Nmapscanreportfor192.168.249.122Hostisup (0.049s latency).Notshown:65514filteredtcpports (no-response)PORTSTATESERVICEVERSION53/tcpopendomainSimpleDNSPlus80/tcpopenhttpMicrosoftIIShttpd10.0|http-methods:|_Potentiallyriskymethods:TRACECOPYPROPFINDDELETEMOVEPROPPATCHMKCOLLOCKUNLOCKPUT|http-webdav-scan:|WebDAVtype:Unknown|PublicOptions:OPTIONS,TRACE,GET,HEAD,POST,PROPFIND,PROPPATCH,MKCOL,PUT,DELETE,COPY,MOVE,LOCK,UNLOCK|AllowedMethods:OPTIONS,TRACE,GET,HEAD,POST,COPY,PROPFIND,DELETE,MOVE,PROPPATCH,MKCOL,LOCK,UNLOCK|ServerDate:Sun,28May202320:05:05GMT|_ServerType:Microsoft-IIS/10.0|_http-server-header:Microsoft-IIS/10.0|_http-title:IISWindowsServer88/tcpopenkerberos-secMicrosoftWindowsKerberos (server time:2023-05-2820:04:17Z)135/tcpopenmsrpcMicrosoftWindowsRPC139/tcpopennetbios-ssnMicrosoftWindowsnetbios-ssn389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: hutch.offsec0., Site: Default-First-Site-Name)
445/tcpopenmicrosoft-ds?464/tcpopenkpasswd5?593/tcpopenncacn_httpMicrosoftWindowsRPCoverHTTP1.0636/tcpopentcpwrapped3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: hutch.offsec0., Site: Default-First-Site-Name)
3269/tcpopentcpwrapped5985/tcpopenhttpMicrosoftHTTPAPIhttpd2.0 (SSDP/UPnP)|_http-title:NotFound|_http-server-header:Microsoft-HTTPAPI/2.09389/tcpopenmc-nmf.NETMessageFraming49666/tcpopenmsrpcMicrosoftWindowsRPC49668/tcpopenmsrpcMicrosoftWindowsRPC49673/tcpopenncacn_httpMicrosoftWindowsRPCoverHTTP1.049674/tcpopenmsrpcMicrosoftWindowsRPC49676/tcpopenmsrpcMicrosoftWindowsRPC49692/tcpopenmsrpcMicrosoftWindowsRPC49911/tcpopenmsrpcMicrosoftWindowsRPCServiceInfo:Host:HUTCHDC; OS:Windows; CPE:cpe:/o:microsoft:windowsHostscriptresults:|smb2-time:|date:2023-05-28T20:05:10|_start_date:N/A|smb2-security-mode:|311:|_Messagesigningenabledandrequired
Webdav
Port 80 just shows the default ISS page, and the smp scan result in not useful information.
I ran a nikto scan on port 80 to see if there was anything I missed. cmd used: nikto -h 192.168.198.122
The scan showed we can upload files so tried using davtest to test it but I needed credentials first.