(RTSPRequest,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent
SF:-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n4
SF:00\x20Bad\x20Request");
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| p2p-conficker: 
|   Checking for Conficker.C or higher...
|   Check 1 (port 46369/tcp): CLEAN (Timeout)
|   Check 2 (port 49047/tcp): CLEAN (Timeout)
|   Check 3 (port 7147/udp): CLEAN (Timeout)
|   Check 4 (port 64056/udp): CLEAN (Timeout)
|_  0/4 checks are positive: Host is CLEAN or ports are blocked
|_clock-skew: mean: 2s, deviation: 0s, median: 2s
| smb2-time: 
|   date: 2025-09-22T14:35:57
|_  start_date: N/A

Token: 43ce39bb0bd6bc489284f2905f033ca467a6362f

PreviousLame NextManage

Last updated 4 months ago

hashtagEnumeración

Enumeración