OSCP Notes

This is my personal notes to crack OSCP in first attempt.

Enumeration

Nmap

Nmap with -sC flag result

┌──(kali㉿kali)-[~]
└─$ nmap -sC 192.168.247.40                        
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-03 02:44 EST
Nmap scan report for 192.168.247.40
Host is up (0.072s latency).
Not shown: 987 closed tcp ports (conn-refused)
PORT      STATE SERVICE
53/tcp    open  domain
| dns-nsid: 
|_  bind.version: Microsoft DNS 6.0.6001 (17714650)
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-wbt-server
|_ssl-date: 2024-12-03T07:44:50+00:00; +3s from scanner time.
| rdp-ntlm-info: 
|   Target_Name: INTERNAL
|   NetBIOS_Domain_Name: INTERNAL
|   NetBIOS_Computer_Name: INTERNAL
|   DNS_Domain_Name: internal
|   DNS_Computer_Name: internal
|   Product_Version: 6.0.6001
|_  System_Time: 2024-12-03T07:44:50+00:00
| ssl-cert: Subject: commonName=internal
| Not valid before: 2024-08-02T05:18:19
|_Not valid after:  2025-02-01T05:18:19
5357/tcp  open  wsdapi
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown
49157/tcp open  unknown
49158/tcp open  unknown

Host script results:
|_clock-skew: mean: 1h36m02s, deviation: 3h34m39s, median: 2s
| smb2-time: 
|   date: 2024-12-03T07:44:50
|_  start_date: 2024-08-03T05:18:18
|_nbstat: NetBIOS name: INTERNAL, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:ab:e5:fd (VMware)
| smb-security-mode: 
|   account_used: <blank>
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb-os-discovery: 
|   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
|   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
|   Computer name: internal
|   NetBIOS computer name: INTERNAL\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2024-12-02T23:44:50-08:00
| smb2-security-mode: 
|   2:0:2: 
|_    Message signing enabled but not required

Nmap done: 1 IP address (1 host up) scanned in 130.16 seconds

Nmap with -sCV flag result

┌──(kali㉿kali)-[~]
└─$ nmap -sCV 192.168.247.40
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-12-03 02:50 EST
Nmap scan report for 192.168.247.40
Host is up (0.072s latency).
Not shown: 987 closed tcp ports (conn-refused)
PORT      STATE SERVICE            VERSION
53/tcp    open  domain             Microsoft DNS 6.0.6001 (17714650) (Windows Server 2008 SP1)
| dns-nsid: 
|_  bind.version: Microsoft DNS 6.0.6001 (17714650)
135/tcp   open  msrpc              Microsoft Windows RPC
139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds       Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
3389/tcp  open  ssl/ms-wbt-server?
| ssl-cert: Subject: commonName=internal
| Not valid before: 2024-08-02T05:18:19
|_Not valid after:  2025-02-01T05:18:19
|_ssl-date: 2024-12-03T07:51:51+00:00; +2s from scanner time.
| rdp-ntlm-info: 
|   Target_Name: INTERNAL
|   NetBIOS_Domain_Name: INTERNAL
|   NetBIOS_Computer_Name: INTERNAL
|   DNS_Domain_Name: internal
|   DNS_Computer_Name: internal
|   Product_Version: 6.0.6001
|_  System_Time: 2024-12-03T07:51:43+00:00
5357/tcp  open  http               Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Service Unavailable
49152/tcp open  msrpc              Microsoft Windows RPC
49153/tcp open  msrpc              Microsoft Windows RPC
49154/tcp open  msrpc              Microsoft Windows RPC
49155/tcp open  msrpc              Microsoft Windows RPC
49156/tcp open  msrpc              Microsoft Windows RPC
49157/tcp open  msrpc              Microsoft Windows RPC
49158/tcp open  msrpc              Microsoft Windows RPC
Service Info: Host: INTERNAL; OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008::sp1, cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2

Host script results:
|_nbstat: NetBIOS name: INTERNAL, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:ab:e5:fd (VMware)
|_clock-skew: mean: 1h36m02s, deviation: 3h34m39s, median: 2s
| smb-os-discovery: 
|   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
|   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
|   Computer name: internal
|   NetBIOS computer name: INTERNAL\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2024-12-02T23:51:43-08:00
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-security-mode: 
|   2:0:2: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2024-12-03T07:51:43
|_  start_date: 2024-08-03T05:18:18

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 78.85 seconds

TCP Scan

sudo -sS -sC -sV -oA filename.tcp <target IP> -v

UDP Scan

sudo -sU -sS -sC -sV -oA filename.udp <target IP> -v

Reference for Nmap:

Nmap

Categorized in:

Enumeration OSCP

Enumeration

Nmap

Leave a Reply Cancel reply

Other Stories

LLMNR

Prototype Polluiton in NPM packages

RDP MITM Attack

LLMNR

Prototype Polluiton in NPM packages

Press ESC to close

Or check our Popular Categories...

Enumeration

Nmap

Leave a Reply Cancel reply

Related Articles

Other Stories

LLMNR

Prototype Polluiton in NPM packages