Command used:
sudo nmap -sS -sCV -Pn -p- -vv -oN Nmap/Initial-Heist heist
Output
# Nmap 7.94SVN scan initiated Fri Jun 14 22:22:30 2024 as: nmap -sS -sCV -Pn -p- -vv -oN Nmap/Initial-Heist heist
Nmap scan report for heist (192.168.227.165)
Host is up, received user-set (0.094s latency).
Scanned at 2024-06-14 22:22:30 +04 for 212s
Not shown: 65513 filtered tcp ports (no-response)
PORT STATE SERVICE REASON VERSION
53/tcp open domain syn-ack ttl 125 Simple DNS Plus
88/tcp open kerberos-sec syn-ack ttl 125 Microsoft Windows Kerberos (server time: 2024-06-14 18:24:27Z)
135/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPC
139/tcp open netbios-ssn syn-ack ttl 125 Microsoft Windows netbios-ssn
389/tcp open ldap syn-ack ttl 125 Microsoft Windows Active Directory LDAP (Domain: heist.offsec0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds? syn-ack ttl 125
464/tcp open kpasswd5? syn-ack ttl 125
593/tcp open ncacn_http syn-ack ttl 125 Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped syn-ack ttl 125
3268/tcp open ldap syn-ack ttl 125 Microsoft Windows Active Directory LDAP (Domain: heist.offsec0., Site: Default-First-Site-Name)
3269/tcp open tcpwrapped syn-ack ttl 125
3389/tcp open ms-wbt-server syn-ack ttl 125 Microsoft Terminal Services
| ssl-cert: Subject: commonName=DC01.heist.offsec
| Issuer: commonName=DC01.heist.offsec
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2024-03-22T06:03:39
| Not valid after: 2024-09-21T06:03:39
| MD5: 7102:ce1d:1524:300f:d350:8e3d:ec8a:4108
| SHA-1: 1f39:8bc4:d116:59fa:50c3:e2ec:f0d2:1f20:0a54:4575
| -----BEGIN CERTIFICATE-----
| MIIC5jCCAc6gAwIBAgIQIL4xOi+AQIBNnAB2Uaa0ajANBgkqhkiG9w0BAQsFADAc
| MRowGAYDVQQDExFEQzAxLmhlaXN0Lm9mZnNlYzAeFw0yNDAzMjIwNjAzMzlaFw0y
| NDA5MjEwNjAzMzlaMBwxGjAYBgNVBAMTEURDMDEuaGVpc3Qub2Zmc2VjMIIBIjAN
| BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7JP1k9j0vyXKMJUd+8zHq6h1ZojH
| zei73ZTZN53nwNSwi6HrfJl1C1+wrV/ggJqSn4+1pJa8p3UWlbrpJa7qlJ2YU7hb
| MfMXZgcs1XBxvjCuTr6eEh4Pbg6IRXCjtx3dN1Mhsetb2gSrdkTId8HpFIQtrcsR
| 5JrbR2gy/SHmG9uJ7cpxbZj6oJ0Wl2rXxxqhQ1wNWsQkPIZFOBW/uGVryLO6JUl9
| 9zlKoWfQgMmEp8tt728vpia/WPt01a5yLcOgSUmW8TOTO6Q2WiiVSSK21iEKdiZi
| Nx2Gt69ZWsGxNG+dtga9p/kxMXGpQuQjzHHrYfzcsY8j8p8Nr/j4KwJPVQIDAQAB
| oyQwIjATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBDAwDQYJKoZIhvcN
| AQELBQADggEBAJl7FjnLpRiZu8dBafbC/NyHzWVCs1lx3sT1f5+KYPJSy99kYHMu
| oVR/JT0AeROSHlKI2AvvOk00R5fkD65ZdwpSR1jjDSZ81w0rgvJMyRY8wiztJ2nV
| Cpc5E1d2HbW/vfME3npWA7Jk7MgwMxYmyALz7QN04MyqV7zqkr1r7si0ua/WQxf6
| amZk51Z1mAy7kwcZUndkQmvx/HOHm1G4y+OfK1lAO7RBmDE90J7dojnB8s/nE/LL
| cBs4VecSjy/R491wB/v9dHEhrxwBBHxjZ1rcCi1oprD3GdVLk5+SCSpSGvaB6Jp6
| 1BseuTDFKjVfkV3T569S1pLDmY5MiUjsoOA=
|_-----END CERTIFICATE-----
| rdp-ntlm-info:
| Target_Name: HEIST
| NetBIOS_Domain_Name: HEIST
| NetBIOS_Computer_Name: DC01
| DNS_Domain_Name: heist.offsec
| DNS_Computer_Name: DC01.heist.offsec
| DNS_Tree_Name: heist.offsec
| Product_Version: 10.0.17763
|_ System_Time: 2024-06-14T18:25:16+00:00
|_ssl-date: 2024-06-14T18:25:56+00:00; 0s from scanner time.
5985/tcp open http syn-ack ttl 125 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
8080/tcp open http syn-ack ttl 125 Werkzeug httpd 2.0.1 (Python 3.9.0)
|_http-title: Super Secure Web Browser
| http-methods:
|_ Supported Methods: GET HEAD OPTIONS
9389/tcp open mc-nmf syn-ack ttl 125 .NET Message Framing
49666/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPC
49669/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPC
49673/tcp open ncacn_http syn-ack ttl 125 Microsoft Windows RPC over HTTP 1.0
49674/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPC
49677/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPC
49705/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPC
49760/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPC
Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| smb2-time:
| date: 2024-06-14T18:25:19
|_ start_date: N/A
|_clock-skew: mean: 0s, deviation: 0s, median: -1s
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 46818/tcp): CLEAN (Timeout)
| Check 2 (port 7526/tcp): CLEAN (Timeout)
| Check 3 (port 61624/udp): CLEAN (Timeout)
| Check 4 (port 47186/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> .
# Nmap done at Fri Jun 14 22:26:02 2024 -- 1 IP address (1 host up) scanned in 211.56 seconds