search

sitemapEscapeTwo

AD box on HTB.

┌──(kali㉿kali)-[~/…/CTF/Machines/HackTheBox/EscapeTwo]                                                                                                                     
└─$ sudo nmap -sCV -p- --min-rate 4000 -oA nmap/services -vv 10.129.148.204
Starting Nmap 7.95 ( https://nmap.org ) at 2025-09-17 17:20 +03
Nmap scan report for 10.129.148.204                                                                                                                                         
Host is up, received echo-reply ttl 127 (0.14s latency).                                                                                                                    
Scanned at 2025-09-17 16:58:26 +03 for 304s                                                                                                                                 
Not shown: 65509 filtered tcp ports (no-response)                                     
PORT      STATE SERVICE       REASON          VERSION                                                                                                                       
53/tcp    open  domain        syn-ack ttl 127 Simple DNS Plus                         
88/tcp    open  kerberos-sec  syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2025-09-17 13:59:09Z)                                                                
135/tcp   open  msrpc         syn-ack ttl 127 Microsoft Windows RPC                                                                                                         
139/tcp   open  netbios-ssn   syn-ack ttl 127 Microsoft Windows netbios-ssn                                                                                                 
389/tcp   open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)                                 
|_ssl-date: 2025-09-17T14:02:19+00:00; -2s from scanner time.                         
| ssl-cert: Subject:                                                                                                                                                        
| Subject Alternative Name: DNS:DC01.sequel.htb, DNS:sequel.htb, DNS:SEQUEL           
| Issuer: commonName=sequel-DC01-CA/domainComponent=sequel                                                                                                                  
| Public Key type: rsa                                                                
| Public Key bits: 2048                                                               
| Signature Algorithm: sha256WithRSAEncryption                                                                                                                              
| Not valid before: 2025-06-26T11:46:45                                               
| Not valid after:  2124-06-08T17:00:40                                                                                                                                     
| MD5:   b55a:a63f:50ba:ed44:f865:820a:5b8e:f493                                      
| SHA-1: a87b:9555:5164:74d3:f73f:bded:72e7:baab:db76:c12a                                                                                                                  
| -----BEGIN CERTIFICATE-----                                                                                                                                               
| MIIF6TCCBNGgAwIBAgITVAAAAAVjf8S2XKAtZAAAAAAABTANBgkqhkiG9w0BAQsF
<snipped>
|_-----END CERTIFICATE-----
445/tcp   open  microsoft-ds? syn-ack ttl 127
464/tcp   open  kpasswd5?     syn-ack ttl 127
593/tcp   open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
636/tcp   open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2025-09-17T14:02:08+00:00; -8s from scanner time.
| ssl-cert: Subject: 
| Subject Alternative Name: DNS:DC01.sequel.htb, DNS:sequel.htb, DNS:SEQUEL
| Issuer: commonName=sequel-DC01-CA/domainComponent=sequel
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2025-06-26T11:46:45
| Not valid after:  2124-06-08T17:00:40
| MD5:   b55a:a63f:50ba:ed44:f865:820a:5b8e:f493
| SHA-1: a87b:9555:5164:74d3:f73f:bded:72e7:baab:db76:c12a
| -----BEGIN CERTIFICATE-----
| MIIF6TCCBNGgAwIBAgITVAAAAAVjf8S2XKAtZAAAAAAABTANBgkqhkiG9w0BAQsF
<snipped>
|_-----END CERTIFICATE-----
1433/tcp  open  ms-sql-s      syn-ack ttl 127 Microsoft SQL Server 2019 15.00.2000.00; RTM
| ms-sql-info: 
|   10.129.148.204:1433: 
|     Version: 
|       name: Microsoft SQL Server 2019 RTM 
|       number: 15.00.2000.00
|       Product: Microsoft SQL Server 2019
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433
| ms-sql-ntlm-info: 
|   10.129.148.204:1433: 
|     Target_Name: SEQUEL
|     NetBIOS_Domain_Name: SEQUEL
|     NetBIOS_Computer_Name: DC01
|     DNS_Domain_Name: sequel.htb
|     DNS_Computer_Name: DC01.sequel.htb
|     DNS_Tree_Name: sequel.htb
|_    Product_Version: 10.0.17763
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Issuer: commonName=SSL_Self_Signed_Fallback
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2025-09-17T13:41:41
| Not valid after:  2055-09-17T13:41:41
| MD5:   6531:d86b:a6ee:d467:2cc3:f2ef:3827:2b2a
| SHA-1: fc90:60ee:e67a:b699:573d:6d55:fe33:ef11:40b8:2efe
| -----BEGIN CERTIFICATE-----
| MIIDADCCAeigAwIBAgIQM4hsTX3ToK9PBR9PG+qujzANBgkqhkiG9w0BAQsFADA7
<snipped>
|_-----END CERTIFICATE-----
3268/tcp  open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2025-09-17T14:02:08+00:00; -3s from scanner time.
| ssl-cert: Subject: 
| Subject Alternative Name: DNS:DC01.sequel.htb, DNS:sequel.htb, DNS:SEQUEL
| Issuer: commonName=sequel-DC01-CA/domainComponent=sequel
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2025-06-26T11:46:45
| Not valid after:  2124-06-08T17:00:40
| MD5:   b55a:a63f:50ba:ed44:f865:820a:5b8e:f493
| SHA-1: a87b:9555:5164:74d3:f73f:bded:72e7:baab:db76:c12a
| -----BEGIN CERTIFICATE-----
| MIIF6TCCBNGgAwIBAgITVAAAAAVjf8S2XKAtZAAAAAAABTANBgkqhkiG9w0BAQsF
|_-----END CERTIFICATE-----
3269/tcp  open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
|_ssl-date: 2025-09-17T14:01:09+00:00; -56s from scanner time.
| ssl-cert: Subject: 
| Subject Alternative Name: DNS:DC01.sequel.htb, DNS:sequel.htb, DNS:SEQUEL
| Issuer: commonName=sequel-DC01-CA/domainComponent=sequel
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2025-06-26T11:46:45
| Not valid after:  2124-06-08T17:00:40
| MD5:   b55a:a63f:50ba:ed44:f865:820a:5b8e:f493
| SHA-1: a87b:9555:5164:74d3:f73f:bded:72e7:baab:db76:c12a
| -----BEGIN CERTIFICATE-----
| MIIF6TCCBNGgAwIBAgITVAAAAAVjf8S2XKAtZAAAAAAABTANBgkqhkiG9w0BAQsF
|_-----END CERTIFICATE-----
5985/tcp  open  http          syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0 
9389/tcp  open  mc-nmf        syn-ack ttl 127 .NET Message Framing
47001/tcp open  http          syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0 
|_http-title: Not Found
49664/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49665/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49666/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49668/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49686/tcp open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
49688/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49693/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49702/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49721/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49731/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
63859/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows
PreviousCertifiedNextTheFrizz

Last updated