Yet Another Wiki

User Tools

Site Tools

Trace:
htb-machines-querier

This is an old revision of the document!

HTB ~~ Machines ~~ Querier

Retour

Querier - Windows - 10.10.10.125

Ports ouverts : 

nmap -sV -p- 10.10.10.125

Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-04 06:01 UTC
Strange read error from 10.10.10.125 (71 - 'Protocol error')
Nmap scan report for ip-10-10-10-125.us-east-2.compute.internal (10.10.10.125)
Host is up (0.13s latency).
Not shown: 65075 closed ports, 445 filtered ports
PORT      STATE SERVICE       VERSION
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
1433/tcp  open  ms-sql-s      Microsoft SQL Server vNext tech preview 14.00.1000
5985/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
47001/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
49664/tcp open  msrpc         Microsoft Windows RPC
49665/tcp open  msrpc         Microsoft Windows RPC
49666/tcp open  msrpc         Microsoft Windows RPC
49667/tcp open  msrpc         Microsoft Windows RPC
49668/tcp open  msrpc         Microsoft Windows RPC
49669/tcp open  msrpc         Microsoft Windows RPC
49670/tcp open  msrpc         Microsoft Windows RPC
49671/tcp open  msrpc         Microsoft Windows RPC
53537/tcp open  tcpwrapped
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36410.39 seconds

1433/tcp open ms-sql-s Microsoft SQL Server vNext tech preview 14.00.1000 indique un MS SQL Server, version 2017 si on se réfère à ce lien.

Tentative bruteforce compte sa n'aboutit pas mais la VM a peut-être été reset entre deux : 

[-] 10.10.10.125:1433     - 10.10.10.125:1433 - LOGIN FAILED: WORKSTATION\sa:lagorda (Incorrect: )
[-] 10.10.10.125:1433     - 10.10.10.125:1433 - LOGIN FAILED: WORKSTATION\sa:lafayette (Unable to Connect: )
[-] 10.10.10.125:1433     - 10.10.10.125:1433 - LOGIN FAILED: WORKSTATION\sa:lacrosse1 (Unable to Connect: )
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/mssql/mssql_login) >

CVE

https://www.cvedetails.com/cve/CVE-2018-8273/

Je n'ai pas trouvé d'exploit pour cette CVE.

htb-machines-querier.1555078323.txt.gz · Last modified: 2019/04/12 16:12 by didzkovitchz