init htb

old htb folders

HTB/escape/results/escape.htb/report/notes.txt

@@ -0,0 +1,172 @@
+[*] domain found on tcp/53.
+
+
+
+[*] kerberos-sec found on tcp/88.
+
+
+
+[*] msrpc found on tcp/135.
+
+
+
+[*] netbios-ssn found on tcp/139.
+
+
+
+[*] ldap found on tcp/389.
+
+
+
+[*] microsoft-ds found on tcp/445.
+
+
+
+[*] kpasswd5 found on tcp/464.
+
+
+
+[*] ncacn_http found on tcp/593.
+
+
+
+[*] ldap found on tcp/636.
+
+
+
+[*] ms-sql-s found on tcp/1433.
+
+
+
+[*] ldap found on tcp/3268.
+
+
+
+[*] ldap found on tcp/3269.
+
+
+
+[*] wsman found on tcp/5985.
+
+
+
+[*] mc-nmf found on tcp/9389.
+
+
+
+[*] msrpc found on tcp/49667.
+
+
+
+[*] ncacn_http found on tcp/49677.
+
+
+
+[*] msrpc found on tcp/49678.
+
+
+
+[*] msrpc found on tcp/49698.
+
+
+
+[*] msrpc found on tcp/49702.
+
+
+
+[*] msrpc found on tcp/60738.
+
+
+
+[*] domain found on tcp/53.
+
+
+
+[*] kerberos-sec found on tcp/88.
+
+
+
+[*] msrpc found on tcp/135.
+
+
+
+[*] netbios-ssn found on tcp/139.
+
+
+
+[*] ldap found on tcp/389.
+
+
+
+[*] microsoft-ds found on tcp/445.
+
+
+
+[*] kpasswd5 found on tcp/464.
+
+
+
+[*] ncacn_http found on tcp/593.
+
+
+
+[*] ldap found on tcp/636.
+
+
+
+[*] ms-sql-s found on tcp/1433.
+
+
+
+[*] ldap found on tcp/3268.
+
+
+
+[*] ldap found on tcp/3269.
+
+
+
+[*] wsman found on tcp/5985.
+
+
+
+[*] mc-nmf found on tcp/9389.
+
+
+
+[*] msrpc found on tcp/49667.
+
+
+
+[*] ncacn_http found on tcp/49673.
+
+
+
+[*] msrpc found on tcp/49674.
+
+
+
+[*] msrpc found on tcp/49696.
+
+
+
+[*] msrpc found on tcp/49703.
+
+
+
+[*] msrpc found on tcp/53254.
+
+
+
+[*] domain found on udp/53.
+
+
+
+[*] kerberos-sec found on udp/88.
+
+
+
+[*] ntp found on udp/123.
+
+
+

HTB/escape/results/escape.htb/scans/_commands.log

@@ -0,0 +1,204 @@
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml" escape.htb
+
+dnsrecon -n escape.htb -d escape.htb 2>&1
+
+dig -p 53 -x escape.htb @escape.htb
+
+dig AXFR -p 53 @escape.htb escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml" escape.htb
+
+gobuster dns -d escape.htb -r escape.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_escape.htb_subdomains_subdomains-top1million-110000.txt"
+
+nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" escape.htb
+
+impacket-getArch -target escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml" escape.htb
+
+impacket-rpcdump -port 135 escape.htb
+
+enum4linux -a -M -l -d escape.htb 2>&1
+
+nbtscan -rvh 10.129.25.138 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml" escape.htb
+
+smbclient -L //escape.htb -N -I escape.htb 2>&1
+
+smbmap -H escape.htb -P 139 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp389/xml/tcp_389_ldap_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml" escape.htb
+
+smbmap -H escape.htb -P 445 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" escape.htb
+
+impacket-rpcdump -port 593 escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 636 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml" escape.htb
+
+sslscan --show-certificate --no-colour escape.htb:636 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 1433 --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port=1433,mssql.username=sa,mssql.password=sa" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 3269 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/xml/tcp_3269_ldap_nmap.xml" escape.htb
+
+sslscan --show-certificate --no-colour escape.htb:3269 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49678 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49678/tcp_49678_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49678/xml/tcp_49678_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49698 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49698/tcp_49698_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49698/xml/tcp_49698_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49702 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49702/tcp_49702_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49702/xml/tcp_49702_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 60738 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp60738/tcp_60738_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp60738/xml/tcp_60738_rpc_nmap.xml" escape.htb
+
+dig AXFR -p 53 @escape.htb escape.htb
+
+dig AXFR -p 53 @escape.htb
+
+smbmap -u null -p "" -H escape.htb -P 139 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 445 2>&1
+
+smbmap -H escape.htb -P 139 -R 2>&1
+
+smbmap -H escape.htb -P 445 -R 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 139 -R 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 445 -R 2>&1
+
+smbmap -H escape.htb -P 139 -x "ipconfig /all" 2>&1
+
+smbmap -H escape.htb -P 445 -x "ipconfig /all" 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 139 -x "ipconfig /all" 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 445 -x "ipconfig /all" 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml" escape.htb
+
+dnsrecon -n escape.htb -d escape.htb 2>&1
+
+dig -p 53 -x escape.htb @escape.htb
+
+dig AXFR -p 53 @escape.htb escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml" escape.htb
+
+gobuster dns -d escape.htb -r escape.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_escape.htb_subdomains_subdomains-top1million-110000.txt"
+
+nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" escape.htb
+
+impacket-getArch -target escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml" escape.htb
+
+impacket-rpcdump -port 135 escape.htb
+
+enum4linux -a -M -l -d escape.htb 2>&1
+
+nbtscan -rvh 10.129.184.130 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml" escape.htb
+
+smbclient -L //escape.htb -N -I escape.htb 2>&1
+
+smbmap -H escape.htb -P 139 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp389/xml/tcp_389_ldap_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml" escape.htb
+
+smbmap -H escape.htb -P 445 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" escape.htb
+
+impacket-rpcdump -port 593 escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 636 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml" escape.htb
+
+sslscan --show-certificate --no-colour escape.htb:636 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 1433 --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port=1433,mssql.username=sa,mssql.password=sa" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 3269 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/xml/tcp_3269_ldap_nmap.xml" escape.htb
+
+sslscan --show-certificate --no-colour escape.htb:3269 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49674 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49674/tcp_49674_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49674/xml/tcp_49674_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49696 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49696/tcp_49696_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49696/xml/tcp_49696_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49703 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49703/tcp_49703_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49703/xml/tcp_49703_rpc_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 53254 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp53254/tcp_53254_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp53254/xml/tcp_53254_rpc_nmap.xml" escape.htb
+
+dig AXFR -p 53 @escape.htb escape.htb
+
+dig AXFR -p 53 @escape.htb
+
+smbmap -u null -p "" -H escape.htb -P 139 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 445 2>&1
+
+smbmap -H escape.htb -P 445 -R 2>&1
+
+smbmap -H escape.htb -P 139 -R 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 445 -R 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 139 -R 2>&1
+
+smbmap -H escape.htb -P 139 -x "ipconfig /all" 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 139 -x "ipconfig /all" 2>&1
+
+smbmap -H escape.htb -P 445 -x "ipconfig /all" 2>&1
+
+smbmap -u null -p "" -H escape.htb -P 445 -x "ipconfig /all" 2>&1
+
+dnsrecon -n escape.htb -d escape.htb 2>&1
+
+dig -p 53 -x escape.htb @escape.htb
+
+dig AXFR -p 53 @escape.htb escape.htb
+
+nmap -vv --reason -Pn -T4 -sU -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/udp53/xml/udp_53_dns_nmap.xml" escape.htb
+
+gobuster dns -d escape.htb -r escape.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_escape.htb_subdomains_subdomains-top1million-110000.txt"
+
+nmap -vv --reason -Pn -T4 -sU -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/udp88/udp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/udp88/xml/udp_88_kerberos_nmap.xml" escape.htb
+
+nmap -vv --reason -Pn -T4 -sU -sV -p 123 --script="banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/udp123/udp_123_ntp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/udp123/xml/udp_123_ntp_nmap.xml" escape.htb
+
+dig AXFR -p 53 @escape.htb escape.htb
+
+dig AXFR -p 53 @escape.htb
+

HTB/escape/results/escape.htb/scans/_errors.log

@@ -0,0 +1,20 @@
+[*] Service scan DNS Reverse Lookup (tcp/53/domain/dns-reverse-lookup) ran a command which returned a non-zero exit code (9).
+[-] Command: dig -p 53 -x escape.htb @escape.htb
+[-] Error Output:
+
+
+[*] Service scan DNS Reverse Lookup (tcp/53/domain/dns-reverse-lookup) ran a command which returned a non-zero exit code (9).
+[-] Command: dig -p 53 -x escape.htb @escape.htb
+[-] Error Output:
+
+
+[*] Service scan DNS Zone Transfer (tcp/53/domain/dns-zone-transfer) ran a command which returned a non-zero exit code (9).
+[-] Command: dig AXFR -p 53 @escape.htb
+[-] Error Output:
+
+
+[*] Service scan DNS Zone Transfer (udp/53/domain/dns-zone-transfer) ran a command which returned a non-zero exit code (9).
+[-] Command: dig AXFR -p 53 @escape.htb
+[-] Error Output:
+
+

HTB/escape/results/escape.htb/scans/_full_tcp_nmap.txt

@@ -0,0 +1,281 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:00:56 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:00:57 CET for 283s
+Not shown: 65515 filtered tcp ports (no-response)
+PORT      STATE SERVICE       REASON          VERSION
+53/tcp    open  domain        syn-ack ttl 127 Simple DNS Plus
+88/tcp    open  kerberos-sec  syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-02-28 19:03:35Z)
+135/tcp   open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+139/tcp   open  netbios-ssn   syn-ack ttl 127 Microsoft Windows netbios-ssn
+389/tcp   open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T19:05:32+00:00; +7h59m55s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+445/tcp   open  microsoft-ds? syn-ack ttl 127
+464/tcp   open  kpasswd5?     syn-ack ttl 127
+593/tcp   open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
+636/tcp   open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T19:05:32+00:00; +7h59m55s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+1433/tcp  open  ms-sql-s      syn-ack ttl 127 Microsoft SQL Server 2019 15.00.2000.00; RTM
+|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
+|_ssl-date: 2023-02-28T19:05:32+00:00; +7h59m55s from scanner time.
+| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
+| Issuer: commonName=SSL_Self_Signed_Fallback
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2023-02-28T04:28:02
+| Not valid after:  2053-02-28T04:28:02
+| MD5:   015ca460f1ffd07cb7e668baa3858ef2
+| SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4
+| -----BEGIN CERTIFICATE-----
+| MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7
+| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
+| bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx
+| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
+| AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI
+| bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94
+| XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2
+| Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0
+| ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq
+| Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa
+| zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL
+| M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN
+| ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh
+| xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB
+| 1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc
+| nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf
+| foL8PQ==
+|_-----END CERTIFICATE-----
+|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)
+3268/tcp  open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T19:05:32+00:00; +7h59m55s from scanner time.
+3269/tcp  open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T19:05:32+00:00; +7h59m55s from scanner time.
+5985/tcp  open  http          syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
+|_http-title: Not Found
+|_http-server-header: Microsoft-HTTPAPI/2.0
+9389/tcp  open  mc-nmf        syn-ack ttl 127 .NET Message Framing
+49667/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+49673/tcp open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
+49674/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+49696/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+49703/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+53254/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
+OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
+No OS matches for host
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=63FDE004%P=x86_64-pc-linux-gnu)
+SEQ(SP=108%GCD=1%ISR=107%TI=I%TS=U)
+SEQ(SP=108%GCD=1%ISR=107%TI=I%II=I%SS=S%TS=U)
+OPS(O1=M54ENW8NNS%O2=M54ENW8NNS%O3=M54ENW8%O4=M54ENW8NNS%O5=M54ENW8NNS%O6=M54ENNS)
+WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)
+ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M54ENW8NNS%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=80%CD=Z)
+
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=264 (Good luck!)
+IP ID Sequence Generation: Incremental
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+| p2p-conficker: 
+|   Checking for Conficker.C or higher...
+|   Check 1 (port 44244/tcp): CLEAN (Timeout)
+|   Check 2 (port 64892/tcp): CLEAN (Timeout)
+|   Check 3 (port 13054/udp): CLEAN (Timeout)
+|   Check 4 (port 46576/udp): CLEAN (Timeout)
+|_  0/4 checks are positive: Host is CLEAN or ports are blocked
+| smb2-security-mode: 
+|   311: 
+|_    Message signing enabled and required
+| smb2-time: 
+|   date: 2023-02-28T19:04:56
+|_  start_date: N/A
+|_clock-skew: mean: 7h59m54s, deviation: 0s, median: 7h59m54s
+
+TRACEROUTE (using port 135/tcp)
+HOP RTT       ADDRESS
+1   212.80 ms 10.10.16.1
+2   212.88 ms escape.htb (10.129.184.130)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:05:40 2023 -- 1 IP address (1 host up) scanned in 284.14 seconds

HTB/escape/results/escape.htb/scans/_manual_commands.txt

@@ -0,0 +1,242 @@
+[*] domain on tcp/53
+
+	[-] Use dnsrecon to bruteforce subdomains of a DNS domain.
+
+		dnsrecon -n escape.htb -d escape.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt
+
+	[-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name.
+
+		dnsrecon -n escape.htb -d <DOMAIN-NAME> 2>&1 | tee /home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dnsrecon_default_manual.txt
+
+[*] msrpc on tcp/135
+
+	[-] RPC Client:
+
+		rpcclient -p 135 -U "" escape.htb
+
+[*] netbios-ssn on tcp/139
+
+	[-] Bruteforce SMB
+
+		crackmapexec smb escape.htb --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt"
+
+	[-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:
+
+		nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" escape.htb
+
+[*] ldap on tcp/389
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_all-entries.txt"
+
+[*] microsoft-ds on tcp/445
+
+	[-] Bruteforce SMB
+
+		crackmapexec smb escape.htb --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt"
+
+	[-] Lookup SIDs
+
+		impacket-lookupsid '[username]:[password]@escape.htb'
+
+	[-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:
+
+		nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" escape.htb
+
+[*] ldap on tcp/636
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:636 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_all-entries.txt"
+
+[*] ms-sql-s on tcp/1433
+
+	[-] (sqsh) interactive database shell:
+
+		sqsh -U <username> -P <password> -S escape.htb:1433
+
+[*] ldap on tcp/3268
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_all-entries.txt"
+
+[*] ldap on tcp/3269
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:3269 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_all-entries.txt"
+
+[*] wsman on tcp/5985
+
+	[-] Bruteforce logins:
+
+		crackmapexec winrm escape.htb -d 'escape.htb' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt'
+
+	[-] Check login (requires credentials):
+
+		crackmapexec winrm escape.htb -d 'escape.htb' -u '<username>' -p '<password>'
+
+	[-] Evil WinRM (gem install evil-winrm):
+
+		evil-winrm -u '<user>' -p '<password>' -i escape.htb
+
+		evil-winrm -u '<user>' -H '<hash>' -i escape.htb
+
+[*] msrpc on tcp/49667
+
+	[-] RPC Client:
+
+		rpcclient -p 49667 -U "" escape.htb
+
+[*] msrpc on tcp/49678
+
+	[-] RPC Client:
+
+		rpcclient -p 49678 -U "" escape.htb
+
+[*] msrpc on tcp/49698
+
+	[-] RPC Client:
+
+		rpcclient -p 49698 -U "" escape.htb
+
+[*] msrpc on tcp/49702
+
+	[-] RPC Client:
+
+		rpcclient -p 49702 -U "" escape.htb
+
+[*] msrpc on tcp/60738
+
+	[-] RPC Client:
+
+		rpcclient -p 60738 -U "" escape.htb
+
+[*] domain on tcp/53
+
+	[-] Use dnsrecon to bruteforce subdomains of a DNS domain.
+
+		dnsrecon -n escape.htb -d escape.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt
+
+	[-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name.
+
+		dnsrecon -n escape.htb -d <DOMAIN-NAME> 2>&1 | tee /home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dnsrecon_default_manual.txt
+
+[*] msrpc on tcp/135
+
+	[-] RPC Client:
+
+		rpcclient -p 135 -U "" escape.htb
+
+[*] netbios-ssn on tcp/139
+
+	[-] Bruteforce SMB
+
+		crackmapexec smb escape.htb --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt"
+
+	[-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:
+
+		nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" escape.htb
+
+[*] ldap on tcp/389
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_all-entries.txt"
+
+[*] microsoft-ds on tcp/445
+
+	[-] Bruteforce SMB
+
+		crackmapexec smb escape.htb --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt"
+
+	[-] Lookup SIDs
+
+		impacket-lookupsid '[username]:[password]@escape.htb'
+
+	[-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:
+
+		nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" escape.htb
+
+[*] ldap on tcp/636
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:636 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_all-entries.txt"
+
+[*] ms-sql-s on tcp/1433
+
+	[-] (sqsh) interactive database shell:
+
+		sqsh -U <username> -P <password> -S escape.htb:1433
+
+[*] ldap on tcp/3268
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_all-entries.txt"
+
+[*] ldap on tcp/3269
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://escape.htb:3269 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_all-entries.txt"
+
+[*] wsman on tcp/5985
+
+	[-] Bruteforce logins:
+
+		crackmapexec winrm escape.htb -d 'escape.htb' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt'
+
+	[-] Check login (requires credentials):
+
+		crackmapexec winrm escape.htb -d 'escape.htb' -u '<username>' -p '<password>'
+
+	[-] Evil WinRM (gem install evil-winrm):
+
+		evil-winrm -u '<user>' -p '<password>' -i escape.htb
+
+		evil-winrm -u '<user>' -H '<hash>' -i escape.htb
+
+[*] msrpc on tcp/49667
+
+	[-] RPC Client:
+
+		rpcclient -p 49667 -U "" escape.htb
+
+[*] msrpc on tcp/49674
+
+	[-] RPC Client:
+
+		rpcclient -p 49674 -U "" escape.htb
+
+[*] msrpc on tcp/49696
+
+	[-] RPC Client:
+
+		rpcclient -p 49696 -U "" escape.htb
+
+[*] msrpc on tcp/49703
+
+	[-] RPC Client:
+
+		rpcclient -p 49703 -U "" escape.htb
+
+[*] msrpc on tcp/53254
+
+	[-] RPC Client:
+
+		rpcclient -p 53254 -U "" escape.htb
+
+[*] domain on udp/53
+
+	[-] Use dnsrecon to bruteforce subdomains of a DNS domain.
+
+		dnsrecon -n escape.htb -d escape.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_dnsrecon_subdomain_bruteforce.txt
+
+	[-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name.
+
+		dnsrecon -n escape.htb -d <DOMAIN-NAME> 2>&1 | tee /home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_dnsrecon_default_manual.txt
+

HTB/escape/results/escape.htb/scans/_patterns.log

@@ -0,0 +1,4 @@
+Identified Architecture: 64-bit
+
+Identified Architecture: 64-bit
+

HTB/escape/results/escape.htb/scans/_quick_tcp_nmap.txt

@@ -0,0 +1,271 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:00:56 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.21s latency).
+Scanned at 2023-02-28 12:00:57 CET for 569s
+Not shown: 988 filtered tcp ports (no-response)
+PORT     STATE SERVICE       REASON          VERSION
+53/tcp   open  domain?       syn-ack ttl 127
+88/tcp   open  kerberos-sec  syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-02-28 19:01:10Z)
+135/tcp  open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+139/tcp  open  netbios-ssn   syn-ack ttl 127 Microsoft Windows netbios-ssn
+389/tcp  open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb, Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T19:10:19+00:00; +7h59m55s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+445/tcp  open  microsoft-ds? syn-ack ttl 127
+464/tcp  open  kpasswd5?     syn-ack ttl 127
+593/tcp  open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
+636/tcp  open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T19:10:19+00:00; +7h59m55s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+1433/tcp open  ms-sql-s      syn-ack ttl 127 Microsoft SQL Server 2019 15.00.2000.00; RTM
+| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
+| Issuer: commonName=SSL_Self_Signed_Fallback
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2023-02-28T04:28:02
+| Not valid after:  2053-02-28T04:28:02
+| MD5:   015ca460f1ffd07cb7e668baa3858ef2
+| SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4
+| -----BEGIN CERTIFICATE-----
+| MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7
+| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
+| bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx
+| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
+| AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI
+| bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94
+| XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2
+| Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0
+| ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq
+| Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa
+| zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL
+| M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN
+| ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh
+| xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB
+| 1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc
+| nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf
+| foL8PQ==
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T19:10:19+00:00; +7h59m55s from scanner time.
+|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)
+3268/tcp open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T19:10:19+00:00; +7h59m55s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+3269/tcp open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T19:10:19+00:00; +7h59m55s from scanner time.
+Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
+OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
+No OS matches for host
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=63FDE122%P=x86_64-pc-linux-gnu)
+SEQ(SP=104%GCD=1%ISR=106%TI=I%II=I%SS=O%TS=U)
+SEQ(SP=104%GCD=1%ISR=106%TS=U)
+OPS(O1=M54ENW8NNS%O2=M54ENW8NNS%O3=M54ENW8%O4=M54ENW8NNS%O5=M54ENW8NNS%O6=M54ENNS)
+WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)
+ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M54ENW8NNS%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=80%CD=Z)
+
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=260 (Good luck!)
+IP ID Sequence Generation: Busy server or unknown class
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_clock-skew: mean: 7h59m54s, deviation: 0s, median: 7h59m54s
+| smb2-security-mode: 
+|   311: 
+|_    Message signing enabled and required
+| smb2-time: 
+|   date: 2023-02-28T19:09:38
+|_  start_date: N/A
+| p2p-conficker: 
+|   Checking for Conficker.C or higher...
+|   Check 1 (port 44244/tcp): CLEAN (Timeout)
+|   Check 2 (port 64892/tcp): CLEAN (Timeout)
+|   Check 3 (port 13054/udp): CLEAN (Timeout)
+|   Check 4 (port 46576/udp): CLEAN (Timeout)
+|_  0/4 checks are positive: Host is CLEAN or ports are blocked
+
+TRACEROUTE (using port 445/tcp)
+HOP RTT       ADDRESS
+1   252.43 ms 10.10.16.1
+2   252.73 ms escape.htb (10.129.184.130)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:10:26 2023 -- 1 IP address (1 host up) scanned in 570.02 seconds

HTB/escape/results/escape.htb/scans/_top_100_udp_nmap.txt

@@ -0,0 +1,40 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:00:56 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.12s latency).
+Scanned at 2023-02-28 12:00:57 CET for 1767s
+Not shown: 97 open|filtered udp ports (no-response)
+PORT    STATE SERVICE      REASON               VERSION
+53/udp  open  domain       udp-response ttl 127 (generic dns response: SERVFAIL)
+| fingerprint-strings: 
+|   NBTStat: 
+|_    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+88/udp  open  kerberos-sec udp-response         Microsoft Windows Kerberos (server time: 2023-02-28 19:01:03Z)
+123/udp open  ntp          udp-response ttl 127 NTP v3
+| ntp-info: 
+|_  receive time stamp: 2023-02-28T19:07:40
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port53-UDP:V=7.93%I=7%D=2/28%Time=63FDDF03%P=x86_64-pc-linux-gnu%r(NBTS
+SF:tat,32,"\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAA
+SF:AAAAAAA\0\0!\0\x01");
+Too many fingerprints match this host to give specific OS details
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/28%OT=%CT=%CU=%PV=Y%DS=10%DC=T%G=N%TM=63FDE5D0%P=x86_64-pc-linux-gnu)
+SEQ(II=I)
+U1(R=N)
+IE(R=Y%DFI=N%TG=80%CD=Z)
+
+Network Distance: 10 hops
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_clock-skew: 7h59m58s
+
+TRACEROUTE (using port 53/udp)
+HOP RTT       ADDRESS
+1   211.55 ms 10.10.16.1
+2   ... 9
+10  86.35 ms  escape.htb (10.129.184.130)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:30:24 2023 -- 1 IP address (1 host up) scanned in 1768.66 seconds

HTB/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_architecture.txt

@@ -0,0 +1,6 @@
+Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
+
+[*] Gathering OS architecture for 1 machines
+[*] Socket connect timeout set to 2 secs
+escape.htb is 64-bit
+

HTB/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:41 2023 as: nmap -vv --reason -Pn -T4 -sV -p 135 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:05:44 CET for 23s
+
+PORT    STATE SERVICE REASON          VERSION
+135/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:07 2023 -- 1 IP address (1 host up) scanned in 26.06 seconds

HTB/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_rpcdump.txt

@@ -0,0 +1,925 @@
+Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
+
+[*] Retrieving endpoint list from escape.htb
+Protocol: [MS-RSP]: Remote Shutdown Protocol
+Provider: wininit.exe
+UUID    : D95AFE70-A6D5-4259-822E-2C84DA1DDB0D v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49664]
+          ncalrpc:[WindowsShutdown]
+          ncacn_np:\\DC[\PIPE\InitShutdown]
+          ncalrpc:[WMsgKRpc0A7BE0]
+
+Protocol: N/A
+Provider: winlogon.exe
+UUID    : 76F226C3-EC14-4325-8A99-6A46348418AF v1.0
+Bindings:
+          ncalrpc:[WindowsShutdown]
+          ncacn_np:\\DC[\PIPE\InitShutdown]
+          ncalrpc:[WMsgKRpc0A7BE0]
+          ncalrpc:[WMsgKRpc0A9011]
+
+Protocol: N/A
+Provider: N/A
+UUID    : D09BDEB5-6171-4A34-BFE2-06FA82652568 v1.0
+Bindings:
+          ncalrpc:[csebpub]
+          ncalrpc:[LRPC-5c17a202088881a462]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-e158f8adbff8147a36]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 697DCDA9-3BA9-4EB2-9247-E11F1901B0D2 v1.0
+Bindings:
+          ncalrpc:[LRPC-5c17a202088881a462]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 9B008953-F195-4BF9-BDE0-4471971E58ED v1.0
+Bindings:
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : DD59071B-3215-4C59-8481-972EDADC0F6A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D47017B-B33B-46AD-9E18-FE96456C5078 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 95406F0B-B239-4318-91BB-CEA3A46FF0DC v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4ED8ABCC-F1E2-438B-981F-BB0E8ABC010C v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0FF1F646-13BB-400A-AB50-9A78F2B7A85A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 6982A06E-5FE2-46B1-B39C-A2C545BFA069 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 082A3471-31B6-422A-B931-A54401960C62 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : FAE436B0-B864-4A87-9EDA-298547CD82F2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E53D94CA-7464-4839-B044-09A2FB8B3AE5 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 178D84BE-9291-4994-82C6-3F909ACA5A03 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4DACE966-A243-4450-AE3F-9B7BCB5315B8 v2.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1832BCF6-CAB8-41D4-85D2-C9410764F75A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C521FACF-09A9-42C5-B155-72388595CBF0 v0.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2C7FD9CE-E706-4B40-B412-953107EF9BB0 v0.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 88ABCBC3-34EA-76AE-8215-767520655A23 v0.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 76C217BC-C8B4-4201-A745-373AD9032B1A v1.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 55E6B932-1979-45D6-90C5-7F6270724112 v1.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 857FB1BE-084F-4FB5-B59C-4B2C4BE5F0CF v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B8CADBAF-E84B-46B9-84F2-6F71C03F9E55 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 20C40295-8DBA-48E6-AEBF-3E78EF3BB144 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2513BCBE-6CD4-4348-855E-7EFB3C336DD3 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D3E2735-CEA0-4ECC-A9E2-41A2D81AED4E v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C605F9FB-F0A3-4E2A-A073-73560F8D9E3E v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1B37CA91-76B1-4F5E-A3C7-2ABFC61F2BB0 v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8BFC3BE1-6DEF-4E2D-AF74-7C47CD0ADE4A v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2D98A740-581D-41B9-AA0D-A88B9D5CE938 v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0361AE94-0316-4C6C-8AD8-C594375800E2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 5824833B-3C1A-4AD2-BDFD-C31D19E23ED2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : BDAA0970-413B-4A3E-9E5D-F6DC9D7E0760 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3B338D89-6CFA-44B8-847E-531531BC9992 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8782D3B9-EBBD-4644-A3D8-E8725381919B v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 085B0334-E454-4D91-9B8C-4134F9E793F3 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4BEC6BB8-B5C2-4B6F-B2C1-5DA5CF92D0D9 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: sysntfy.dll
+UUID    : C9AC6DB5-82B7-4E55-AE8A-E464ED7B4277 v1.0 Impl friendly name
+Bindings:
+          ncalrpc:[LRPC-f7c911d0f7174d6368]
+          ncalrpc:[LRPC-f439a74f7da7485dcc]
+          ncalrpc:[IUserProfile2]
+          ncalrpc:[LRPC-62f9922acfcb157b86]
+          ncalrpc:[senssvc]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : A500D4C6-0DD1-4543-BC0C-D5F93486EAF8 v1.0
+Bindings:
+          ncalrpc:[LRPC-a318fcfb6ae3fa2006]
+          ncalrpc:[LRPC-e158f8adbff8147a36]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E40F7B57-7A25-4CD3-A135-7F7D3DF9D16B v1.0 Network Connection Broker server endpoint
+Bindings:
+          ncalrpc:[LRPC-48fe5c4c32c4fba26d]
+          ncalrpc:[OLEF18236561B248B245D2DC5F96304]
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 880FD55E-43B9-11E0-B1A8-CF4EDFD72085 v1.0 KAPI Service endpoint
+Bindings:
+          ncalrpc:[LRPC-48fe5c4c32c4fba26d]
+          ncalrpc:[OLEF18236561B248B245D2DC5F96304]
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 5222821F-D5E2-4885-84F1-5F6185A0EC41 v1.0 Network Connection Broker server endpoint for NCB Reset module
+Bindings:
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: nsisvc.dll
+UUID    : 7EA70BCF-48AF-4F6A-8968-6A440754D5FA v1.0 NSI server endpoint
+Bindings:
+          ncalrpc:[LRPC-ebe5c71b49cf000e16]
+
+Protocol: N/A
+Provider: dhcpcsvc6.dll
+UUID    : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D6 v1.0 DHCPv6 Client LRPC Endpoint
+Bindings:
+          ncalrpc:[dhcpcsvc6]
+          ncalrpc:[dhcpcsvc]
+
+Protocol: N/A
+Provider: dhcpcsvc.dll
+UUID    : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D5 v1.0 DHCP Client LRPC Endpoint
+Bindings:
+          ncalrpc:[dhcpcsvc]
+
+Protocol: [MS-EVEN6]: EventLog Remoting Protocol
+Provider: wevtsvc.dll
+UUID    : F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C v1.0 Event log TCPIP
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49665]
+          ncacn_np:\\DC[\pipe\eventlog]
+          ncalrpc:[eventlog]
+
+Protocol: N/A
+Provider: gpsvc.dll
+UUID    : 2EB08E3E-639F-4FBA-97B1-14F878961076 v1.0 Group Policy RPC Interface
+Bindings:
+          ncalrpc:[LRPC-39c79f87490a4a110d]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3A9EF155-691D-4449-8D05-09AD57031823 v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49666]
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: schedsvc.dll
+UUID    : 86D35949-83C9-4044-B424-DB363231FD0C v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49666]
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 33D84484-3626-47EE-8C6F-E7E98B113BE1 v2.0
+Bindings:
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: taskcomp.dll
+UUID    : 378E52B0-C0A9-11CF-822D-00AA0051E40F v1.0
+Bindings:
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: taskcomp.dll
+UUID    : 1FF70682-0A51-30E8-076D-740BE8CEE98B v1.0
+Bindings:
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: schedsvc.dll
+UUID    : 0A74EF1C-41A4-4E06-83AE-DC74FB1CDD53 v1.0
+Bindings:
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3473DD4D-2E88-4006-9CBA-22570909DD10 v5.1 WinHttp Auto-Proxy Service
+Bindings:
+          ncalrpc:[1eb54f27-f33c-4433-bfb8-b78495d0c683]
+          ncalrpc:[LRPC-ed2a3a7c79ccbe8063]
+
+Protocol: N/A
+Provider: MPSSVC.dll
+UUID    : 2FB92682-6599-42DC-AE13-BD2CA89BD11C v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-f4d6055253fb967246]
+          ncalrpc:[LRPC-13ab1d34f84db64998]
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F47433C3-3E9D-4157-AAD4-83AA1F5C2D4C v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-13ab1d34f84db64998]
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: MPSSVC.dll
+UUID    : 7F9D11BF-7FB9-436B-A812-B2D50C5D4C03 v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: BFE.DLL
+UUID    : DD490425-5325-4565-B774-7E27D6C09C24 v1.0 Base Firewall Engine API
+Bindings:
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 7F1343FE-50A9-4927-A778-0C5859517BAC v1.0 DfsDs service
+Bindings:
+          ncacn_np:\\DC[\PIPE\wkssvc]
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : EB081A0D-10EE-478A-A1DD-50995283E7A8 v3.0 Witness Client Test Interface
+Bindings:
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F2C9B409-C1C9-4100-8639-D8AB1486694A v1.0 Witness Client Upcall Server
+Bindings:
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C2D1B5DD-FA81-4460-9DD6-E7658B85454B v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F44E62AF-DAB1-44C2-8013-049A9DE417D6 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 7AEB6705-3AE6-471A-882D-F39C109EDC12 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E7F76134-9EF5-4949-A2D6-3368CC0988F3 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B37F900A-EAE4-4304-A2AB-12BB668C0188 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : ABFB6CA3-0C5E-4734-9285-0AEE72FE8D1C v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D3C7F20-1C8D-4654-A1B3-51563B298BDA v1.0 UserMgrCli
+Bindings:
+          ncalrpc:[LRPC-4af0391ddc7fbb0d04]
+          ncalrpc:[OLED53BB4BCFCCC2BBB55E1D97B9812]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B18FBAB6-56F8-4702-84E0-41053293A869 v1.0 UserMgrCli
+Bindings:
+          ncalrpc:[LRPC-4af0391ddc7fbb0d04]
+          ncalrpc:[OLED53BB4BCFCCC2BBB55E1D97B9812]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C49A5A70-8A7F-4E70-BA16-1E8F1F193EF1 v1.0 Adh APIs
+Bindings:
+          ncalrpc:[OLEDF6833784EBE2C242203FE93FABD]
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C36BE077-E14B-4FE9-8ABC-E856EF4F048B v1.0 Proxy Manager client server endpoint
+Bindings:
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2E6035B2-E8F1-41A7-A044-656B439C4C34 v1.0 Proxy Manager provider server endpoint
+Bindings:
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: iphlpsvc.dll
+UUID    : 552D076A-CB29-4E44-8B6A-D15E59E2C0AF v1.0 IP Transition Configuration endpoint
+Bindings:
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: [MS-NRPC]: Netlogon Remote Protocol
+Provider: netlogon.dll
+UUID    : 12345678-1234-ABCD-EF00-01234567CFFB v1.0
+Bindings:
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-RAA]: Remote Authorization API Protocol
+Provider: N/A
+UUID    : 0B1C2170-5732-4E0E-8CD3-D9B16F3B84D7 v0.0 RemoteAccessCheck
+Bindings:
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
+Provider: samsrv.dll
+UUID    : 12345778-1234-ABCD-EF00-0123456789AC v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-LSAT]: Local Security Authority (Translation Methods) Remote
+Provider: lsasrv.dll
+UUID    : 12345778-1234-ABCD-EF00-0123456789AB v0.0
+Bindings:
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol
+Provider: ntdsai.dll
+UUID    : E3514235-4B06-11D1-AB04-00C04FC2DCD2 v4.0 MS NT Directory DRS Interface
+Bindings:
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 51A227AE-825B-41F2-B4A9-1AC9557A1018 v1.0 Ngc Pop Key Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8FB74744-B2FF-4C00-BE0D-9EF9A191FE1B v1.0 Ngc Pop Key Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B25A52BF-E5DD-4F4A-AEA6-8CA7272A0E86 v2.0 KeyIso
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : A4B8D482-80CE-40D6-934D-B22A01A44FE7 v1.0 LicenseManager
+Bindings:
+          ncalrpc:[LicenseServiceEndpoint]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1A0D010F-1C33-432C-B0F5-8CF4E8053099 v1.0 IdSegSrv service
+Bindings:
+          ncalrpc:[LRPC-d0b063b89dcacf8d2f]
+
+Protocol: N/A
+Provider: srvsvc.dll
+UUID    : 98716D03-89AC-44C7-BB8C-285824E51C4A v1.0 XactSrv service
+Bindings:
+          ncalrpc:[LRPC-d0b063b89dcacf8d2f]
+
+Protocol: N/A
+Provider: N/A
+UUID    : DF4DF73A-C52D-4E3A-8003-8437FDF8302A v0.0 WM_WindowManagerRPC\Server
+Bindings:
+          ncalrpc:[LRPC-5f5f21e3e191e1ae92]
+
+Protocol: N/A
+Provider: sysmain.dll
+UUID    : B58AA02E-2884-4E97-8176-4EE06D794184 v1.0
+Bindings:
+          ncalrpc:[LRPC-3cb1b63884da9c017f]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 98CD761E-E77D-41C8-A3C0-0FB756D90EC2 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : D22895EF-AFF4-42C5-A5B2-B14466D34AB4 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E38F5360-8572-473E-B696-1B46873BEEAB v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 95095EC8-32EA-4EB0-A3E2-041F97B36168 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : FD8BE72B-A9CD-4B2C-A9CA-4DED242FBE4D v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4C9DBF19-D39E-4BB9-90EE-8F7179B20283 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: [MS-CMPO]: MSDTC Connection Manager:
+Provider: msdtcprx.dll
+UUID    : 906B0CE0-C70B-1067-B317-00DD010662DA v1.0
+Bindings:
+          ncalrpc:[LRPC-a5c382c126b1e1826a]
+          ncalrpc:[OLEE90A03417C6C8CB6892D014A39AC]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2F5F6521-CB55-1059-B446-00DF0BCE31DB v1.0 Unimodem LRPC Endpoint
+Bindings:
+          ncalrpc:[unimdmsvc]
+          ncalrpc:[tapsrvlpc]
+          ncacn_np:\\DC[\pipe\tapsrv]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 650A7E26-EAB8-5533-CE43-9C1DFCE11511 v1.0 Vpn APIs
+Bindings:
+          ncalrpc:[LRPC-4050dd6bde9b3cf16e]
+          ncalrpc:[VpnikeRpc]
+          ncalrpc:[RasmanLrpc]
+          ncacn_np:\\DC[\PIPE\ROUTER]
+
+Protocol: [MS-SCMR]: Service Control Manager Remote Protocol
+Provider: services.exe
+UUID    : 367ABB81-9844-35F1-AD32-98F038001003 v2.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49694]
+
+Protocol: [MS-ICPR]: ICertPassage Remote Protocol
+Provider: certsrv.exe
+UUID    : 91AE6020-9E3C-11CF-8D7C-00AA00C091BE v0.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49696]
+          ncacn_np:\\DC[\pipe\cert]
+          ncalrpc:[OLE2F89DA9340E3DA4F3F79F495C660]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F3F09FFD-FBCF-4291-944D-70AD6E0E73BB v1.0
+Bindings:
+          ncalrpc:[LRPC-946a4809e3af3c8ecc]
+
+Protocol: N/A
+Provider: nrpsrv.dll
+UUID    : 30ADC50C-5CBC-46CE-9A0E-91914789E23C v1.0 NRP server endpoint
+Bindings:
+          ncalrpc:[LRPC-593a2e405b40559e71]
+
+Protocol: [MS-DNSP]: Domain Name Service (DNS) Server Management
+Provider: dns.exe
+UUID    : 50ABC2A4-574D-40B3-9D66-EE4FD5FBA076 v5.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49703]
+
+Protocol: [MS-FRS2]: Distributed File System Replication Protocol
+Provider: dfsrmig.exe
+UUID    : 897E2E5F-93F3-4376-9C9C-FD2277495C27 v1.0 Frs2 Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[53254]
+          ncalrpc:[OLEA043F2C22A38A12D9DA9DBBFF6A7]
+
+Protocol: N/A
+Provider: N/A
+UUID    : BF4DC912-E52F-4904-8EBE-9317C1BDD497 v1.0
+Bindings:
+          ncalrpc:[LRPC-d8baf42a4a1b922f1b]
+          ncalrpc:[OLEF83A252BFDB35852F018EE0218FC]
+
+Protocol: N/A
+Provider: pcasvc.dll
+UUID    : 0767A036-0D22-48AA-BA69-B619480F38CB v1.0 PcaSvc
+Bindings:
+          ncalrpc:[LRPC-c72e6d5f54f5eaea61]
+
+[*] Received 400 endpoints.
+

HTB/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:41 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 135 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 135 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml escape.htb" start="1677582341" startstr="Tue Feb 28 12:05:41 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="135"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="SYN Stealth Scan" time="1677582344"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582352" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582352"/>
+<taskend task="NSE" time="1677582367"/>
+<taskbegin task="NSE" time="1677582367"/>
+<taskend task="NSE" time="1677582367"/>
+<host starttime="1677582344" endtime="1677582367"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="183688" rttvar="183688" to="918440"/>
+</host>
+<taskbegin task="NSE" time="1677582367"/>
+<taskend task="NSE" time="1677582367"/>
+<taskbegin task="NSE" time="1677582367"/>
+<taskend task="NSE" time="1677582367"/>
+<runstats><finished time="1677582367" timestr="Tue Feb 28 12:06:07 2023" summary="Nmap done at Tue Feb 28 12:06:07 2023; 1 IP address (1 host up) scanned in 26.06 seconds" elapsed="26.06" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp139/enum4linux.txt

@@ -0,0 +1,139 @@
+Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Tue Feb 28 12:05:45 2023
+
+ =========================================( Target Information )=========================================
+
+Target ........... escape.htb
+RID Range ........ 500-550,1000-1050
+Username ......... ''
+Password ......... ''
+Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
+
+
+ =============================( Enumerating Workgroup/Domain on escape.htb )=============================
+
+
+[E] Can't find workgroup/domain
+
+
+
+ =================================( Nbtstat Information for escape.htb )=================================
+
+Looking up status of 10.129.184.130
+No reply from 10.129.184.130
+
+ ====================================( Session Check on escape.htb )====================================
+
+
+[+] Server escape.htb allows sessions using username '', password ''
+
+
+ ============================( Getting information via LDAP for escape.htb )============================
+
+
+[+] escape.htb appears to be a child DC
+
+
+ =================================( Getting domain SID for escape.htb )=================================
+
+Domain Name: sequel
+Domain Sid: S-1-5-21-4078382237-1492182817-2568127209
+
+[+] Host is part of a domain (not a workgroup)
+
+
+ ====================================( OS information on escape.htb )====================================
+
+
+[E] Can't get OS info with smbclient
+
+
+[+] Got OS info for escape.htb from srvinfo:
+do_cmd: Could not initialise srvsvc. Error was NT_STATUS_ACCESS_DENIED
+
+
+ ========================================( Users on escape.htb )========================================
+
+
+[E] Couldn't find users using querydispinfo: NT_STATUS_ACCESS_DENIED
+
+
+
+[E] Couldn't find users using enumdomusers: NT_STATUS_ACCESS_DENIED
+
+
+ =================================( Machine Enumeration on escape.htb )=================================
+
+
+[E] Not implemented in this version of enum4linux.
+
+
+ ==================================( Share Enumeration on escape.htb )==================================
+
+do_connect: Connection to escape.htb failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
+
+	Sharename       Type      Comment
+	---------       ----      -------
+Reconnecting with SMB1 for workgroup listing.
+Unable to connect with SMB1 -- no workgroup available
+
+[+] Attempting to map shares on escape.htb
+
+
+ =============================( Password Policy Information for escape.htb )=============================
+
+
+[E] Unexpected error from polenum:
+
+
+
+[+] Attaching to escape.htb using a NULL share
+
+[+] Trying protocol 139/SMB...
+
+	[!] Protocol failed: Cannot request session (Called Name:ESCAPE.HTB)
+
+[+] Trying protocol 445/SMB...
+
+	[!] Protocol failed: SAMR SessionError: code: 0xc0000022 - STATUS_ACCESS_DENIED - {Access Denied} A process has requested access to an object but has not been granted those access rights.
+
+
+
+[E] Failed to get password policy with rpcclient
+
+
+
+ ========================================( Groups on escape.htb )========================================
+
+
+[+] Getting builtin groups:
+
+
+[+]  Getting builtin group memberships:
+
+
+[+]  Getting local groups:
+
+
+[+]  Getting local group memberships:
+
+
+[+]  Getting domain groups:
+
+
+[+]  Getting domain group memberships:
+
+
+ ===================( Users on escape.htb via RID cycling (RIDS: 500-550,1000-1050) )===================
+
+
+[E] Couldn't get SID: NT_STATUS_ACCESS_DENIED.  RID cycling not possible.
+
+
+ ================================( Getting printer info for escape.htb )================================
+
+do_cmd: Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED
+
+
+enum4linux complete on Tue Feb 28 12:06:39 2023
+
+

HTB/escape/results/escape.htb/scans/tcp139/nbtscan.txt

@@ -0,0 +1,3 @@
+Doing NBT name scan for addresses from 10.129.184.130
+
+

HTB/escape/results/escape.htb/scans/tcp139/smbclient.txt

@@ -0,0 +1,13 @@
+do_connect: Connection to escape.htb failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
+
+	Sharename       Type      Comment
+	---------       ----      -------
+	ADMIN$          Disk      Remote Admin
+	C$              Disk      Default share
+	IPC$            IPC       Remote IPC
+	NETLOGON        Disk      Logon server share
+	Public          Disk
+	SYSVOL          Disk      Logon server share
+Reconnecting with SMB1 for workgroup listing.
+Unable to connect with SMB1 -- no workgroup available
+

HTB/escape/results/escape.htb/scans/tcp139/smbmap-execute-command.txt

@@ -0,0 +1 @@
+[\] Working on it...

HTB/escape/results/escape.htb/scans/tcp139/smbmap-list-contents.txt

@@ -0,0 +1,2 @@
+[\] Working on it...
+[+] Guest session   	IP: escape.htb:445	Name: unknown

HTB/escape/results/escape.htb/scans/tcp139/smbmap-share-permissions.txt

@@ -0,0 +1,10 @@
+[\] Working on it...
+[+] Guest session   	IP: escape.htb:445	Name: unknown
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...

HTB/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt

@@ -0,0 +1,22 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 139 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:05:45 CET for 45s
+
+PORT    STATE SERVICE     REASON          VERSION
+139/tcp open  netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn
+|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+|_smb-protocols: No dialects accepted. Something may be blocking the responses
+|_smb2-time: ERROR: Script execution failed (use -d to debug)
+|_smb2-capabilities: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+|_smb-print-text: false
+|_smb-mbenum: ERROR: Script execution failed (use -d to debug)
+|_smb-vuln-ms10-061: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:30 2023 -- 1 IP address (1 host up) scanned in 49.07 seconds

HTB/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 139 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 139 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="139"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582352" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582352"/>
+<taskprogress task="NSE" time="1677582383" percent="97.14" remaining="1" etc="1677582384"/>
+<taskend task="NSE" time="1677582387"/>
+<taskbegin task="NSE" time="1677582387"/>
+<taskend task="NSE" time="1677582390"/>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<host starttime="1677582345" endtime="1677582390"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="netbios-ssn" product="Microsoft Windows netbios-ssn" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="smb-enum-services" output="ERROR: Script execution failed (use -d to debug)"/></port>
+</ports>
+<hostscript><script id="smb2-security-mode" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script><script id="smb-protocols" output="No dialects accepted. Something may be blocking the responses"/><script id="smb2-time" output="ERROR: Script execution failed (use -d to debug)"/><script id="smb2-capabilities" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script><script id="smb-print-text" output="false">false</script><script id="smb-mbenum" output="ERROR: Script execution failed (use -d to debug)"/><script id="smb-vuln-ms10-061" output="SMB: Couldn&apos;t find a NetBIOS name that works for the server. Sorry!">false</script></hostscript><times srtt="183869" rttvar="183869" to="919345"/>
+</host>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<taskbegin task="NSE" time="1677582390"/>
+<taskend task="NSE" time="1677582390"/>
+<runstats><finished time="1677582390" timestr="Tue Feb 28 12:06:30 2023" summary="Nmap done at Tue Feb 28 12:06:30 2023; 1 IP address (1 host up) scanned in 49.07 seconds" elapsed="49.07" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt

@@ -0,0 +1,98 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 1433 "--script=banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=mssql.instance-port=1433,mssql.username=sa,mssql.password=sa -oN /home/simon/htb/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.24s latency).
+Scanned at 2023-02-28 12:05:45 CET for 43s
+
+PORT     STATE SERVICE  REASON          VERSION
+1433/tcp open  ms-sql-s syn-ack ttl 127 Microsoft SQL Server 2019 15.00.2000.00; RTM
+|_ms-sql-hasdbaccess: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)
+|_ssl-date: 2023-02-28T19:05:59+00:00; +7h59m55s from scanner time.
+|_ms-sql-tables: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-config: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-dac: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-empty-password: ERROR: Script execution failed (use -d to debug)
+| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
+| Issuer: commonName=SSL_Self_Signed_Fallback
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2023-02-28T04:28:02
+| Not valid after:  2053-02-28T04:28:02
+| MD5:   015ca460f1ffd07cb7e668baa3858ef2
+| SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4
+| -----BEGIN CERTIFICATE-----
+| MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7
+| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
+| bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx
+| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
+| AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI
+| bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94
+| XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2
+| Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0
+| ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq
+| Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa
+| zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL
+| M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN
+| ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh
+| xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB
+| 1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc
+| nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf
+| foL8PQ==
+|_-----END CERTIFICATE-----
+| ssl-enum-ciphers: 
+|   TLSv1.0: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.1: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.2: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
+|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
+|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|_  least strength: C
+|_ms-sql-query: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-xp-cmdshell: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-dump-hashes: ERROR: Script execution failed (use -d to debug)
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:28 2023 -- 1 IP address (1 host up) scanned in 46.39 seconds

HTB/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml

@@ -0,0 +1,224 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 1433 &quot;-&#45;script=banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -&#45;script-args=mssql.instance-port=1433,mssql.username=sa,mssql.password=sa -oN /home/simon/htb/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 1433 &quot;-&#45;script=banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -&#45;script-args=mssql.instance-port=1433,mssql.username=sa,mssql.password=sa -oN /home/simon/htb/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="1433"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582346" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582346"/>
+<taskend task="Service scan" time="1677582352" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582352"/>
+<taskend task="NSE" time="1677582363"/>
+<taskbegin task="NSE" time="1677582363"/>
+<taskend task="NSE" time="1677582385"/>
+<taskbegin task="NSE" time="1677582385"/>
+<taskend task="NSE" time="1677582388"/>
+<host starttime="1677582345" endtime="1677582388"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ms-sql-s" product="Microsoft SQL Server 2019" version="15.00.2000.00; RTM" method="probed" conf="10"><cpe>cpe:/a:microsoft:sql_server:2019</cpe></service><script id="ms-sql-hasdbaccess" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-ntlm-info" output="ERROR: Script execution failed (use -d to debug)"/><script id="ssl-date" output="2023-02-28T19:05:59+00:00; +7h59m55s from scanner time."><elem key="delta">28795.0</elem>
+<elem key="date">2023-02-28T19:05:59+00:00</elem>
+</script><script id="ms-sql-tables" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-config" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-info" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-dac" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-empty-password" output="ERROR: Script execution failed (use -d to debug)"/><script id="ssl-cert" output="Subject: commonName=SSL_Self_Signed_Fallback&#xa;Issuer: commonName=SSL_Self_Signed_Fallback&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2023-02-28T04:28:02&#xa;Not valid after:  2053-02-28T04:28:02&#xa;MD5:   015ca460f1ffd07cb7e668baa3858ef2&#xa;SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7&#xa;MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA&#xa;bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx&#xa;OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs&#xa;AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI&#xa;bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94&#xa;XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2&#xa;Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0&#xa;ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq&#xa;Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa&#xa;zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL&#xa;M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN&#xa;ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh&#xa;xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB&#xa;1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc&#xa;nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf&#xa;foL8PQ==&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">\x00S\x00S\x00L\x00_\x00S\x00e\x00l\x00f\x00_\x00S\x00i\x00g\x00n\x00e\x00d\x00_\x00F\x00a\x00l\x00l\x00b\x00a\x00c\x00k</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">\x00S\x00S\x00L\x00_\x00S\x00e\x00l\x00f\x00_\x00S\x00i\x00g\x00n\x00e\x00d\x00_\x00F\x00a\x00l\x00l\x00b\x00a\x00c\x00k</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">C1107140C86C83C9C828E256992C82696364F7CA130FD67697AE7F7C032875299DC6EF136508C25716CD8C91492B1213E85AA71F785F320F31166B1EA9B4C00F6A7621C82541C841ACF7F03610C0E6E6C170D971717E138738F14B2AE226A1FB528DEA6C7647376AC75D0877A1182F5401DC8C1B6359E2E89A08644B3CEAF070B40FB7E8DCC106FFCDA83959B7A5040BB4B9B08A347ED0403E008346F853267B02044E179E376889695A8C9A693D907E7B5CC53B1D9B0568F4C6333B47EF90D1F33D38D92A333D1598A0AEA815C247B0A71F66DD8DC384B2EFC5CC3B8B53DFA7F3F5E34EB2C9440BAAC466475692B2BAA7F698B65ACC71EEB822010A5271B95D</elem>
+<elem key="exponent">65537</elem>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2023-02-28T04:28:02</elem>
+<elem key="notAfter">2053-02-28T04:28:02</elem>
+</table>
+<elem key="md5">015ca460f1ffd07cb7e668baa3858ef2</elem>
+<elem key="sha1">e5402a47a83d13f0a50e8e0fbded72e7b51f17d4</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7&#xa;MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA&#xa;bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx&#xa;OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs&#xa;AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI&#xa;bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94&#xa;XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2&#xa;Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0&#xa;ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq&#xa;Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa&#xa;zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL&#xa;M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN&#xa;ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh&#xa;xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB&#xa;1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc&#xa;nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf&#xa;foL8PQ==&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ssl-enum-ciphers" output="&#xa;  TLSv1.0: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  TLSv1.1: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  TLSv1.2: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A&#xa;      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A&#xa;      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  least strength: C"><table key="TLSv1.0">
+<table key="ciphers">
+<table>
+<elem key="kex_info">secp384r1</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">ecdh_x25519</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">C</elem>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<table key="TLSv1.1">
+<table key="ciphers">
+<table>
+<elem key="kex_info">secp384r1</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">ecdh_x25519</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">C</elem>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<table key="TLSv1.2">
+<table key="ciphers">
+<table>
+<elem key="kex_info">secp384r1</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</elem>
+</table>
+<table>
+<elem key="kex_info">ecdh_x25519</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</elem>
+</table>
+<table>
+<elem key="kex_info">dh 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</elem>
+</table>
+<table>
+<elem key="kex_info">dh 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</elem>
+</table>
+<table>
+<elem key="kex_info">secp384r1</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</elem>
+</table>
+<table>
+<elem key="kex_info">ecdh_x25519</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</elem>
+</table>
+<table>
+<elem key="kex_info">secp384r1</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">ecdh_x25519</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_GCM_SHA384</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_GCM_SHA256</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA256</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA256</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+</table>
+<table>
+<elem key="kex_info">rsa 2048</elem>
+<elem key="strength">C</elem>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<elem key="least strength">C</elem>
+</script><script id="ms-sql-query" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-xp-cmdshell" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-dump-hashes" output="ERROR: Script execution failed (use -d to debug)"/></port>
+</ports>
+<times srtt="237002" rttvar="237002" to="1185010"/>
+</host>
+<taskbegin task="NSE" time="1677582388"/>
+<taskend task="NSE" time="1677582388"/>
+<taskbegin task="NSE" time="1677582388"/>
+<taskend task="NSE" time="1677582388"/>
+<taskbegin task="NSE" time="1677582388"/>
+<taskend task="NSE" time="1677582388"/>
+<runstats><finished time="1677582388" timestr="Tue Feb 28 12:06:28 2023" summary="Nmap done at Tue Feb 28 12:06:28 2023; 1 IP address (1 host up) scanned in 46.39 seconds" elapsed="46.39" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt

@@ -0,0 +1,200 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 3268 "--script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.13s latency).
+Scanned at 2023-02-28 12:05:45 CET for 39s
+
+PORT     STATE SERVICE REASON          VERSION
+3268/tcp open  ldap    syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb, Site: Default-First-Site-Name)
+| ssl-enum-ciphers: 
+|   TLSv1.0: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.1: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.2: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
+|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
+|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|_  least strength: C
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T19:06:00+00:00; +7h59m55s from scanner time.
+| ldap-rootdse: 
+| LDAP Results
+|   <ROOT>
+|       domainFunctionality: 7
+|       forestFunctionality: 7
+|       domainControllerFunctionality: 7
+|       rootDomainNamingContext: DC=sequel,DC=htb
+|       ldapServiceName: sequel.htb:dc$@SEQUEL.HTB
+|       isGlobalCatalogReady: TRUE
+|       supportedSASLMechanisms: GSSAPI
+|       supportedSASLMechanisms: GSS-SPNEGO
+|       supportedSASLMechanisms: EXTERNAL
+|       supportedSASLMechanisms: DIGEST-MD5
+|       supportedLDAPVersion: 3
+|       supportedLDAPVersion: 2
+|       supportedLDAPPolicies: MaxPoolThreads
+|       supportedLDAPPolicies: MaxPercentDirSyncRequests
+|       supportedLDAPPolicies: MaxDatagramRecv
+|       supportedLDAPPolicies: MaxReceiveBuffer
+|       supportedLDAPPolicies: InitRecvTimeout
+|       supportedLDAPPolicies: MaxConnections
+|       supportedLDAPPolicies: MaxConnIdleTime
+|       supportedLDAPPolicies: MaxPageSize
+|       supportedLDAPPolicies: MaxBatchReturnMessages
+|       supportedLDAPPolicies: MaxQueryDuration
+|       supportedLDAPPolicies: MaxDirSyncDuration
+|       supportedLDAPPolicies: MaxTempTableSize
+|       supportedLDAPPolicies: MaxResultSetSize
+|       supportedLDAPPolicies: MinResultSets
+|       supportedLDAPPolicies: MaxResultSetsPerConn
+|       supportedLDAPPolicies: MaxNotificationPerConn
+|       supportedLDAPPolicies: MaxValRange
+|       supportedLDAPPolicies: MaxValRangeTransitive
+|       supportedLDAPPolicies: ThreadMemoryLimit
+|       supportedLDAPPolicies: SystemMemoryLimitPercent
+|       supportedControl: 1.2.840.113556.1.4.319
+|       supportedControl: 1.2.840.113556.1.4.801
+|       supportedControl: 1.2.840.113556.1.4.473
+|       supportedControl: 1.2.840.113556.1.4.528
+|       supportedControl: 1.2.840.113556.1.4.417
+|       supportedControl: 1.2.840.113556.1.4.619
+|       supportedControl: 1.2.840.113556.1.4.841
+|       supportedControl: 1.2.840.113556.1.4.529
+|       supportedControl: 1.2.840.113556.1.4.805
+|       supportedControl: 1.2.840.113556.1.4.521
+|       supportedControl: 1.2.840.113556.1.4.970
+|       supportedControl: 1.2.840.113556.1.4.1338
+|       supportedControl: 1.2.840.113556.1.4.474
+|       supportedControl: 1.2.840.113556.1.4.1339
+|       supportedControl: 1.2.840.113556.1.4.1340
+|       supportedControl: 1.2.840.113556.1.4.1413
+|       supportedControl: 2.16.840.1.113730.3.4.9
+|       supportedControl: 2.16.840.1.113730.3.4.10
+|       supportedControl: 1.2.840.113556.1.4.1504
+|       supportedControl: 1.2.840.113556.1.4.1852
+|       supportedControl: 1.2.840.113556.1.4.802
+|       supportedControl: 1.2.840.113556.1.4.1907
+|       supportedControl: 1.2.840.113556.1.4.1948
+|       supportedControl: 1.2.840.113556.1.4.1974
+|       supportedControl: 1.2.840.113556.1.4.1341
+|       supportedControl: 1.2.840.113556.1.4.2026
+|       supportedControl: 1.2.840.113556.1.4.2064
+|       supportedControl: 1.2.840.113556.1.4.2065
+|       supportedControl: 1.2.840.113556.1.4.2066
+|       supportedControl: 1.2.840.113556.1.4.2090
+|       supportedControl: 1.2.840.113556.1.4.2205
+|       supportedControl: 1.2.840.113556.1.4.2204
+|       supportedControl: 1.2.840.113556.1.4.2206
+|       supportedControl: 1.2.840.113556.1.4.2211
+|       supportedControl: 1.2.840.113556.1.4.2239
+|       supportedControl: 1.2.840.113556.1.4.2255
+|       supportedControl: 1.2.840.113556.1.4.2256
+|       supportedControl: 1.2.840.113556.1.4.2309
+|       supportedControl: 1.2.840.113556.1.4.2330
+|       supportedControl: 1.2.840.113556.1.4.2354
+|       supportedCapabilities: 1.2.840.113556.1.4.800
+|       supportedCapabilities: 1.2.840.113556.1.4.1670
+|       supportedCapabilities: 1.2.840.113556.1.4.1791
+|       supportedCapabilities: 1.2.840.113556.1.4.1935
+|       supportedCapabilities: 1.2.840.113556.1.4.2080
+|       supportedCapabilities: 1.2.840.113556.1.4.2237
+|       subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       serverName: CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       schemaNamingContext: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=sequel,DC=htb
+|       namingContexts: CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=DomainDnsZones,DC=sequel,DC=htb
+|       namingContexts: DC=ForestDnsZones,DC=sequel,DC=htb
+|       isSynchronized: TRUE
+|       highestCommittedUSN: 168159
+|       dsServiceName: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       dnsHostName: dc.sequel.htb
+|       defaultNamingContext: DC=sequel,DC=htb
+|       currentTime: 20230228190547.0Z
+|_      configurationNamingContext: CN=Configuration,DC=sequel,DC=htb
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:24 2023 -- 1 IP address (1 host up) scanned in 43.00 seconds

HTB/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml

@@ -0,0 +1,262 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 3268 &quot;-&#45;script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 3268 &quot;-&#45;script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="3268"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582346"/>
+<taskend task="Service scan" time="1677582352" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582352"/>
+<taskend task="NSE" time="1677582363"/>
+<taskbegin task="NSE" time="1677582363"/>
+<taskend task="NSE" time="1677582382"/>
+<taskbegin task="NSE" time="1677582382"/>
+<taskend task="NSE" time="1677582384"/>
+<host starttime="1677582345" endtime="1677582384"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="3268"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb, Site: Default-First-Site-Name" hostname="DC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-enum-ciphers" output="&#xa;  TLSv1.0: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  TLSv1.1: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  TLSv1.2: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A&#xa;      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A&#xa;      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  least strength: C"><table key="TLSv1.0">
+<table key="ciphers">
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+<elem key="strength">C</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<table key="TLSv1.1">
+<table key="ciphers">
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+<elem key="strength">C</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<table key="TLSv1.2">
+<table key="ciphers">
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="name">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">dh 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">dh 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_256_GCM_SHA384</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_128_GCM_SHA256</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA256</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA256</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="strength">A</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+<elem key="strength">C</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<elem key="least strength">C</elem>
+</script><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ssl-date" output="2023-02-28T19:06:00+00:00; +7h59m55s from scanner time."><elem key="delta">28795.0</elem>
+<elem key="date">2023-02-28T19:06:00+00:00</elem>
+</script><script id="ldap-rootdse" output="&#xa;LDAP Results&#xa;  &lt;ROOT&gt;&#xa;      domainFunctionality: 7&#xa;      forestFunctionality: 7&#xa;      domainControllerFunctionality: 7&#xa;      rootDomainNamingContext: DC=sequel,DC=htb&#xa;      ldapServiceName: sequel.htb:dc$@SEQUEL.HTB&#xa;      isGlobalCatalogReady: TRUE&#xa;      supportedSASLMechanisms: GSSAPI&#xa;      supportedSASLMechanisms: GSS-SPNEGO&#xa;      supportedSASLMechanisms: EXTERNAL&#xa;      supportedSASLMechanisms: DIGEST-MD5&#xa;      supportedLDAPVersion: 3&#xa;      supportedLDAPVersion: 2&#xa;      supportedLDAPPolicies: MaxPoolThreads&#xa;      supportedLDAPPolicies: MaxPercentDirSyncRequests&#xa;      supportedLDAPPolicies: MaxDatagramRecv&#xa;      supportedLDAPPolicies: MaxReceiveBuffer&#xa;      supportedLDAPPolicies: InitRecvTimeout&#xa;      supportedLDAPPolicies: MaxConnections&#xa;      supportedLDAPPolicies: MaxConnIdleTime&#xa;      supportedLDAPPolicies: MaxPageSize&#xa;      supportedLDAPPolicies: MaxBatchReturnMessages&#xa;      supportedLDAPPolicies: MaxQueryDuration&#xa;      supportedLDAPPolicies: MaxDirSyncDuration&#xa;      supportedLDAPPolicies: MaxTempTableSize&#xa;      supportedLDAPPolicies: MaxResultSetSize&#xa;      supportedLDAPPolicies: MinResultSets&#xa;      supportedLDAPPolicies: MaxResultSetsPerConn&#xa;      supportedLDAPPolicies: MaxNotificationPerConn&#xa;      supportedLDAPPolicies: MaxValRange&#xa;      supportedLDAPPolicies: MaxValRangeTransitive&#xa;      supportedLDAPPolicies: ThreadMemoryLimit&#xa;      supportedLDAPPolicies: SystemMemoryLimitPercent&#xa;      supportedControl: 1.2.840.113556.1.4.319&#xa;      supportedControl: 1.2.840.113556.1.4.801&#xa;      supportedControl: 1.2.840.113556.1.4.473&#xa;      supportedControl: 1.2.840.113556.1.4.528&#xa;      supportedControl: 1.2.840.113556.1.4.417&#xa;      supportedControl: 1.2.840.113556.1.4.619&#xa;      supportedControl: 1.2.840.113556.1.4.841&#xa;      supportedControl: 1.2.840.113556.1.4.529&#xa;      supportedControl: 1.2.840.113556.1.4.805&#xa;      supportedControl: 1.2.840.113556.1.4.521&#xa;      supportedControl: 1.2.840.113556.1.4.970&#xa;      supportedControl: 1.2.840.113556.1.4.1338&#xa;      supportedControl: 1.2.840.113556.1.4.474&#xa;      supportedControl: 1.2.840.113556.1.4.1339&#xa;      supportedControl: 1.2.840.113556.1.4.1340&#xa;      supportedControl: 1.2.840.113556.1.4.1413&#xa;      supportedControl: 2.16.840.1.113730.3.4.9&#xa;      supportedControl: 2.16.840.1.113730.3.4.10&#xa;      supportedControl: 1.2.840.113556.1.4.1504&#xa;      supportedControl: 1.2.840.113556.1.4.1852&#xa;      supportedControl: 1.2.840.113556.1.4.802&#xa;      supportedControl: 1.2.840.113556.1.4.1907&#xa;      supportedControl: 1.2.840.113556.1.4.1948&#xa;      supportedControl: 1.2.840.113556.1.4.1974&#xa;      supportedControl: 1.2.840.113556.1.4.1341&#xa;      supportedControl: 1.2.840.113556.1.4.2026&#xa;      supportedControl: 1.2.840.113556.1.4.2064&#xa;      supportedControl: 1.2.840.113556.1.4.2065&#xa;      supportedControl: 1.2.840.113556.1.4.2066&#xa;      supportedControl: 1.2.840.113556.1.4.2090&#xa;      supportedControl: 1.2.840.113556.1.4.2205&#xa;      supportedControl: 1.2.840.113556.1.4.2204&#xa;      supportedControl: 1.2.840.113556.1.4.2206&#xa;      supportedControl: 1.2.840.113556.1.4.2211&#xa;      supportedControl: 1.2.840.113556.1.4.2239&#xa;      supportedControl: 1.2.840.113556.1.4.2255&#xa;      supportedControl: 1.2.840.113556.1.4.2256&#xa;      supportedControl: 1.2.840.113556.1.4.2309&#xa;      supportedControl: 1.2.840.113556.1.4.2330&#xa;      supportedControl: 1.2.840.113556.1.4.2354&#xa;      supportedCapabilities: 1.2.840.113556.1.4.800&#xa;      supportedCapabilities: 1.2.840.113556.1.4.1670&#xa;      supportedCapabilities: 1.2.840.113556.1.4.1791&#xa;      supportedCapabilities: 1.2.840.113556.1.4.1935&#xa;      supportedCapabilities: 1.2.840.113556.1.4.2080&#xa;      supportedCapabilities: 1.2.840.113556.1.4.2237&#xa;      subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=sequel,DC=htb&#xa;      serverName: CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb&#xa;      schemaNamingContext: CN=Schema,CN=Configuration,DC=sequel,DC=htb&#xa;      namingContexts: DC=sequel,DC=htb&#xa;      namingContexts: CN=Configuration,DC=sequel,DC=htb&#xa;      namingContexts: CN=Schema,CN=Configuration,DC=sequel,DC=htb&#xa;      namingContexts: DC=DomainDnsZones,DC=sequel,DC=htb&#xa;      namingContexts: DC=ForestDnsZones,DC=sequel,DC=htb&#xa;      isSynchronized: TRUE&#xa;      highestCommittedUSN: 168159&#xa;      dsServiceName: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb&#xa;      dnsHostName: dc.sequel.htb&#xa;      defaultNamingContext: DC=sequel,DC=htb&#xa;      currentTime: 20230228190547.0Z&#xa;      configurationNamingContext: CN=Configuration,DC=sequel,DC=htb&#xa;"/></port>
+</ports>
+<times srtt="132572" rttvar="132572" to="662860"/>
+</host>
+<taskbegin task="NSE" time="1677582384"/>
+<taskend task="NSE" time="1677582384"/>
+<taskbegin task="NSE" time="1677582384"/>
+<taskend task="NSE" time="1677582384"/>
+<taskbegin task="NSE" time="1677582384"/>
+<taskend task="NSE" time="1677582384"/>
+<runstats><finished time="1677582384" timestr="Tue Feb 28 12:06:24 2023" summary="Nmap done at Tue Feb 28 12:06:24 2023; 1 IP address (1 host up) scanned in 43.00 seconds" elapsed="43.00" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_nmap.txt

@@ -0,0 +1,200 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 3269 "--script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp3269/xml/tcp_3269_ldap_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.22s latency).
+Scanned at 2023-02-28 12:05:45 CET for 91s
+
+PORT     STATE SERVICE  REASON          VERSION
+3269/tcp open  ssl/ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb, Site: Default-First-Site-Name)
+| ssl-enum-ciphers: 
+|   TLSv1.0: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.1: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.2: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
+|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
+|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|_  least strength: C
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+| ldap-rootdse: 
+| LDAP Results
+|   <ROOT>
+|       domainFunctionality: 7
+|       forestFunctionality: 7
+|       domainControllerFunctionality: 7
+|       rootDomainNamingContext: DC=sequel,DC=htb
+|       ldapServiceName: sequel.htb:dc$@SEQUEL.HTB
+|       isGlobalCatalogReady: TRUE
+|       supportedSASLMechanisms: GSSAPI
+|       supportedSASLMechanisms: GSS-SPNEGO
+|       supportedSASLMechanisms: EXTERNAL
+|       supportedSASLMechanisms: DIGEST-MD5
+|       supportedLDAPVersion: 3
+|       supportedLDAPVersion: 2
+|       supportedLDAPPolicies: MaxPoolThreads
+|       supportedLDAPPolicies: MaxPercentDirSyncRequests
+|       supportedLDAPPolicies: MaxDatagramRecv
+|       supportedLDAPPolicies: MaxReceiveBuffer
+|       supportedLDAPPolicies: InitRecvTimeout
+|       supportedLDAPPolicies: MaxConnections
+|       supportedLDAPPolicies: MaxConnIdleTime
+|       supportedLDAPPolicies: MaxPageSize
+|       supportedLDAPPolicies: MaxBatchReturnMessages
+|       supportedLDAPPolicies: MaxQueryDuration
+|       supportedLDAPPolicies: MaxDirSyncDuration
+|       supportedLDAPPolicies: MaxTempTableSize
+|       supportedLDAPPolicies: MaxResultSetSize
+|       supportedLDAPPolicies: MinResultSets
+|       supportedLDAPPolicies: MaxResultSetsPerConn
+|       supportedLDAPPolicies: MaxNotificationPerConn
+|       supportedLDAPPolicies: MaxValRange
+|       supportedLDAPPolicies: MaxValRangeTransitive
+|       supportedLDAPPolicies: ThreadMemoryLimit
+|       supportedLDAPPolicies: SystemMemoryLimitPercent
+|       supportedControl: 1.2.840.113556.1.4.319
+|       supportedControl: 1.2.840.113556.1.4.801
+|       supportedControl: 1.2.840.113556.1.4.473
+|       supportedControl: 1.2.840.113556.1.4.528
+|       supportedControl: 1.2.840.113556.1.4.417
+|       supportedControl: 1.2.840.113556.1.4.619
+|       supportedControl: 1.2.840.113556.1.4.841
+|       supportedControl: 1.2.840.113556.1.4.529
+|       supportedControl: 1.2.840.113556.1.4.805
+|       supportedControl: 1.2.840.113556.1.4.521
+|       supportedControl: 1.2.840.113556.1.4.970
+|       supportedControl: 1.2.840.113556.1.4.1338
+|       supportedControl: 1.2.840.113556.1.4.474
+|       supportedControl: 1.2.840.113556.1.4.1339
+|       supportedControl: 1.2.840.113556.1.4.1340
+|       supportedControl: 1.2.840.113556.1.4.1413
+|       supportedControl: 2.16.840.1.113730.3.4.9
+|       supportedControl: 2.16.840.1.113730.3.4.10
+|       supportedControl: 1.2.840.113556.1.4.1504
+|       supportedControl: 1.2.840.113556.1.4.1852
+|       supportedControl: 1.2.840.113556.1.4.802
+|       supportedControl: 1.2.840.113556.1.4.1907
+|       supportedControl: 1.2.840.113556.1.4.1948
+|       supportedControl: 1.2.840.113556.1.4.1974
+|       supportedControl: 1.2.840.113556.1.4.1341
+|       supportedControl: 1.2.840.113556.1.4.2026
+|       supportedControl: 1.2.840.113556.1.4.2064
+|       supportedControl: 1.2.840.113556.1.4.2065
+|       supportedControl: 1.2.840.113556.1.4.2066
+|       supportedControl: 1.2.840.113556.1.4.2090
+|       supportedControl: 1.2.840.113556.1.4.2205
+|       supportedControl: 1.2.840.113556.1.4.2204
+|       supportedControl: 1.2.840.113556.1.4.2206
+|       supportedControl: 1.2.840.113556.1.4.2211
+|       supportedControl: 1.2.840.113556.1.4.2239
+|       supportedControl: 1.2.840.113556.1.4.2255
+|       supportedControl: 1.2.840.113556.1.4.2256
+|       supportedControl: 1.2.840.113556.1.4.2309
+|       supportedControl: 1.2.840.113556.1.4.2330
+|       supportedControl: 1.2.840.113556.1.4.2354
+|       supportedCapabilities: 1.2.840.113556.1.4.800
+|       supportedCapabilities: 1.2.840.113556.1.4.1670
+|       supportedCapabilities: 1.2.840.113556.1.4.1791
+|       supportedCapabilities: 1.2.840.113556.1.4.1935
+|       supportedCapabilities: 1.2.840.113556.1.4.2080
+|       supportedCapabilities: 1.2.840.113556.1.4.2237
+|       subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       serverName: CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       schemaNamingContext: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=sequel,DC=htb
+|       namingContexts: CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=DomainDnsZones,DC=sequel,DC=htb
+|       namingContexts: DC=ForestDnsZones,DC=sequel,DC=htb
+|       isSynchronized: TRUE
+|       highestCommittedUSN: 168159
+|       dsServiceName: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       dnsHostName: dc.sequel.htb
+|       defaultNamingContext: DC=sequel,DC=htb
+|       currentTime: 20230228190630.0Z
+|_      configurationNamingContext: CN=Configuration,DC=sequel,DC=htb
+|_ssl-date: 2023-02-28T19:06:50+00:00; +7h59m55s from scanner time.
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:07:16 2023 -- 1 IP address (1 host up) scanned in 94.58 seconds

HTB/escape/results/escape.htb/scans/tcp3269/tcp_3269_sslscan.html

@@ -0,0 +1,165 @@
+Version: 2.0.15-static
+OpenSSL 1.1.1q-dev  xx XXX xxxx
+
+Connected to 10.129.184.130
+
+Testing SSL server escape.htb on port 3269 using SNI name escape.htb
+
+  SSL/TLS Protocols:
+SSLv2     disabled
+SSLv3     disabled
+TLSv1.0   enabled
+TLSv1.1   enabled
+TLSv1.2   enabled
+TLSv1.3   disabled
+
+  TLS Fallback SCSV:
+Server does not support TLS Fallback SCSV
+
+  TLS renegotiation:
+Secure session renegotiation supported
+
+  TLS Compression:
+Compression disabled
+
+  Heartbleed:
+TLSv1.2 not vulnerable to heartbleed
+TLSv1.1 not vulnerable to heartbleed
+TLSv1.0 not vulnerable to heartbleed
+
+  Supported Server Cipher(s):
+Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-384 DHE 384
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 253
+Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
+Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
+Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-384 DHE 384
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve 25519 DHE 253
+Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-384 DHE 384
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
+Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
+Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
+Accepted  TLSv1.2  256 bits  AES256-SHA256
+Accepted  TLSv1.2  128 bits  AES128-SHA256
+Accepted  TLSv1.2  256 bits  AES256-SHA
+Accepted  TLSv1.2  128 bits  AES128-SHA
+Accepted  TLSv1.2  112 bits  DES-CBC3-SHA
+Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-384 DHE 384
+Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
+Accepted  TLSv1.1  256 bits  AES256-SHA
+Accepted  TLSv1.1  128 bits  AES128-SHA
+Accepted  TLSv1.1  112 bits  DES-CBC3-SHA
+Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-384 DHE 384
+Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
+Accepted  TLSv1.0  256 bits  AES256-SHA
+Accepted  TLSv1.0  128 bits  AES128-SHA
+Accepted  TLSv1.0  112 bits  DES-CBC3-SHA
+
+  Server Key Exchange Group(s):
+TLSv1.2  128 bits  secp256r1 (NIST P-256)
+TLSv1.2  192 bits  secp384r1 (NIST P-384)
+TLSv1.2  128 bits  x25519
+
+  SSL Certificate:
+    Certificate blob:
+-----BEGIN CERTIFICATE-----
+MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+-----END CERTIFICATE-----
+    Version: 2
+    Serial Number: 1e:00:00:00:04:90:52:7b:fc:91:38:74:2f:00:00:00:00:00:04
+    Signature Algorithm: sha256WithRSAEncryption
+    Issuer: /DC=htb/DC=sequel/CN=sequel-DC-CA
+    Not valid before: Nov 18 21:20:35 2022 GMT
+    Not valid after: Nov 18 21:20:35 2023 GMT
+    Subject: /CN=dc.sequel.htb
+    Public Key Algorithm: NULL
+    RSA Public Key: (2048 bit)
+      RSA Public-Key: (2048 bit)
+      Modulus:
+          00:a6:92:78:aa:2e:fe:07:2f:e4:d9:88:f2:d4:9f:
+          37:64:9d:73:fe:ca:4e:ef:85:bd:b5:46:70:3d:f8:
+          2f:98:38:f4:28:17:f8:15:1d:c8:37:d1:ad:2e:08:
+          d5:5f:a0:87:c1:3b:5e:cf:c9:1d:97:6b:5c:e7:c1:
+          c1:f2:8f:41:e2:6c:9a:2a:3c:e1:2a:64:57:d7:47:
+          98:69:27:b4:89:c4:f9:7d:95:28:2c:3c:42:53:3e:
+          28:bb:f7:db:b4:cd:c0:52:d3:c4:5c:a0:68:92:e0:
+          67:8b:ec:7c:c0:cd:97:a5:45:d1:ce:75:d6:3c:bd:
+          f0:a9:01:6c:07:dd:69:32:e6:f5:67:3f:ca:99:ec:
+          b7:11:98:31:4f:8d:cf:74:f6:38:09:92:70:0e:fa:
+          48:51:e5:e0:db:dd:c7:1b:5a:ff:c8:ca:97:df:50:
+          19:e1:e3:cb:78:d6:03:a5:8c:e8:7c:a8:38:0b:92:
+          bf:da:66:8d:fb:04:d3:67:5b:7a:01:18:aa:01:60:
+          50:af:11:51:4c:7e:af:4c:ea:13:e8:d1:7e:e8:7c:
+          40:2d:71:71:c5:6c:3f:ec:ea:df:27:85:a5:e5:8e:
+          6e:8b:51:f9:bd:64:b5:7a:b9:d5:3c:4f:7c:6a:22:
+          63:7b:70:79:99:3b:0f:73:3c:3b:a0:a0:45:11:db:
+          33:45
+      Exponent: 65537 (0x10001)
+    X509v3 Extensions:
+      1.3.6.1.4.1.311.20.2:
+        . .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
+      X509v3 Extended Key Usage:
+        TLS Web Client Authentication, TLS Web Server Authentication
+      X509v3 Key Usage: critical
+        Digital Signature, Key Encipherment
+      S/MIME Capabilities:
+        0i0...*.H..
+......0...*.H..
+......0...`.H.e...*0...`.H.e...-0...`.H.e....0...`.H.e....0...+....0
+..*.H..
+..
+      X509v3 Subject Key Identifier:
+        22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87
+      X509v3 Authority Key Identifier:
+        keyid:62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15
+
+      X509v3 CRL Distribution Points:
+
+        Full Name:
+          URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint
+
+      Authority Information Access:
+        CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority
+
+      X509v3 Subject Alternative Name:
+        othername:<unsupported>, DNS:dc.sequel.htb
+  Verify Certificate:
+    unable to get local issuer certificate
+
+  SSL Certificate:
+Signature Algorithm: sha256WithRSAEncryption
+RSA Key Strength:    2048
+
+Subject:  dc.sequel.htb
+Altnames: othername:<unsupported>, DNS:dc.sequel.htb
+Issuer:   sequel-DC-CA
+

HTB/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_nmap.txt

@@ -0,0 +1,200 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 389 "--script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp389/xml/tcp_389_ldap_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.23s latency).
+Scanned at 2023-02-28 12:05:45 CET for 40s
+
+PORT    STATE SERVICE REASON          VERSION
+389/tcp open  ldap    syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb, Site: Default-First-Site-Name)
+| ldap-rootdse: 
+| LDAP Results
+|   <ROOT>
+|       domainFunctionality: 7
+|       forestFunctionality: 7
+|       domainControllerFunctionality: 7
+|       rootDomainNamingContext: DC=sequel,DC=htb
+|       ldapServiceName: sequel.htb:dc$@SEQUEL.HTB
+|       isGlobalCatalogReady: TRUE
+|       supportedSASLMechanisms: GSSAPI
+|       supportedSASLMechanisms: GSS-SPNEGO
+|       supportedSASLMechanisms: EXTERNAL
+|       supportedSASLMechanisms: DIGEST-MD5
+|       supportedLDAPVersion: 3
+|       supportedLDAPVersion: 2
+|       supportedLDAPPolicies: MaxPoolThreads
+|       supportedLDAPPolicies: MaxPercentDirSyncRequests
+|       supportedLDAPPolicies: MaxDatagramRecv
+|       supportedLDAPPolicies: MaxReceiveBuffer
+|       supportedLDAPPolicies: InitRecvTimeout
+|       supportedLDAPPolicies: MaxConnections
+|       supportedLDAPPolicies: MaxConnIdleTime
+|       supportedLDAPPolicies: MaxPageSize
+|       supportedLDAPPolicies: MaxBatchReturnMessages
+|       supportedLDAPPolicies: MaxQueryDuration
+|       supportedLDAPPolicies: MaxDirSyncDuration
+|       supportedLDAPPolicies: MaxTempTableSize
+|       supportedLDAPPolicies: MaxResultSetSize
+|       supportedLDAPPolicies: MinResultSets
+|       supportedLDAPPolicies: MaxResultSetsPerConn
+|       supportedLDAPPolicies: MaxNotificationPerConn
+|       supportedLDAPPolicies: MaxValRange
+|       supportedLDAPPolicies: MaxValRangeTransitive
+|       supportedLDAPPolicies: ThreadMemoryLimit
+|       supportedLDAPPolicies: SystemMemoryLimitPercent
+|       supportedControl: 1.2.840.113556.1.4.319
+|       supportedControl: 1.2.840.113556.1.4.801
+|       supportedControl: 1.2.840.113556.1.4.473
+|       supportedControl: 1.2.840.113556.1.4.528
+|       supportedControl: 1.2.840.113556.1.4.417
+|       supportedControl: 1.2.840.113556.1.4.619
+|       supportedControl: 1.2.840.113556.1.4.841
+|       supportedControl: 1.2.840.113556.1.4.529
+|       supportedControl: 1.2.840.113556.1.4.805
+|       supportedControl: 1.2.840.113556.1.4.521
+|       supportedControl: 1.2.840.113556.1.4.970
+|       supportedControl: 1.2.840.113556.1.4.1338
+|       supportedControl: 1.2.840.113556.1.4.474
+|       supportedControl: 1.2.840.113556.1.4.1339
+|       supportedControl: 1.2.840.113556.1.4.1340
+|       supportedControl: 1.2.840.113556.1.4.1413
+|       supportedControl: 2.16.840.1.113730.3.4.9
+|       supportedControl: 2.16.840.1.113730.3.4.10
+|       supportedControl: 1.2.840.113556.1.4.1504
+|       supportedControl: 1.2.840.113556.1.4.1852
+|       supportedControl: 1.2.840.113556.1.4.802
+|       supportedControl: 1.2.840.113556.1.4.1907
+|       supportedControl: 1.2.840.113556.1.4.1948
+|       supportedControl: 1.2.840.113556.1.4.1974
+|       supportedControl: 1.2.840.113556.1.4.1341
+|       supportedControl: 1.2.840.113556.1.4.2026
+|       supportedControl: 1.2.840.113556.1.4.2064
+|       supportedControl: 1.2.840.113556.1.4.2065
+|       supportedControl: 1.2.840.113556.1.4.2066
+|       supportedControl: 1.2.840.113556.1.4.2090
+|       supportedControl: 1.2.840.113556.1.4.2205
+|       supportedControl: 1.2.840.113556.1.4.2204
+|       supportedControl: 1.2.840.113556.1.4.2206
+|       supportedControl: 1.2.840.113556.1.4.2211
+|       supportedControl: 1.2.840.113556.1.4.2239
+|       supportedControl: 1.2.840.113556.1.4.2255
+|       supportedControl: 1.2.840.113556.1.4.2256
+|       supportedControl: 1.2.840.113556.1.4.2309
+|       supportedControl: 1.2.840.113556.1.4.2330
+|       supportedControl: 1.2.840.113556.1.4.2354
+|       supportedCapabilities: 1.2.840.113556.1.4.800
+|       supportedCapabilities: 1.2.840.113556.1.4.1670
+|       supportedCapabilities: 1.2.840.113556.1.4.1791
+|       supportedCapabilities: 1.2.840.113556.1.4.1935
+|       supportedCapabilities: 1.2.840.113556.1.4.2080
+|       supportedCapabilities: 1.2.840.113556.1.4.2237
+|       subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       serverName: CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       schemaNamingContext: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=sequel,DC=htb
+|       namingContexts: CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=DomainDnsZones,DC=sequel,DC=htb
+|       namingContexts: DC=ForestDnsZones,DC=sequel,DC=htb
+|       isSynchronized: TRUE
+|       highestCommittedUSN: 168159
+|       dsServiceName: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       dnsHostName: dc.sequel.htb
+|       defaultNamingContext: DC=sequel,DC=htb
+|       currentTime: 20230228190547.0Z
+|_      configurationNamingContext: CN=Configuration,DC=sequel,DC=htb
+|_ssl-date: 2023-02-28T19:05:59+00:00; +7h59m54s from scanner time.
+| ssl-enum-ciphers: 
+|   TLSv1.0: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.1: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.2: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
+|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
+|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|_  least strength: C
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:25 2023 -- 1 IP address (1 host up) scanned in 43.44 seconds

HTB/escape/results/escape.htb/scans/tcp445/smbmap-execute-command.txt

@@ -0,0 +1 @@
+[\] Working on it...

HTB/escape/results/escape.htb/scans/tcp445/smbmap-list-contents.txt

@@ -0,0 +1,47 @@
+[\] Working on it...
+[+] Guest session   	IP: escape.htb:445	Name: unknown
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...

HTB/escape/results/escape.htb/scans/tcp445/smbmap-share-permissions.txt

@@ -0,0 +1,10 @@
+[\] Working on it...
+[+] Guest session   	IP: escape.htb:445	Name: unknown
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...
+[|] Working on it...
+[/] Working on it...
+[-] Working on it...
+[\] Working on it...

HTB/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt

@@ -0,0 +1,50 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 445 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:05:45 CET for 62s
+
+PORT    STATE SERVICE       REASON          VERSION
+445/tcp open  microsoft-ds? syn-ack ttl 127
+|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
+
+Host script results:
+| smb-protocols: 
+|   dialects: 
+|     202
+|     210
+|     300
+|     302
+|_    311
+| smb2-capabilities: 
+|   202: 
+|     Distributed File System
+|   210: 
+|     Distributed File System
+|     Leasing
+|     Multi-credit operations
+|   300: 
+|     Distributed File System
+|     Leasing
+|     Multi-credit operations
+|   302: 
+|     Distributed File System
+|     Leasing
+|     Multi-credit operations
+|   311: 
+|     Distributed File System
+|     Leasing
+|_    Multi-credit operations
+|_smb-vuln-ms10-061: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
+| smb2-security-mode: 
+|   311: 
+|_    Message signing enabled and required
+| smb2-time: 
+|   date: 2023-02-28T19:06:16
+|_  start_date: N/A
+| smb-mbenum: 
+|_  ERROR: Failed to connect to browser service: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
+|_smb-print-text: false
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:47 2023 -- 1 IP address (1 host up) scanned in 65.29 seconds

HTB/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 445 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 445 &quot;-&#45;script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="445"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582362" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582362"/>
+<taskprogress task="NSE" time="1677582393" percent="94.29" remaining="2" etc="1677582395"/>
+<taskend task="NSE" time="1677582405"/>
+<taskbegin task="NSE" time="1677582405"/>
+<taskend task="NSE" time="1677582407"/>
+<taskbegin task="NSE" time="1677582407"/>
+<taskend task="NSE" time="1677582407"/>
+<host starttime="1677582345" endtime="1677582407"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="microsoft-ds" method="table" conf="3"/><script id="smb-enum-services" output="ERROR: Script execution failed (use -d to debug)"/></port>
+</ports>
+<hostscript><script id="smb-protocols" output="&#xa;  dialects: &#xa;    202&#xa;    210&#xa;    300&#xa;    302&#xa;    311"><table key="dialects">
+<elem>202</elem>
+<elem>210</elem>
+<elem>300</elem>
+<elem>302</elem>
+<elem>311</elem>
+</table>
+</script><script id="smb2-capabilities" output="&#xa;  202: &#xa;    Distributed File System&#xa;  210: &#xa;    Distributed File System&#xa;    Leasing&#xa;    Multi-credit operations&#xa;  300: &#xa;    Distributed File System&#xa;    Leasing&#xa;    Multi-credit operations&#xa;  302: &#xa;    Distributed File System&#xa;    Leasing&#xa;    Multi-credit operations&#xa;  311: &#xa;    Distributed File System&#xa;    Leasing&#xa;    Multi-credit operations"><table key="202">
+<elem>Distributed File System</elem>
+</table>
+<table key="210">
+<elem>Distributed File System</elem>
+<elem>Leasing</elem>
+<elem>Multi-credit operations</elem>
+</table>
+<table key="300">
+<elem>Distributed File System</elem>
+<elem>Leasing</elem>
+<elem>Multi-credit operations</elem>
+</table>
+<table key="302">
+<elem>Distributed File System</elem>
+<elem>Leasing</elem>
+<elem>Multi-credit operations</elem>
+</table>
+<table key="311">
+<elem>Distributed File System</elem>
+<elem>Leasing</elem>
+<elem>Multi-credit operations</elem>
+</table>
+</script><script id="smb-vuln-ms10-061" output="Could not negotiate a connection:SMB: Failed to receive bytes: ERROR">false</script><script id="smb2-security-mode" output="&#xa;  311: &#xa;    Message signing enabled and required"><table key="311">
+<elem>Message signing enabled and required</elem>
+</table>
+</script><script id="smb2-time" output="&#xa;  date: 2023-02-28T19:06:16&#xa;  start_date: N/A"><elem key="date">2023-02-28T19:06:16</elem>
+<elem key="start_date">N/A</elem>
+</script><script id="smb-mbenum" output="&#xa;  ERROR: Failed to connect to browser service: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR"/><script id="smb-print-text" output="false">false</script></hostscript><times srtt="182195" rttvar="182195" to="910975"/>
+</host>
+<taskbegin task="NSE" time="1677582407"/>
+<taskend task="NSE" time="1677582407"/>
+<taskbegin task="NSE" time="1677582407"/>
+<taskend task="NSE" time="1677582407"/>
+<taskbegin task="NSE" time="1677582407"/>
+<taskend task="NSE" time="1677582407"/>
+<runstats><finished time="1677582407" timestr="Tue Feb 28 12:06:47 2023" summary="Nmap done at Tue Feb 28 12:06:47 2023; 1 IP address (1 host up) scanned in 65.29 seconds" elapsed="65.29" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt

@@ -0,0 +1,11 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 464 --script=banner,krb5-enum-users --script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.16s latency).
+Scanned at 2023-02-28 12:05:44 CET for 28s
+
+PORT    STATE SERVICE   REASON          VERSION
+464/tcp open  kpasswd5? syn-ack ttl 127
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:12 2023 -- 1 IP address (1 host up) scanned in 30.91 seconds

HTB/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 464 -&#45;script=banner,krb5-enum-users -&#45;script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 464 -&#45;script=banner,krb5-enum-users -&#45;script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="464"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="SYN Stealth Scan" time="1677582344"/>
+<taskend task="SYN Stealth Scan" time="1677582344" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582362" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582362"/>
+<taskend task="NSE" time="1677582372"/>
+<taskbegin task="NSE" time="1677582372"/>
+<taskend task="NSE" time="1677582372"/>
+<host starttime="1677582344" endtime="1677582372"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="464"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="kpasswd5" method="table" conf="3"/></port>
+</ports>
+<times srtt="163194" rttvar="163194" to="815970"/>
+</host>
+<taskbegin task="NSE" time="1677582372"/>
+<taskend task="NSE" time="1677582372"/>
+<taskbegin task="NSE" time="1677582372"/>
+<taskend task="NSE" time="1677582372"/>
+<runstats><finished time="1677582372" timestr="Tue Feb 28 12:06:12 2023" summary="Nmap done at Tue Feb 28 12:06:12 2023; 1 IP address (1 host up) scanned in 30.91 seconds" elapsed="30.91" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 49667 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.13s latency).
+Scanned at 2023-02-28 12:05:45 CET for 72s
+
+PORT      STATE SERVICE REASON          VERSION
+49667/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:57 2023 -- 1 IP address (1 host up) scanned in 75.72 seconds

HTB/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 49667 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 49667 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="49667"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582346"/>
+<taskend task="Service scan" time="1677582402" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582402"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<host starttime="1677582345" endtime="1677582417"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="49667"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="130329" rttvar="130329" to="651645"/>
+</host>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<runstats><finished time="1677582417" timestr="Tue Feb 28 12:06:57 2023" summary="Nmap done at Tue Feb 28 12:06:57 2023; 1 IP address (1 host up) scanned in 75.72 seconds" elapsed="75.72" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp49674/tcp_49674_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 49674 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49674/tcp_49674_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49674/xml/tcp_49674_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.14s latency).
+Scanned at 2023-02-28 12:05:43 CET for 72s
+
+PORT      STATE SERVICE REASON          VERSION
+49674/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:55 2023 -- 1 IP address (1 host up) scanned in 73.65 seconds

HTB/escape/results/escape.htb/scans/tcp49674/xml/tcp_49674_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 49674 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49674/tcp_49674_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49674/xml/tcp_49674_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 49674 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49674/tcp_49674_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49674/xml/tcp_49674_rpc_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="49674"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582343"/>
+<taskend task="NSE" time="1677582343"/>
+<taskbegin task="NSE" time="1677582343"/>
+<taskend task="NSE" time="1677582343"/>
+<taskbegin task="SYN Stealth Scan" time="1677582343"/>
+<taskend task="SYN Stealth Scan" time="1677582343" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582343"/>
+<taskend task="Service scan" time="1677582400" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582400"/>
+<taskend task="NSE" time="1677582415"/>
+<taskbegin task="NSE" time="1677582415"/>
+<taskend task="NSE" time="1677582415"/>
+<host starttime="1677582343" endtime="1677582415"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="49674"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="137531" rttvar="137531" to="687655"/>
+</host>
+<taskbegin task="NSE" time="1677582415"/>
+<taskend task="NSE" time="1677582415"/>
+<taskbegin task="NSE" time="1677582415"/>
+<taskend task="NSE" time="1677582415"/>
+<runstats><finished time="1677582415" timestr="Tue Feb 28 12:06:55 2023" summary="Nmap done at Tue Feb 28 12:06:55 2023; 1 IP address (1 host up) scanned in 73.65 seconds" elapsed="73.65" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp49678/tcp_49678_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Sun Feb 26 23:34:06 2023 as: nmap -vv --reason -Pn -T4 -sV -p 49678 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49678/tcp_49678_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49678/xml/tcp_49678_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.25.138)
+Host is up, received user-set (0.21s latency).
+Scanned at 2023-02-26 23:34:13 CET for 73s
+
+PORT      STATE SERVICE REASON          VERSION
+49678/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sun Feb 26 23:35:26 2023 -- 1 IP address (1 host up) scanned in 80.42 seconds

HTB/escape/results/escape.htb/scans/tcp49678/xml/tcp_49678_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sun Feb 26 23:34:06 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 49678 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49678/tcp_49678_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49678/xml/tcp_49678_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 49678 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49678/tcp_49678_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49678/xml/tcp_49678_rpc_nmap.xml escape.htb" start="1677450846" startstr="Sun Feb 26 23:34:06 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="49678"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677450853"/>
+<taskend task="NSE" time="1677450853"/>
+<taskbegin task="NSE" time="1677450853"/>
+<taskend task="NSE" time="1677450853"/>
+<taskbegin task="SYN Stealth Scan" time="1677450853"/>
+<taskend task="SYN Stealth Scan" time="1677450854" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677450854"/>
+<taskend task="Service scan" time="1677450910" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677450910"/>
+<taskend task="NSE" time="1677450926"/>
+<taskbegin task="NSE" time="1677450926"/>
+<taskend task="NSE" time="1677450926"/>
+<host starttime="1677450853" endtime="1677450926"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.25.138" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="49678"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="212010" rttvar="212010" to="1060050"/>
+</host>
+<taskbegin task="NSE" time="1677450926"/>
+<taskend task="NSE" time="1677450926"/>
+<taskbegin task="NSE" time="1677450926"/>
+<taskend task="NSE" time="1677450926"/>
+<runstats><finished time="1677450926" timestr="Sun Feb 26 23:35:26 2023" summary="Nmap done at Sun Feb 26 23:35:26 2023; 1 IP address (1 host up) scanned in 80.42 seconds" elapsed="80.42" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp49696/tcp_49696_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 49696 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49696/tcp_49696_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49696/xml/tcp_49696_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.20s latency).
+Scanned at 2023-02-28 12:05:45 CET for 72s
+
+PORT      STATE SERVICE REASON          VERSION
+49696/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:57 2023 -- 1 IP address (1 host up) scanned in 75.70 seconds

HTB/escape/results/escape.htb/scans/tcp49696/xml/tcp_49696_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 49696 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49696/tcp_49696_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49696/xml/tcp_49696_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 49696 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49696/tcp_49696_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49696/xml/tcp_49696_rpc_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="49696"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582402" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582402"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<host starttime="1677582345" endtime="1677582417"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="49696"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="203189" rttvar="203189" to="1015945"/>
+</host>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<runstats><finished time="1677582417" timestr="Tue Feb 28 12:06:57 2023" summary="Nmap done at Tue Feb 28 12:06:57 2023; 1 IP address (1 host up) scanned in 75.70 seconds" elapsed="75.70" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp49698/tcp_49698_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Sun Feb 26 23:34:05 2023 as: nmap -vv --reason -Pn -T4 -sV -p 49698 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49698/tcp_49698_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49698/xml/tcp_49698_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.25.138)
+Host is up, received user-set (0.17s latency).
+Scanned at 2023-02-26 23:34:14 CET for 72s
+
+PORT      STATE SERVICE REASON          VERSION
+49698/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sun Feb 26 23:35:26 2023 -- 1 IP address (1 host up) scanned in 80.77 seconds

HTB/escape/results/escape.htb/scans/tcp49698/xml/tcp_49698_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sun Feb 26 23:34:05 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 49698 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49698/tcp_49698_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49698/xml/tcp_49698_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 49698 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49698/tcp_49698_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49698/xml/tcp_49698_rpc_nmap.xml escape.htb" start="1677450845" startstr="Sun Feb 26 23:34:05 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="49698"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677450854"/>
+<taskend task="NSE" time="1677450854"/>
+<taskbegin task="NSE" time="1677450854"/>
+<taskend task="NSE" time="1677450854"/>
+<taskbegin task="SYN Stealth Scan" time="1677450854"/>
+<taskend task="SYN Stealth Scan" time="1677450854" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677450854"/>
+<taskend task="Service scan" time="1677450911" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677450911"/>
+<taskend task="NSE" time="1677450926"/>
+<taskbegin task="NSE" time="1677450926"/>
+<taskend task="NSE" time="1677450926"/>
+<host starttime="1677450854" endtime="1677450926"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.25.138" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="49698"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="167332" rttvar="167332" to="836660"/>
+</host>
+<taskbegin task="NSE" time="1677450926"/>
+<taskend task="NSE" time="1677450926"/>
+<taskbegin task="NSE" time="1677450926"/>
+<taskend task="NSE" time="1677450926"/>
+<runstats><finished time="1677450926" timestr="Sun Feb 26 23:35:26 2023" summary="Nmap done at Sun Feb 26 23:35:26 2023; 1 IP address (1 host up) scanned in 80.77 seconds" elapsed="80.77" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp49702/tcp_49702_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Sun Feb 26 23:34:06 2023 as: nmap -vv --reason -Pn -T4 -sV -p 49702 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49702/tcp_49702_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49702/xml/tcp_49702_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.25.138)
+Host is up, received user-set (0.13s latency).
+Scanned at 2023-02-26 23:34:13 CET for 72s
+
+PORT      STATE SERVICE REASON          VERSION
+49702/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sun Feb 26 23:35:25 2023 -- 1 IP address (1 host up) scanned in 79.24 seconds

HTB/escape/results/escape.htb/scans/tcp49702/xml/tcp_49702_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sun Feb 26 23:34:06 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 49702 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49702/tcp_49702_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49702/xml/tcp_49702_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 49702 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49702/tcp_49702_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49702/xml/tcp_49702_rpc_nmap.xml escape.htb" start="1677450846" startstr="Sun Feb 26 23:34:06 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="49702"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677450853"/>
+<taskend task="NSE" time="1677450853"/>
+<taskbegin task="NSE" time="1677450853"/>
+<taskend task="NSE" time="1677450853"/>
+<taskbegin task="SYN Stealth Scan" time="1677450853"/>
+<taskend task="SYN Stealth Scan" time="1677450853" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677450853"/>
+<taskend task="Service scan" time="1677450909" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677450909"/>
+<taskend task="NSE" time="1677450925"/>
+<taskbegin task="NSE" time="1677450925"/>
+<taskend task="NSE" time="1677450925"/>
+<host starttime="1677450853" endtime="1677450925"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.25.138" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="49702"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="131660" rttvar="131660" to="658300"/>
+</host>
+<taskbegin task="NSE" time="1677450925"/>
+<taskend task="NSE" time="1677450925"/>
+<taskbegin task="NSE" time="1677450925"/>
+<taskend task="NSE" time="1677450925"/>
+<runstats><finished time="1677450925" timestr="Sun Feb 26 23:35:25 2023" summary="Nmap done at Sun Feb 26 23:35:25 2023; 1 IP address (1 host up) scanned in 79.24 seconds" elapsed="79.24" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp49703/tcp_49703_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 49703 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49703/tcp_49703_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49703/xml/tcp_49703_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:05:44 CET for 73s
+
+PORT      STATE SERVICE REASON          VERSION
+49703/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:57 2023 -- 1 IP address (1 host up) scanned in 75.14 seconds

HTB/escape/results/escape.htb/scans/tcp49703/xml/tcp_49703_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 49703 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49703/tcp_49703_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49703/xml/tcp_49703_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 49703 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp49703/tcp_49703_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp49703/xml/tcp_49703_rpc_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="49703"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="SYN Stealth Scan" time="1677582344"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582402" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582402"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<host starttime="1677582344" endtime="1677582417"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="49703"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="183723" rttvar="183723" to="918615"/>
+</host>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<runstats><finished time="1677582417" timestr="Tue Feb 28 12:06:57 2023" summary="Nmap done at Tue Feb 28 12:06:57 2023; 1 IP address (1 host up) scanned in 75.14 seconds" elapsed="75.14" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt

@@ -0,0 +1,19 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:41 2023 as: nmap -vv --reason -Pn -T4 -sV -p 53 "--script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:05:45 CET for 166s
+
+PORT   STATE SERVICE REASON          VERSION
+53/tcp open  domain? syn-ack ttl 127
+| dns-nsec-enum: 
+|_  No NSEC records found
+| dns-nsec3-enum: 
+|_  DNSSEC NSEC3 not supported
+
+Host script results:
+| dns-brute: 
+|_  DNS Brute-force hostnames: No results.
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:08:31 2023 -- 1 IP address (1 host up) scanned in 169.96 seconds

HTB/escape/results/escape.htb/scans/tcp53/tcp_53_dns_reverse-lookup.txt

@@ -0,0 +1,9 @@
+;; communications error to 10.129.184.130#53: timed out
+;; communications error to 10.129.184.130#53: timed out
+;; communications error to 10.129.184.130#53: timed out
+
+; <<>> DiG 9.18.11-2-Debian <<>> -p 53 -x escape.htb @escape.htb
+;; global options: +cmd
+;; no servers could be reached
+
+

HTB/escape/results/escape.htb/scans/tcp53/tcp_53_dns_zone-transfer-domain.txt

@@ -0,0 +1,6 @@
+
+; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @escape.htb escape.htb
+; (1 server found)
+;; global options: +cmd
+; Transfer failed.
+

HTB/escape/results/escape.htb/scans/tcp53/tcp_53_dns_zone-transfer-hostname.txt

@@ -0,0 +1,6 @@
+
+; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @escape.htb escape.htb
+; (1 server found)
+;; global options: +cmd
+; Transfer failed.
+

HTB/escape/results/escape.htb/scans/tcp53/tcp_53_dns_zone-transfer.txt

@@ -0,0 +1,10 @@
+;; communications error to 10.129.184.130#53: timed out
+;; communications error to 10.129.184.130#53: timed out
+;; communications error to 10.129.184.130#53: timed out
+
+; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @escape.htb
+; (1 server found)
+;; global options: +cmd
+;; no servers could be reached
+
+

HTB/escape/results/escape.htb/scans/tcp53/tcp_53_dnsrecon_default.txt

@@ -0,0 +1,7 @@
+[*] std: Performing General Enumeration against: escape.htb...
+[-] All nameservers failed to answer the DNSSEC query for escape.htb
+[-] Exception "The DNS operation timed out." while resolving SOA record.
+[-] Error while resolving SOA while using 10.129.184.130 as nameserver.
+[*] Enumerating SRV Records
+[+] 0 Records Found
+

HTB/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:41 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 53 &quot;-&#45;script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 53 &quot;-&#45;script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml escape.htb" start="1677582341" startstr="Tue Feb 28 12:05:41 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="53"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="NSE" time="1677582345"/>
+<taskend task="NSE" time="1677582345"/>
+<taskbegin task="SYN Stealth Scan" time="1677582345"/>
+<taskend task="SYN Stealth Scan" time="1677582345" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582346"/>
+<taskend task="Service scan" time="1677582493" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582493"/>
+<taskend task="NSE" time="1677582509"/>
+<taskbegin task="NSE" time="1677582509"/>
+<taskend task="NSE" time="1677582511"/>
+<taskbegin task="NSE" time="1677582511"/>
+<taskend task="NSE" time="1677582511"/>
+<host starttime="1677582345" endtime="1677582511"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="domain" method="table" conf="3"/><script id="dns-nsec-enum" output="&#xa;  No NSEC records found&#xa;"/><script id="dns-nsec3-enum" output="&#xa;  DNSSEC NSEC3 not supported&#xa;"/></port>
+</ports>
+<hostscript><script id="dns-brute" output="&#xa;  DNS Brute-force hostnames: No results."><table key="DNS Brute-force hostnames">
+</table>
+</script></hostscript><times srtt="175410" rttvar="175410" to="877050"/>
+</host>
+<taskbegin task="NSE" time="1677582511"/>
+<taskend task="NSE" time="1677582511"/>
+<taskbegin task="NSE" time="1677582511"/>
+<taskend task="NSE" time="1677582511"/>
+<taskbegin task="NSE" time="1677582511"/>
+<taskend task="NSE" time="1677582511"/>
+<runstats><finished time="1677582511" timestr="Tue Feb 28 12:08:31 2023" summary="Nmap done at Tue Feb 28 12:08:31 2023; 1 IP address (1 host up) scanned in 169.96 seconds" elapsed="169.96" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp53254/tcp_53254_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 53254 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp53254/tcp_53254_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp53254/xml/tcp_53254_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.11s latency).
+Scanned at 2023-02-28 12:05:44 CET for 73s
+
+PORT      STATE SERVICE REASON          VERSION
+53254/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:57 2023 -- 1 IP address (1 host up) scanned in 74.98 seconds

HTB/escape/results/escape.htb/scans/tcp53254/xml/tcp_53254_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 53254 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp53254/tcp_53254_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp53254/xml/tcp_53254_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 53254 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp53254/tcp_53254_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp53254/xml/tcp_53254_rpc_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="53254"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="SYN Stealth Scan" time="1677582344"/>
+<taskend task="SYN Stealth Scan" time="1677582344" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582402" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582402"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<host starttime="1677582344" endtime="1677582417"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="53254"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="107343" rttvar="107343" to="536715"/>
+</host>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<taskbegin task="NSE" time="1677582417"/>
+<taskend task="NSE" time="1677582417"/>
+<runstats><finished time="1677582417" timestr="Tue Feb 28 12:06:57 2023" summary="Nmap done at Tue Feb 28 12:06:57 2023; 1 IP address (1 host up) scanned in 74.98 seconds" elapsed="74.98" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp593/tcp_593_rpc_rpcdump.txt

@@ -0,0 +1,925 @@
+Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
+
+[*] Retrieving endpoint list from escape.htb
+Protocol: [MS-RSP]: Remote Shutdown Protocol
+Provider: wininit.exe
+UUID    : D95AFE70-A6D5-4259-822E-2C84DA1DDB0D v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49664]
+          ncalrpc:[WindowsShutdown]
+          ncacn_np:\\DC[\PIPE\InitShutdown]
+          ncalrpc:[WMsgKRpc0A7BE0]
+
+Protocol: N/A
+Provider: winlogon.exe
+UUID    : 76F226C3-EC14-4325-8A99-6A46348418AF v1.0
+Bindings:
+          ncalrpc:[WindowsShutdown]
+          ncacn_np:\\DC[\PIPE\InitShutdown]
+          ncalrpc:[WMsgKRpc0A7BE0]
+          ncalrpc:[WMsgKRpc0A9011]
+
+Protocol: N/A
+Provider: N/A
+UUID    : D09BDEB5-6171-4A34-BFE2-06FA82652568 v1.0
+Bindings:
+          ncalrpc:[csebpub]
+          ncalrpc:[LRPC-5c17a202088881a462]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-e158f8adbff8147a36]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 697DCDA9-3BA9-4EB2-9247-E11F1901B0D2 v1.0
+Bindings:
+          ncalrpc:[LRPC-5c17a202088881a462]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 9B008953-F195-4BF9-BDE0-4471971E58ED v1.0
+Bindings:
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : DD59071B-3215-4C59-8481-972EDADC0F6A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D47017B-B33B-46AD-9E18-FE96456C5078 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 95406F0B-B239-4318-91BB-CEA3A46FF0DC v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4ED8ABCC-F1E2-438B-981F-BB0E8ABC010C v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0FF1F646-13BB-400A-AB50-9A78F2B7A85A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 6982A06E-5FE2-46B1-B39C-A2C545BFA069 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 082A3471-31B6-422A-B931-A54401960C62 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : FAE436B0-B864-4A87-9EDA-298547CD82F2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E53D94CA-7464-4839-B044-09A2FB8B3AE5 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 178D84BE-9291-4994-82C6-3F909ACA5A03 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4DACE966-A243-4450-AE3F-9B7BCB5315B8 v2.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1832BCF6-CAB8-41D4-85D2-C9410764F75A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C521FACF-09A9-42C5-B155-72388595CBF0 v0.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2C7FD9CE-E706-4B40-B412-953107EF9BB0 v0.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 88ABCBC3-34EA-76AE-8215-767520655A23 v0.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 76C217BC-C8B4-4201-A745-373AD9032B1A v1.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 55E6B932-1979-45D6-90C5-7F6270724112 v1.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 857FB1BE-084F-4FB5-B59C-4B2C4BE5F0CF v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B8CADBAF-E84B-46B9-84F2-6F71C03F9E55 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 20C40295-8DBA-48E6-AEBF-3E78EF3BB144 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2513BCBE-6CD4-4348-855E-7EFB3C336DD3 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D3E2735-CEA0-4ECC-A9E2-41A2D81AED4E v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C605F9FB-F0A3-4E2A-A073-73560F8D9E3E v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1B37CA91-76B1-4F5E-A3C7-2ABFC61F2BB0 v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8BFC3BE1-6DEF-4E2D-AF74-7C47CD0ADE4A v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2D98A740-581D-41B9-AA0D-A88B9D5CE938 v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0361AE94-0316-4C6C-8AD8-C594375800E2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 5824833B-3C1A-4AD2-BDFD-C31D19E23ED2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : BDAA0970-413B-4A3E-9E5D-F6DC9D7E0760 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3B338D89-6CFA-44B8-847E-531531BC9992 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8782D3B9-EBBD-4644-A3D8-E8725381919B v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 085B0334-E454-4D91-9B8C-4134F9E793F3 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4BEC6BB8-B5C2-4B6F-B2C1-5DA5CF92D0D9 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: sysntfy.dll
+UUID    : C9AC6DB5-82B7-4E55-AE8A-E464ED7B4277 v1.0 Impl friendly name
+Bindings:
+          ncalrpc:[LRPC-f7c911d0f7174d6368]
+          ncalrpc:[LRPC-f439a74f7da7485dcc]
+          ncalrpc:[IUserProfile2]
+          ncalrpc:[LRPC-62f9922acfcb157b86]
+          ncalrpc:[senssvc]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : A500D4C6-0DD1-4543-BC0C-D5F93486EAF8 v1.0
+Bindings:
+          ncalrpc:[LRPC-a318fcfb6ae3fa2006]
+          ncalrpc:[LRPC-e158f8adbff8147a36]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E40F7B57-7A25-4CD3-A135-7F7D3DF9D16B v1.0 Network Connection Broker server endpoint
+Bindings:
+          ncalrpc:[LRPC-48fe5c4c32c4fba26d]
+          ncalrpc:[OLEF18236561B248B245D2DC5F96304]
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 880FD55E-43B9-11E0-B1A8-CF4EDFD72085 v1.0 KAPI Service endpoint
+Bindings:
+          ncalrpc:[LRPC-48fe5c4c32c4fba26d]
+          ncalrpc:[OLEF18236561B248B245D2DC5F96304]
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 5222821F-D5E2-4885-84F1-5F6185A0EC41 v1.0 Network Connection Broker server endpoint for NCB Reset module
+Bindings:
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: nsisvc.dll
+UUID    : 7EA70BCF-48AF-4F6A-8968-6A440754D5FA v1.0 NSI server endpoint
+Bindings:
+          ncalrpc:[LRPC-ebe5c71b49cf000e16]
+
+Protocol: N/A
+Provider: dhcpcsvc6.dll
+UUID    : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D6 v1.0 DHCPv6 Client LRPC Endpoint
+Bindings:
+          ncalrpc:[dhcpcsvc6]
+          ncalrpc:[dhcpcsvc]
+
+Protocol: N/A
+Provider: dhcpcsvc.dll
+UUID    : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D5 v1.0 DHCP Client LRPC Endpoint
+Bindings:
+          ncalrpc:[dhcpcsvc]
+
+Protocol: [MS-EVEN6]: EventLog Remoting Protocol
+Provider: wevtsvc.dll
+UUID    : F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C v1.0 Event log TCPIP
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49665]
+          ncacn_np:\\DC[\pipe\eventlog]
+          ncalrpc:[eventlog]
+
+Protocol: N/A
+Provider: gpsvc.dll
+UUID    : 2EB08E3E-639F-4FBA-97B1-14F878961076 v1.0 Group Policy RPC Interface
+Bindings:
+          ncalrpc:[LRPC-39c79f87490a4a110d]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3A9EF155-691D-4449-8D05-09AD57031823 v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49666]
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: schedsvc.dll
+UUID    : 86D35949-83C9-4044-B424-DB363231FD0C v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49666]
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 33D84484-3626-47EE-8C6F-E7E98B113BE1 v2.0
+Bindings:
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: taskcomp.dll
+UUID    : 378E52B0-C0A9-11CF-822D-00AA0051E40F v1.0
+Bindings:
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: taskcomp.dll
+UUID    : 1FF70682-0A51-30E8-076D-740BE8CEE98B v1.0
+Bindings:
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: schedsvc.dll
+UUID    : 0A74EF1C-41A4-4E06-83AE-DC74FB1CDD53 v1.0
+Bindings:
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3473DD4D-2E88-4006-9CBA-22570909DD10 v5.1 WinHttp Auto-Proxy Service
+Bindings:
+          ncalrpc:[1eb54f27-f33c-4433-bfb8-b78495d0c683]
+          ncalrpc:[LRPC-ed2a3a7c79ccbe8063]
+
+Protocol: N/A
+Provider: MPSSVC.dll
+UUID    : 2FB92682-6599-42DC-AE13-BD2CA89BD11C v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-f4d6055253fb967246]
+          ncalrpc:[LRPC-13ab1d34f84db64998]
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F47433C3-3E9D-4157-AAD4-83AA1F5C2D4C v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-13ab1d34f84db64998]
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: MPSSVC.dll
+UUID    : 7F9D11BF-7FB9-436B-A812-B2D50C5D4C03 v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: BFE.DLL
+UUID    : DD490425-5325-4565-B774-7E27D6C09C24 v1.0 Base Firewall Engine API
+Bindings:
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 7F1343FE-50A9-4927-A778-0C5859517BAC v1.0 DfsDs service
+Bindings:
+          ncacn_np:\\DC[\PIPE\wkssvc]
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : EB081A0D-10EE-478A-A1DD-50995283E7A8 v3.0 Witness Client Test Interface
+Bindings:
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F2C9B409-C1C9-4100-8639-D8AB1486694A v1.0 Witness Client Upcall Server
+Bindings:
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C2D1B5DD-FA81-4460-9DD6-E7658B85454B v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F44E62AF-DAB1-44C2-8013-049A9DE417D6 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 7AEB6705-3AE6-471A-882D-F39C109EDC12 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E7F76134-9EF5-4949-A2D6-3368CC0988F3 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B37F900A-EAE4-4304-A2AB-12BB668C0188 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : ABFB6CA3-0C5E-4734-9285-0AEE72FE8D1C v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D3C7F20-1C8D-4654-A1B3-51563B298BDA v1.0 UserMgrCli
+Bindings:
+          ncalrpc:[LRPC-4af0391ddc7fbb0d04]
+          ncalrpc:[OLED53BB4BCFCCC2BBB55E1D97B9812]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B18FBAB6-56F8-4702-84E0-41053293A869 v1.0 UserMgrCli
+Bindings:
+          ncalrpc:[LRPC-4af0391ddc7fbb0d04]
+          ncalrpc:[OLED53BB4BCFCCC2BBB55E1D97B9812]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C49A5A70-8A7F-4E70-BA16-1E8F1F193EF1 v1.0 Adh APIs
+Bindings:
+          ncalrpc:[OLEDF6833784EBE2C242203FE93FABD]
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C36BE077-E14B-4FE9-8ABC-E856EF4F048B v1.0 Proxy Manager client server endpoint
+Bindings:
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2E6035B2-E8F1-41A7-A044-656B439C4C34 v1.0 Proxy Manager provider server endpoint
+Bindings:
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: iphlpsvc.dll
+UUID    : 552D076A-CB29-4E44-8B6A-D15E59E2C0AF v1.0 IP Transition Configuration endpoint
+Bindings:
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: [MS-NRPC]: Netlogon Remote Protocol
+Provider: netlogon.dll
+UUID    : 12345678-1234-ABCD-EF00-01234567CFFB v1.0
+Bindings:
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-RAA]: Remote Authorization API Protocol
+Provider: N/A
+UUID    : 0B1C2170-5732-4E0E-8CD3-D9B16F3B84D7 v0.0 RemoteAccessCheck
+Bindings:
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
+Provider: samsrv.dll
+UUID    : 12345778-1234-ABCD-EF00-0123456789AC v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-LSAT]: Local Security Authority (Translation Methods) Remote
+Provider: lsasrv.dll
+UUID    : 12345778-1234-ABCD-EF00-0123456789AB v0.0
+Bindings:
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol
+Provider: ntdsai.dll
+UUID    : E3514235-4B06-11D1-AB04-00C04FC2DCD2 v4.0 MS NT Directory DRS Interface
+Bindings:
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 51A227AE-825B-41F2-B4A9-1AC9557A1018 v1.0 Ngc Pop Key Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8FB74744-B2FF-4C00-BE0D-9EF9A191FE1B v1.0 Ngc Pop Key Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B25A52BF-E5DD-4F4A-AEA6-8CA7272A0E86 v2.0 KeyIso
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : A4B8D482-80CE-40D6-934D-B22A01A44FE7 v1.0 LicenseManager
+Bindings:
+          ncalrpc:[LicenseServiceEndpoint]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1A0D010F-1C33-432C-B0F5-8CF4E8053099 v1.0 IdSegSrv service
+Bindings:
+          ncalrpc:[LRPC-d0b063b89dcacf8d2f]
+
+Protocol: N/A
+Provider: srvsvc.dll
+UUID    : 98716D03-89AC-44C7-BB8C-285824E51C4A v1.0 XactSrv service
+Bindings:
+          ncalrpc:[LRPC-d0b063b89dcacf8d2f]
+
+Protocol: N/A
+Provider: N/A
+UUID    : DF4DF73A-C52D-4E3A-8003-8437FDF8302A v0.0 WM_WindowManagerRPC\Server
+Bindings:
+          ncalrpc:[LRPC-5f5f21e3e191e1ae92]
+
+Protocol: N/A
+Provider: sysmain.dll
+UUID    : B58AA02E-2884-4E97-8176-4EE06D794184 v1.0
+Bindings:
+          ncalrpc:[LRPC-3cb1b63884da9c017f]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 98CD761E-E77D-41C8-A3C0-0FB756D90EC2 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : D22895EF-AFF4-42C5-A5B2-B14466D34AB4 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E38F5360-8572-473E-B696-1B46873BEEAB v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 95095EC8-32EA-4EB0-A3E2-041F97B36168 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : FD8BE72B-A9CD-4B2C-A9CA-4DED242FBE4D v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4C9DBF19-D39E-4BB9-90EE-8F7179B20283 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: [MS-CMPO]: MSDTC Connection Manager:
+Provider: msdtcprx.dll
+UUID    : 906B0CE0-C70B-1067-B317-00DD010662DA v1.0
+Bindings:
+          ncalrpc:[LRPC-a5c382c126b1e1826a]
+          ncalrpc:[OLEE90A03417C6C8CB6892D014A39AC]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2F5F6521-CB55-1059-B446-00DF0BCE31DB v1.0 Unimodem LRPC Endpoint
+Bindings:
+          ncalrpc:[unimdmsvc]
+          ncalrpc:[tapsrvlpc]
+          ncacn_np:\\DC[\pipe\tapsrv]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 650A7E26-EAB8-5533-CE43-9C1DFCE11511 v1.0 Vpn APIs
+Bindings:
+          ncalrpc:[LRPC-4050dd6bde9b3cf16e]
+          ncalrpc:[VpnikeRpc]
+          ncalrpc:[RasmanLrpc]
+          ncacn_np:\\DC[\PIPE\ROUTER]
+
+Protocol: [MS-SCMR]: Service Control Manager Remote Protocol
+Provider: services.exe
+UUID    : 367ABB81-9844-35F1-AD32-98F038001003 v2.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49694]
+
+Protocol: [MS-ICPR]: ICertPassage Remote Protocol
+Provider: certsrv.exe
+UUID    : 91AE6020-9E3C-11CF-8D7C-00AA00C091BE v0.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49696]
+          ncacn_np:\\DC[\pipe\cert]
+          ncalrpc:[OLE2F89DA9340E3DA4F3F79F495C660]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F3F09FFD-FBCF-4291-944D-70AD6E0E73BB v1.0
+Bindings:
+          ncalrpc:[LRPC-946a4809e3af3c8ecc]
+
+Protocol: N/A
+Provider: nrpsrv.dll
+UUID    : 30ADC50C-5CBC-46CE-9A0E-91914789E23C v1.0 NRP server endpoint
+Bindings:
+          ncalrpc:[LRPC-593a2e405b40559e71]
+
+Protocol: [MS-DNSP]: Domain Name Service (DNS) Server Management
+Provider: dns.exe
+UUID    : 50ABC2A4-574D-40B3-9D66-EE4FD5FBA076 v5.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49703]
+
+Protocol: [MS-FRS2]: Distributed File System Replication Protocol
+Provider: dfsrmig.exe
+UUID    : 897E2E5F-93F3-4376-9C9C-FD2277495C27 v1.0 Frs2 Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[53254]
+          ncalrpc:[OLEA043F2C22A38A12D9DA9DBBFF6A7]
+
+Protocol: N/A
+Provider: N/A
+UUID    : BF4DC912-E52F-4904-8EBE-9317C1BDD497 v1.0
+Bindings:
+          ncalrpc:[LRPC-d8baf42a4a1b922f1b]
+          ncalrpc:[OLEF83A252BFDB35852F018EE0218FC]
+
+Protocol: N/A
+Provider: pcasvc.dll
+UUID    : 0767A036-0D22-48AA-BA69-B619480F38CB v1.0 PcaSvc
+Bindings:
+          ncalrpc:[LRPC-c72e6d5f54f5eaea61]
+
+[*] Received 400 endpoints.
+

HTB/escape/results/escape.htb/scans/tcp5985/tcp_5985_winrm-detection.txt

@@ -0,0 +1,2 @@
+WinRM was possibly detected running on tcp port 5985.
+Check _manual_commands.txt for manual commands you can run against this service.

HTB/escape/results/escape.htb/scans/tcp60738/tcp_60738_rpc_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Sun Feb 26 23:34:06 2023 as: nmap -vv --reason -Pn -T4 -sV -p 60738 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp60738/tcp_60738_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp60738/xml/tcp_60738_rpc_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.25.138)
+Host is up, received user-set (0.17s latency).
+Scanned at 2023-02-26 23:34:12 CET for 72s
+
+PORT      STATE SERVICE REASON          VERSION
+60738/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Sun Feb 26 23:35:24 2023 -- 1 IP address (1 host up) scanned in 78.74 seconds

HTB/escape/results/escape.htb/scans/tcp60738/xml/tcp_60738_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Sun Feb 26 23:34:06 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 60738 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp60738/tcp_60738_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp60738/xml/tcp_60738_rpc_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 60738 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/escape.htb/scans/tcp60738/tcp_60738_rpc_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp60738/xml/tcp_60738_rpc_nmap.xml escape.htb" start="1677450846" startstr="Sun Feb 26 23:34:06 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="60738"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677450852"/>
+<taskend task="NSE" time="1677450852"/>
+<taskbegin task="NSE" time="1677450852"/>
+<taskend task="NSE" time="1677450852"/>
+<taskbegin task="SYN Stealth Scan" time="1677450852"/>
+<taskend task="SYN Stealth Scan" time="1677450852" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677450853"/>
+<taskend task="Service scan" time="1677450909" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677450909"/>
+<taskend task="NSE" time="1677450924"/>
+<taskbegin task="NSE" time="1677450924"/>
+<taskend task="NSE" time="1677450924"/>
+<host starttime="1677450852" endtime="1677450924"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.25.138" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="60738"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="168902" rttvar="168902" to="844510"/>
+</host>
+<taskbegin task="NSE" time="1677450924"/>
+<taskend task="NSE" time="1677450924"/>
+<taskbegin task="NSE" time="1677450924"/>
+<taskend task="NSE" time="1677450924"/>
+<runstats><finished time="1677450924" timestr="Sun Feb 26 23:35:24 2023" summary="Nmap done at Sun Feb 26 23:35:24 2023; 1 IP address (1 host up) scanned in 78.74 seconds" elapsed="78.74" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt

@@ -0,0 +1,200 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 636 "--script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.21s latency).
+Scanned at 2023-02-28 12:05:46 CET for 55s
+
+PORT    STATE SERVICE  REASON          VERSION
+636/tcp open  ssl/ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb, Site: Default-First-Site-Name)
+| ssl-enum-ciphers: 
+|   TLSv1.0: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.1: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|   TLSv1.2: 
+|     ciphers: 
+|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
+|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
+|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
+|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
+|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
+|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
+|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
+|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
+|     compressors: 
+|       NULL
+|     cipher preference: server
+|     warnings: 
+|       64-bit block cipher 3DES vulnerable to SWEET32 attack
+|_  least strength: C
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T19:06:16+00:00; +7h59m55s from scanner time.
+| ldap-rootdse: 
+| LDAP Results
+|   <ROOT>
+|       domainFunctionality: 7
+|       forestFunctionality: 7
+|       domainControllerFunctionality: 7
+|       rootDomainNamingContext: DC=sequel,DC=htb
+|       ldapServiceName: sequel.htb:dc$@SEQUEL.HTB
+|       isGlobalCatalogReady: TRUE
+|       supportedSASLMechanisms: GSSAPI
+|       supportedSASLMechanisms: GSS-SPNEGO
+|       supportedSASLMechanisms: EXTERNAL
+|       supportedSASLMechanisms: DIGEST-MD5
+|       supportedLDAPVersion: 3
+|       supportedLDAPVersion: 2
+|       supportedLDAPPolicies: MaxPoolThreads
+|       supportedLDAPPolicies: MaxPercentDirSyncRequests
+|       supportedLDAPPolicies: MaxDatagramRecv
+|       supportedLDAPPolicies: MaxReceiveBuffer
+|       supportedLDAPPolicies: InitRecvTimeout
+|       supportedLDAPPolicies: MaxConnections
+|       supportedLDAPPolicies: MaxConnIdleTime
+|       supportedLDAPPolicies: MaxPageSize
+|       supportedLDAPPolicies: MaxBatchReturnMessages
+|       supportedLDAPPolicies: MaxQueryDuration
+|       supportedLDAPPolicies: MaxDirSyncDuration
+|       supportedLDAPPolicies: MaxTempTableSize
+|       supportedLDAPPolicies: MaxResultSetSize
+|       supportedLDAPPolicies: MinResultSets
+|       supportedLDAPPolicies: MaxResultSetsPerConn
+|       supportedLDAPPolicies: MaxNotificationPerConn
+|       supportedLDAPPolicies: MaxValRange
+|       supportedLDAPPolicies: MaxValRangeTransitive
+|       supportedLDAPPolicies: ThreadMemoryLimit
+|       supportedLDAPPolicies: SystemMemoryLimitPercent
+|       supportedControl: 1.2.840.113556.1.4.319
+|       supportedControl: 1.2.840.113556.1.4.801
+|       supportedControl: 1.2.840.113556.1.4.473
+|       supportedControl: 1.2.840.113556.1.4.528
+|       supportedControl: 1.2.840.113556.1.4.417
+|       supportedControl: 1.2.840.113556.1.4.619
+|       supportedControl: 1.2.840.113556.1.4.841
+|       supportedControl: 1.2.840.113556.1.4.529
+|       supportedControl: 1.2.840.113556.1.4.805
+|       supportedControl: 1.2.840.113556.1.4.521
+|       supportedControl: 1.2.840.113556.1.4.970
+|       supportedControl: 1.2.840.113556.1.4.1338
+|       supportedControl: 1.2.840.113556.1.4.474
+|       supportedControl: 1.2.840.113556.1.4.1339
+|       supportedControl: 1.2.840.113556.1.4.1340
+|       supportedControl: 1.2.840.113556.1.4.1413
+|       supportedControl: 2.16.840.1.113730.3.4.9
+|       supportedControl: 2.16.840.1.113730.3.4.10
+|       supportedControl: 1.2.840.113556.1.4.1504
+|       supportedControl: 1.2.840.113556.1.4.1852
+|       supportedControl: 1.2.840.113556.1.4.802
+|       supportedControl: 1.2.840.113556.1.4.1907
+|       supportedControl: 1.2.840.113556.1.4.1948
+|       supportedControl: 1.2.840.113556.1.4.1974
+|       supportedControl: 1.2.840.113556.1.4.1341
+|       supportedControl: 1.2.840.113556.1.4.2026
+|       supportedControl: 1.2.840.113556.1.4.2064
+|       supportedControl: 1.2.840.113556.1.4.2065
+|       supportedControl: 1.2.840.113556.1.4.2066
+|       supportedControl: 1.2.840.113556.1.4.2090
+|       supportedControl: 1.2.840.113556.1.4.2205
+|       supportedControl: 1.2.840.113556.1.4.2204
+|       supportedControl: 1.2.840.113556.1.4.2206
+|       supportedControl: 1.2.840.113556.1.4.2211
+|       supportedControl: 1.2.840.113556.1.4.2239
+|       supportedControl: 1.2.840.113556.1.4.2255
+|       supportedControl: 1.2.840.113556.1.4.2256
+|       supportedControl: 1.2.840.113556.1.4.2309
+|       supportedControl: 1.2.840.113556.1.4.2330
+|       supportedControl: 1.2.840.113556.1.4.2354
+|       supportedCapabilities: 1.2.840.113556.1.4.800
+|       supportedCapabilities: 1.2.840.113556.1.4.1670
+|       supportedCapabilities: 1.2.840.113556.1.4.1791
+|       supportedCapabilities: 1.2.840.113556.1.4.1935
+|       supportedCapabilities: 1.2.840.113556.1.4.2080
+|       supportedCapabilities: 1.2.840.113556.1.4.2237
+|       subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       serverName: CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       schemaNamingContext: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=sequel,DC=htb
+|       namingContexts: CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: CN=Schema,CN=Configuration,DC=sequel,DC=htb
+|       namingContexts: DC=DomainDnsZones,DC=sequel,DC=htb
+|       namingContexts: DC=ForestDnsZones,DC=sequel,DC=htb
+|       isSynchronized: TRUE
+|       highestCommittedUSN: 168159
+|       dsServiceName: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb
+|       dnsHostName: dc.sequel.htb
+|       defaultNamingContext: DC=sequel,DC=htb
+|       currentTime: 20230228190556.0Z
+|_      configurationNamingContext: CN=Configuration,DC=sequel,DC=htb
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:41 2023 -- 1 IP address (1 host up) scanned in 59.42 seconds

HTB/escape/results/escape.htb/scans/tcp636/tcp_636_sslscan.html

@@ -0,0 +1,165 @@
+Version: 2.0.15-static
+OpenSSL 1.1.1q-dev  xx XXX xxxx
+
+Connected to 10.129.184.130
+
+Testing SSL server escape.htb on port 636 using SNI name escape.htb
+
+  SSL/TLS Protocols:
+SSLv2     disabled
+SSLv3     disabled
+TLSv1.0   enabled
+TLSv1.1   enabled
+TLSv1.2   enabled
+TLSv1.3   disabled
+
+  TLS Fallback SCSV:
+Server does not support TLS Fallback SCSV
+
+  TLS renegotiation:
+Secure session renegotiation supported
+
+  TLS Compression:
+Compression disabled
+
+  Heartbleed:
+TLSv1.2 not vulnerable to heartbleed
+TLSv1.1 not vulnerable to heartbleed
+TLSv1.0 not vulnerable to heartbleed
+
+  Supported Server Cipher(s):
+Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-384 DHE 384
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 253
+Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
+Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
+Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-384 DHE 384
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve 25519 DHE 253
+Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-384 DHE 384
+Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
+Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
+Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
+Accepted  TLSv1.2  256 bits  AES256-SHA256
+Accepted  TLSv1.2  128 bits  AES128-SHA256
+Accepted  TLSv1.2  256 bits  AES256-SHA
+Accepted  TLSv1.2  128 bits  AES128-SHA
+Accepted  TLSv1.2  112 bits  DES-CBC3-SHA
+Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-384 DHE 384
+Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
+Accepted  TLSv1.1  256 bits  AES256-SHA
+Accepted  TLSv1.1  128 bits  AES128-SHA
+Accepted  TLSv1.1  112 bits  DES-CBC3-SHA
+Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-384 DHE 384
+Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve 25519 DHE 253
+Accepted  TLSv1.0  256 bits  AES256-SHA
+Accepted  TLSv1.0  128 bits  AES128-SHA
+Accepted  TLSv1.0  112 bits  DES-CBC3-SHA
+
+  Server Key Exchange Group(s):
+TLSv1.2  128 bits  secp256r1 (NIST P-256)
+TLSv1.2  192 bits  secp384r1 (NIST P-384)
+TLSv1.2  128 bits  x25519
+
+  SSL Certificate:
+    Certificate blob:
+-----BEGIN CERTIFICATE-----
+MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+-----END CERTIFICATE-----
+    Version: 2
+    Serial Number: 1e:00:00:00:04:90:52:7b:fc:91:38:74:2f:00:00:00:00:00:04
+    Signature Algorithm: sha256WithRSAEncryption
+    Issuer: /DC=htb/DC=sequel/CN=sequel-DC-CA
+    Not valid before: Nov 18 21:20:35 2022 GMT
+    Not valid after: Nov 18 21:20:35 2023 GMT
+    Subject: /CN=dc.sequel.htb
+    Public Key Algorithm: NULL
+    RSA Public Key: (2048 bit)
+      RSA Public-Key: (2048 bit)
+      Modulus:
+          00:a6:92:78:aa:2e:fe:07:2f:e4:d9:88:f2:d4:9f:
+          37:64:9d:73:fe:ca:4e:ef:85:bd:b5:46:70:3d:f8:
+          2f:98:38:f4:28:17:f8:15:1d:c8:37:d1:ad:2e:08:
+          d5:5f:a0:87:c1:3b:5e:cf:c9:1d:97:6b:5c:e7:c1:
+          c1:f2:8f:41:e2:6c:9a:2a:3c:e1:2a:64:57:d7:47:
+          98:69:27:b4:89:c4:f9:7d:95:28:2c:3c:42:53:3e:
+          28:bb:f7:db:b4:cd:c0:52:d3:c4:5c:a0:68:92:e0:
+          67:8b:ec:7c:c0:cd:97:a5:45:d1:ce:75:d6:3c:bd:
+          f0:a9:01:6c:07:dd:69:32:e6:f5:67:3f:ca:99:ec:
+          b7:11:98:31:4f:8d:cf:74:f6:38:09:92:70:0e:fa:
+          48:51:e5:e0:db:dd:c7:1b:5a:ff:c8:ca:97:df:50:
+          19:e1:e3:cb:78:d6:03:a5:8c:e8:7c:a8:38:0b:92:
+          bf:da:66:8d:fb:04:d3:67:5b:7a:01:18:aa:01:60:
+          50:af:11:51:4c:7e:af:4c:ea:13:e8:d1:7e:e8:7c:
+          40:2d:71:71:c5:6c:3f:ec:ea:df:27:85:a5:e5:8e:
+          6e:8b:51:f9:bd:64:b5:7a:b9:d5:3c:4f:7c:6a:22:
+          63:7b:70:79:99:3b:0f:73:3c:3b:a0:a0:45:11:db:
+          33:45
+      Exponent: 65537 (0x10001)
+    X509v3 Extensions:
+      1.3.6.1.4.1.311.20.2:
+        . .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
+      X509v3 Extended Key Usage:
+        TLS Web Client Authentication, TLS Web Server Authentication
+      X509v3 Key Usage: critical
+        Digital Signature, Key Encipherment
+      S/MIME Capabilities:
+        0i0...*.H..
+......0...*.H..
+......0...`.H.e...*0...`.H.e...-0...`.H.e....0...`.H.e....0...+....0
+..*.H..
+..
+      X509v3 Subject Key Identifier:
+        22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87
+      X509v3 Authority Key Identifier:
+        keyid:62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15
+
+      X509v3 CRL Distribution Points:
+
+        Full Name:
+          URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint
+
+      Authority Information Access:
+        CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority
+
+      X509v3 Subject Alternative Name:
+        othername:<unsupported>, DNS:dc.sequel.htb
+  Verify Certificate:
+    unable to get local issuer certificate
+
+  SSL Certificate:
+Signature Algorithm: sha256WithRSAEncryption
+RSA Key Strength:    2048
+
+Subject:  dc.sequel.htb
+Altnames: othername:<unsupported>, DNS:dc.sequel.htb
+Issuer:   sequel-DC-CA
+

HTB/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml

@@ -0,0 +1,262 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 636 &quot;-&#45;script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 636 &quot;-&#45;script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml escape.htb" start="1677582342" startstr="Tue Feb 28 12:05:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="636"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582346"/>
+<taskend task="NSE" time="1677582346"/>
+<taskbegin task="NSE" time="1677582346"/>
+<taskend task="NSE" time="1677582346"/>
+<taskbegin task="NSE" time="1677582346"/>
+<taskend task="NSE" time="1677582346"/>
+<taskbegin task="SYN Stealth Scan" time="1677582346"/>
+<taskend task="SYN Stealth Scan" time="1677582346" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582346"/>
+<taskend task="Service scan" time="1677582359" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582359"/>
+<taskend task="NSE" time="1677582380"/>
+<taskbegin task="NSE" time="1677582380"/>
+<taskend task="NSE" time="1677582399"/>
+<taskbegin task="NSE" time="1677582399"/>
+<taskend task="NSE" time="1677582401"/>
+<host starttime="1677582346" endtime="1677582401"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="636"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb, Site: Default-First-Site-Name" hostname="DC" ostype="Windows" tunnel="ssl" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-enum-ciphers" output="&#xa;  TLSv1.0: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  TLSv1.1: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  TLSv1.2: &#xa;    ciphers: &#xa;      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A&#xa;      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A&#xa;      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A&#xa;      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A&#xa;      TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A&#xa;      TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C&#xa;    compressors: &#xa;      NULL&#xa;    cipher preference: server&#xa;    warnings: &#xa;      64-bit block cipher 3DES vulnerable to SWEET32 attack&#xa;  least strength: C"><table key="TLSv1.0">
+<table key="ciphers">
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">C</elem>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<table key="TLSv1.1">
+<table key="ciphers">
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">C</elem>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<table key="TLSv1.2">
+<table key="ciphers">
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</elem>
+<elem key="kex_info">dh 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</elem>
+<elem key="kex_info">dh 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="kex_info">secp384r1</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="kex_info">ecdh_x25519</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_GCM_SHA384</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_GCM_SHA256</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA256</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA256</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_256_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">A</elem>
+<elem key="name">TLS_RSA_WITH_AES_128_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+<table>
+<elem key="strength">C</elem>
+<elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
+<elem key="kex_info">rsa 2048</elem>
+</table>
+</table>
+<table key="compressors">
+<elem>NULL</elem>
+</table>
+<elem key="cipher preference">server</elem>
+<table key="warnings">
+<elem>64-bit block cipher 3DES vulnerable to SWEET32 attack</elem>
+</table>
+</table>
+<elem key="least strength">C</elem>
+</script><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ssl-date" output="2023-02-28T19:06:16+00:00; +7h59m55s from scanner time."><elem key="date">2023-02-28T19:06:16+00:00</elem>
+<elem key="delta">28795.0</elem>
+</script><script id="ldap-rootdse" output="&#xa;LDAP Results&#xa;  &lt;ROOT&gt;&#xa;      domainFunctionality: 7&#xa;      forestFunctionality: 7&#xa;      domainControllerFunctionality: 7&#xa;      rootDomainNamingContext: DC=sequel,DC=htb&#xa;      ldapServiceName: sequel.htb:dc$@SEQUEL.HTB&#xa;      isGlobalCatalogReady: TRUE&#xa;      supportedSASLMechanisms: GSSAPI&#xa;      supportedSASLMechanisms: GSS-SPNEGO&#xa;      supportedSASLMechanisms: EXTERNAL&#xa;      supportedSASLMechanisms: DIGEST-MD5&#xa;      supportedLDAPVersion: 3&#xa;      supportedLDAPVersion: 2&#xa;      supportedLDAPPolicies: MaxPoolThreads&#xa;      supportedLDAPPolicies: MaxPercentDirSyncRequests&#xa;      supportedLDAPPolicies: MaxDatagramRecv&#xa;      supportedLDAPPolicies: MaxReceiveBuffer&#xa;      supportedLDAPPolicies: InitRecvTimeout&#xa;      supportedLDAPPolicies: MaxConnections&#xa;      supportedLDAPPolicies: MaxConnIdleTime&#xa;      supportedLDAPPolicies: MaxPageSize&#xa;      supportedLDAPPolicies: MaxBatchReturnMessages&#xa;      supportedLDAPPolicies: MaxQueryDuration&#xa;      supportedLDAPPolicies: MaxDirSyncDuration&#xa;      supportedLDAPPolicies: MaxTempTableSize&#xa;      supportedLDAPPolicies: MaxResultSetSize&#xa;      supportedLDAPPolicies: MinResultSets&#xa;      supportedLDAPPolicies: MaxResultSetsPerConn&#xa;      supportedLDAPPolicies: MaxNotificationPerConn&#xa;      supportedLDAPPolicies: MaxValRange&#xa;      supportedLDAPPolicies: MaxValRangeTransitive&#xa;      supportedLDAPPolicies: ThreadMemoryLimit&#xa;      supportedLDAPPolicies: SystemMemoryLimitPercent&#xa;      supportedControl: 1.2.840.113556.1.4.319&#xa;      supportedControl: 1.2.840.113556.1.4.801&#xa;      supportedControl: 1.2.840.113556.1.4.473&#xa;      supportedControl: 1.2.840.113556.1.4.528&#xa;      supportedControl: 1.2.840.113556.1.4.417&#xa;      supportedControl: 1.2.840.113556.1.4.619&#xa;      supportedControl: 1.2.840.113556.1.4.841&#xa;      supportedControl: 1.2.840.113556.1.4.529&#xa;      supportedControl: 1.2.840.113556.1.4.805&#xa;      supportedControl: 1.2.840.113556.1.4.521&#xa;      supportedControl: 1.2.840.113556.1.4.970&#xa;      supportedControl: 1.2.840.113556.1.4.1338&#xa;      supportedControl: 1.2.840.113556.1.4.474&#xa;      supportedControl: 1.2.840.113556.1.4.1339&#xa;      supportedControl: 1.2.840.113556.1.4.1340&#xa;      supportedControl: 1.2.840.113556.1.4.1413&#xa;      supportedControl: 2.16.840.1.113730.3.4.9&#xa;      supportedControl: 2.16.840.1.113730.3.4.10&#xa;      supportedControl: 1.2.840.113556.1.4.1504&#xa;      supportedControl: 1.2.840.113556.1.4.1852&#xa;      supportedControl: 1.2.840.113556.1.4.802&#xa;      supportedControl: 1.2.840.113556.1.4.1907&#xa;      supportedControl: 1.2.840.113556.1.4.1948&#xa;      supportedControl: 1.2.840.113556.1.4.1974&#xa;      supportedControl: 1.2.840.113556.1.4.1341&#xa;      supportedControl: 1.2.840.113556.1.4.2026&#xa;      supportedControl: 1.2.840.113556.1.4.2064&#xa;      supportedControl: 1.2.840.113556.1.4.2065&#xa;      supportedControl: 1.2.840.113556.1.4.2066&#xa;      supportedControl: 1.2.840.113556.1.4.2090&#xa;      supportedControl: 1.2.840.113556.1.4.2205&#xa;      supportedControl: 1.2.840.113556.1.4.2204&#xa;      supportedControl: 1.2.840.113556.1.4.2206&#xa;      supportedControl: 1.2.840.113556.1.4.2211&#xa;      supportedControl: 1.2.840.113556.1.4.2239&#xa;      supportedControl: 1.2.840.113556.1.4.2255&#xa;      supportedControl: 1.2.840.113556.1.4.2256&#xa;      supportedControl: 1.2.840.113556.1.4.2309&#xa;      supportedControl: 1.2.840.113556.1.4.2330&#xa;      supportedControl: 1.2.840.113556.1.4.2354&#xa;      supportedCapabilities: 1.2.840.113556.1.4.800&#xa;      supportedCapabilities: 1.2.840.113556.1.4.1670&#xa;      supportedCapabilities: 1.2.840.113556.1.4.1791&#xa;      supportedCapabilities: 1.2.840.113556.1.4.1935&#xa;      supportedCapabilities: 1.2.840.113556.1.4.2080&#xa;      supportedCapabilities: 1.2.840.113556.1.4.2237&#xa;      subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=sequel,DC=htb&#xa;      serverName: CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb&#xa;      schemaNamingContext: CN=Schema,CN=Configuration,DC=sequel,DC=htb&#xa;      namingContexts: DC=sequel,DC=htb&#xa;      namingContexts: CN=Configuration,DC=sequel,DC=htb&#xa;      namingContexts: CN=Schema,CN=Configuration,DC=sequel,DC=htb&#xa;      namingContexts: DC=DomainDnsZones,DC=sequel,DC=htb&#xa;      namingContexts: DC=ForestDnsZones,DC=sequel,DC=htb&#xa;      isSynchronized: TRUE&#xa;      highestCommittedUSN: 168159&#xa;      dsServiceName: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sequel,DC=htb&#xa;      dnsHostName: dc.sequel.htb&#xa;      defaultNamingContext: DC=sequel,DC=htb&#xa;      currentTime: 20230228190556.0Z&#xa;      configurationNamingContext: CN=Configuration,DC=sequel,DC=htb&#xa;"/></port>
+</ports>
+<times srtt="207605" rttvar="207605" to="1038025"/>
+</host>
+<taskbegin task="NSE" time="1677582401"/>
+<taskend task="NSE" time="1677582401"/>
+<taskbegin task="NSE" time="1677582401"/>
+<taskend task="NSE" time="1677582401"/>
+<taskbegin task="NSE" time="1677582401"/>
+<taskend task="NSE" time="1677582401"/>
+<runstats><finished time="1677582401" timestr="Tue Feb 28 12:06:41 2023" summary="Nmap done at Tue Feb 28 12:06:41 2023; 1 IP address (1 host up) scanned in 59.42 seconds" elapsed="59.42" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:05:41 2023 as: nmap -vv --reason -Pn -T4 -sV -p 88 --script=banner,krb5-enum-users --script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.24s latency).
+Scanned at 2023-02-28 12:05:44 CET for 18s
+
+PORT   STATE SERVICE      REASON          VERSION
+88/tcp open  kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-02-28 19:05:47Z)
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:06:02 2023 -- 1 IP address (1 host up) scanned in 21.26 seconds

HTB/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:05:41 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 88 -&#45;script=banner,krb5-enum-users -&#45;script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 88 -&#45;script=banner,krb5-enum-users -&#45;script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml escape.htb" start="1677582341" startstr="Tue Feb 28 12:05:41 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="88"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="NSE" time="1677582344"/>
+<taskend task="NSE" time="1677582344"/>
+<taskbegin task="SYN Stealth Scan" time="1677582344"/>
+<taskend task="SYN Stealth Scan" time="1677582344" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677582345"/>
+<taskend task="Service scan" time="1677582352" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677582352"/>
+<taskend task="NSE" time="1677582362"/>
+<taskbegin task="NSE" time="1677582362"/>
+<taskend task="NSE" time="1677582362"/>
+<host starttime="1677582344" endtime="1677582362"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="88"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="kerberos-sec" product="Microsoft Windows Kerberos" extrainfo="server time: 2023-02-28 19:05:47Z" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:microsoft:kerberos</cpe><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="241999" rttvar="241999" to="1209995"/>
+</host>
+<taskbegin task="NSE" time="1677582362"/>
+<taskend task="NSE" time="1677582362"/>
+<taskbegin task="NSE" time="1677582362"/>
+<taskend task="NSE" time="1677582362"/>
+<runstats><finished time="1677582362" timestr="Tue Feb 28 12:06:02 2023" summary="Nmap done at Tue Feb 28 12:06:02 2023; 1 IP address (1 host up) scanned in 21.26 seconds" elapsed="21.26" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/udp123/udp_123_ntp_nmap.txt

@@ -0,0 +1,13 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:30:25 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 123 "--script=banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/udp123/udp_123_ntp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp123/xml/udp_123_ntp_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.18s latency).
+Scanned at 2023-02-28 12:30:26 CET for 11s
+
+PORT    STATE SERVICE REASON               VERSION
+123/udp open  ntp     udp-response ttl 127 NTP v3
+| ntp-info: 
+|_  receive time stamp: 2023-02-28T19:30:31
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:30:37 2023 -- 1 IP address (1 host up) scanned in 11.70 seconds

HTB/escape/results/escape.htb/scans/udp123/xml/udp_123_ntp_nmap.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:30:25 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 123 &quot;-&#45;script=banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/udp123/udp_123_ntp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp123/xml/udp_123_ntp_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 123 &quot;-&#45;script=banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/udp123/udp_123_ntp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp123/xml/udp_123_ntp_nmap.xml escape.htb" start="1677583825" startstr="Tue Feb 28 12:30:25 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="udp" protocol="udp" numservices="1" services="123"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="UDP Scan" time="1677583826"/>
+<taskend task="UDP Scan" time="1677583826" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677583826"/>
+<taskend task="Service scan" time="1677583826" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583837"/>
+<taskbegin task="NSE" time="1677583837"/>
+<taskend task="NSE" time="1677583837"/>
+<taskbegin task="NSE" time="1677583837"/>
+<taskend task="NSE" time="1677583837"/>
+<host starttime="1677583826" endtime="1677583837"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="udp" portid="123"><state state="open" reason="udp-response" reason_ttl="127"/><service name="ntp" product="NTP" version="v3" method="probed" conf="10"/><script id="ntp-info" output="&#xa;  receive time stamp: 2023-02-28T19:30:31"><elem key="receive time stamp">2023-02-28T19:30:31</elem>
+</script></port>
+</ports>
+<times srtt="181292" rttvar="181292" to="906460"/>
+</host>
+<taskbegin task="NSE" time="1677583837"/>
+<taskend task="NSE" time="1677583837"/>
+<taskbegin task="NSE" time="1677583837"/>
+<taskend task="NSE" time="1677583837"/>
+<taskbegin task="NSE" time="1677583837"/>
+<taskend task="NSE" time="1677583837"/>
+<runstats><finished time="1677583837" timestr="Tue Feb 28 12:30:37 2023" summary="Nmap done at Tue Feb 28 12:30:37 2023; 1 IP address (1 host up) scanned in 11.70 seconds" elapsed="11.70" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/udp53/udp_53_dns_nmap.txt

@@ -0,0 +1,27 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:30:25 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 53 "--script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_dns_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp53/xml/udp_53_dns_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set (0.17s latency).
+Scanned at 2023-02-28 12:30:26 CET for 38s
+
+PORT   STATE SERVICE REASON               VERSION
+53/udp open  domain  udp-response ttl 127 (generic dns response: SERVFAIL)
+|_dns-cache-snoop: 0 of 100 tested domains are cached.
+| fingerprint-strings: 
+|   NBTStat: 
+|_    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+| dns-nsec3-enum: 
+|_  DNSSEC NSEC3 not supported
+| dns-nsec-enum: 
+|_  No NSEC records found
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port53-UDP:V=7.93%I=7%D=2/28%Time=63FDE5E6%P=x86_64-pc-linux-gnu%r(NBTS
+SF:tat,32,"\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAA
+SF:AAAAAAA\0\0!\0\x01");
+
+Host script results:
+| dns-brute: 
+|_  DNS Brute-force hostnames: No results.
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:31:04 2023 -- 1 IP address (1 host up) scanned in 39.15 seconds

HTB/escape/results/escape.htb/scans/udp53/udp_53_dns_reverse-lookup.txt

@@ -0,0 +1,19 @@
+;; communications error to 10.129.184.130#53: timed out
+
+; <<>> DiG 9.18.11-2-Debian <<>> -p 53 -x escape.htb @escape.htb
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7147
+;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
+
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags:; udp: 4000
+;; QUESTION SECTION:
+;htb.escape.in-addr.arpa.	IN	PTR
+
+;; Query time: 4472 msec
+;; SERVER: 10.129.184.130#53(escape.htb) (UDP)
+;; WHEN: Tue Feb 28 12:30:34 CET 2023
+;; MSG SIZE  rcvd: 52
+
+

HTB/escape/results/escape.htb/scans/udp53/udp_53_dns_zone-transfer-domain.txt

@@ -0,0 +1,6 @@
+
+; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @escape.htb escape.htb
+; (1 server found)
+;; global options: +cmd
+; Transfer failed.
+

HTB/escape/results/escape.htb/scans/udp53/udp_53_dns_zone-transfer-hostname.txt

@@ -0,0 +1,6 @@
+
+; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @escape.htb escape.htb
+; (1 server found)
+;; global options: +cmd
+; Transfer failed.
+

HTB/escape/results/escape.htb/scans/udp53/udp_53_dns_zone-transfer.txt

@@ -0,0 +1,10 @@
+;; communications error to 10.129.184.130#53: timed out
+;; communications error to 10.129.184.130#53: timed out
+;; communications error to 10.129.184.130#53: timed out
+
+; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @escape.htb
+; (1 server found)
+;; global options: +cmd
+;; no servers could be reached
+
+

HTB/escape/results/escape.htb/scans/udp53/udp_53_dnsrecon_default.txt

@@ -0,0 +1,7 @@
+[*] std: Performing General Enumeration against: escape.htb...
+[-] All nameservers failed to answer the DNSSEC query for escape.htb
+[-] Exception "The DNS operation timed out." while resolving SOA record.
+[-] Error while resolving SOA while using 10.129.184.130 as nameserver.
+[*] Enumerating SRV Records
+[+] 0 Records Found
+

HTB/escape/results/escape.htb/scans/udp53/xml/udp_53_dns_nmap.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:30:25 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 53 &quot;-&#45;script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_dns_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp53/xml/udp_53_dns_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 53 &quot;-&#45;script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)&quot; -oN /home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_dns_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp53/xml/udp_53_dns_nmap.xml escape.htb" start="1677583825" startstr="Tue Feb 28 12:30:25 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="udp" protocol="udp" numservices="1" services="53"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="UDP Scan" time="1677583826"/>
+<taskend task="UDP Scan" time="1677583826" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677583826"/>
+<taskend task="Service scan" time="1677583846" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677583846"/>
+<taskend task="NSE" time="1677583864"/>
+<taskbegin task="NSE" time="1677583864"/>
+<taskend task="NSE" time="1677583864"/>
+<taskbegin task="NSE" time="1677583864"/>
+<taskend task="NSE" time="1677583864"/>
+<host starttime="1677583826" endtime="1677583864"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="udp" portid="53"><state state="open" reason="udp-response" reason_ttl="127"/><service name="domain" extrainfo="generic dns response: SERVFAIL" servicefp="SF-Port53-UDP:V=7.93%I=7%D=2/28%Time=63FDE5E6%P=x86_64-pc-linux-gnu%r(NBTStat,32,&quot;\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01&quot;);" method="probed" conf="10"/><script id="dns-cache-snoop" output="0 of 100 tested domains are cached.&#xa;"/><script id="fingerprint-strings" output="&#xa;  NBTStat: &#xa;    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"><elem key="NBTStat">&#xa;    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA</elem>
+</script><script id="dns-nsec3-enum" output="&#xa;  DNSSEC NSEC3 not supported&#xa;"/><script id="dns-nsec-enum" output="&#xa;  No NSEC records found&#xa;"/></port>
+</ports>
+<hostscript><script id="dns-brute" output="&#xa;  DNS Brute-force hostnames: No results."><table key="DNS Brute-force hostnames">
+</table>
+</script></hostscript><times srtt="165743" rttvar="165743" to="828715"/>
+</host>
+<taskbegin task="NSE" time="1677583864"/>
+<taskend task="NSE" time="1677583864"/>
+<taskbegin task="NSE" time="1677583864"/>
+<taskend task="NSE" time="1677583864"/>
+<taskbegin task="NSE" time="1677583864"/>
+<taskend task="NSE" time="1677583864"/>
+<runstats><finished time="1677583864" timestr="Tue Feb 28 12:31:04 2023" summary="Nmap done at Tue Feb 28 12:31:04 2023; 1 IP address (1 host up) scanned in 39.15 seconds" elapsed="39.15" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/udp88/udp_88_kerberos_nmap.txt

@@ -0,0 +1,12 @@
+# Nmap 7.93 scan initiated Tue Feb 28 12:30:25 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 88 --script=banner,krb5-enum-users --script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/udp88/udp_88_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp88/xml/udp_88_kerberos_nmap.xml escape.htb
+Nmap scan report for escape.htb (10.129.184.130)
+Host is up, received user-set.
+Scanned at 2023-02-28 12:30:26 CET for 6s
+
+PORT   STATE SERVICE      REASON       VERSION
+88/udp open  kerberos-sec udp-response Microsoft Windows Kerberos (server time: 2023-02-28 19:30:27Z)
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 12:30:32 2023 -- 1 IP address (1 host up) scanned in 7.34 seconds

HTB/escape/results/escape.htb/scans/udp88/xml/udp_88_kerberos_nmap.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:30:25 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 88 -&#45;script=banner,krb5-enum-users -&#45;script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/udp88/udp_88_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp88/xml/udp_88_kerberos_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -sV -p 88 -&#45;script=banner,krb5-enum-users -&#45;script-args krb5-enum-users.realm=escape.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/htb/escape/results/escape.htb/scans/udp88/udp_88_kerberos_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/udp88/xml/udp_88_kerberos_nmap.xml escape.htb" start="1677583825" startstr="Tue Feb 28 12:30:25 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="udp" protocol="udp" numservices="1" services="88"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="NSE" time="1677583826"/>
+<taskend task="NSE" time="1677583826"/>
+<taskbegin task="UDP Scan" time="1677583826"/>
+<taskend task="UDP Scan" time="1677583827" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677583827"/>
+<taskend task="Service scan" time="1677583832" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677583832"/>
+<taskend task="NSE" time="1677583832"/>
+<taskbegin task="NSE" time="1677583832"/>
+<taskend task="NSE" time="1677583832"/>
+<host starttime="1677583826" endtime="1677583832"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="udp" portid="88"><state state="open" reason="udp-response" reason_ttl="0"/><service name="kerberos-sec" product="Microsoft Windows Kerberos" extrainfo="server time: 2023-02-28 19:30:27Z" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:microsoft:kerberos</cpe><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+</host>
+<taskbegin task="NSE" time="1677583832"/>
+<taskend task="NSE" time="1677583832"/>
+<taskbegin task="NSE" time="1677583832"/>
+<taskend task="NSE" time="1677583832"/>
+<runstats><finished time="1677583832" timestr="Tue Feb 28 12:30:32 2023" summary="Nmap done at Tue Feb 28 12:30:32 2023; 1 IP address (1 host up) scanned in 7.34 seconds" elapsed="7.34" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml

@@ -0,0 +1,358 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:00:56 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -p- -oN /home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml escape.htb" start="1677582056" startstr="Tue Feb 28 12:00:56 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="65535" services="1-65535"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="SYN Stealth Scan" time="1677582057"/>
+<taskprogress task="SYN Stealth Scan" time="1677582088" percent="6.93" remaining="417" etc="1677582504"/>
+<taskprogress task="SYN Stealth Scan" time="1677582118" percent="17.56" remaining="287" etc="1677582404"/>
+<taskprogress task="SYN Stealth Scan" time="1677582148" percent="32.46" remaining="190" etc="1677582337"/>
+<taskprogress task="SYN Stealth Scan" time="1677582178" percent="55.87" remaining="96" etc="1677582274"/>
+<taskend task="SYN Stealth Scan" time="1677582213" extrainfo="65535 total ports"/>
+<taskbegin task="Service scan" time="1677582213"/>
+<taskend task="Service scan" time="1677582288" extrainfo="20 services on 1 host"/>
+<taskbegin task="Traceroute" time="1677582296"/>
+<taskend task="Traceroute" time="1677582296"/>
+<taskbegin task="Parallel DNS resolution of 1 host." time="1677582296"/>
+<taskend task="Parallel DNS resolution of 1 host." time="1677582296"/>
+<taskbegin task="NSE" time="1677582296"/>
+<taskprogress task="NSE" time="1677582327" percent="99.96" remaining="1" etc="1677582327"/>
+<taskend task="NSE" time="1677582336"/>
+<taskbegin task="NSE" time="1677582336"/>
+<taskend task="NSE" time="1677582340"/>
+<taskbegin task="NSE" time="1677582340"/>
+<taskend task="NSE" time="1677582340"/>
+<host starttime="1677582057" endtime="1677582340"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="filtered" count="65515">
+<extrareasons reason="no-response" count="65515" proto="tcp" ports="1-52,54-87,89-134,136-138,140-388,390-444,446-463,465-592,594-635,637-1432,1434-3267,3270-5984,5986-9388,9390-49666,49668-49672,49675-49695,49697-49702,49704-53253,53255-65535"/>
+</extraports>
+<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="domain" product="Simple DNS Plus" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:jh_software:simple_dns_plus</cpe><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="88"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="kerberos-sec" product="Microsoft Windows Kerberos" extrainfo="server time: 2023-02-28 19:03:35Z" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:microsoft:kerberos</cpe><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="netbios-ssn" product="Microsoft Windows netbios-ssn" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="389"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb0., Site: Default-First-Site-Name" hostname="DC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-date" output="2023-02-28T19:05:32+00:00; +7h59m55s from scanner time."><elem key="date">2023-02-28T19:05:32+00:00</elem>
+<elem key="delta">28795.0</elem>
+</script><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script></port>
+<port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="microsoft-ds" method="table" conf="3"/></port>
+<port protocol="tcp" portid="464"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="kpasswd5" method="table" conf="3"/></port>
+<port protocol="tcp" portid="593"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ncacn_http" product="Microsoft Windows RPC over HTTP" version="1.0" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="636"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb0., Site: Default-First-Site-Name" hostname="DC" ostype="Windows" tunnel="ssl" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-date" output="2023-02-28T19:05:32+00:00; +7h59m55s from scanner time."><elem key="date">2023-02-28T19:05:32+00:00</elem>
+<elem key="delta">28795.0</elem>
+</script><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script></port>
+<port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ms-sql-s" product="Microsoft SQL Server 2019" version="15.00.2000.00; RTM" method="probed" conf="10"><cpe>cpe:/a:microsoft:sql_server:2019</cpe></service><script id="ms-sql-info" output="ERROR: Script execution failed (use -d to debug)"/><script id="ssl-date" output="2023-02-28T19:05:32+00:00; +7h59m55s from scanner time."><elem key="date">2023-02-28T19:05:32+00:00</elem>
+<elem key="delta">28795.0</elem>
+</script><script id="ssl-cert" output="Subject: commonName=SSL_Self_Signed_Fallback&#xa;Issuer: commonName=SSL_Self_Signed_Fallback&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2023-02-28T04:28:02&#xa;Not valid after:  2053-02-28T04:28:02&#xa;MD5:   015ca460f1ffd07cb7e668baa3858ef2&#xa;SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7&#xa;MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA&#xa;bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx&#xa;OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs&#xa;AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI&#xa;bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94&#xa;XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2&#xa;Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0&#xa;ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq&#xa;Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa&#xa;zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL&#xa;M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN&#xa;ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh&#xa;xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB&#xa;1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc&#xa;nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf&#xa;foL8PQ==&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">\x00S\x00S\x00L\x00_\x00S\x00e\x00l\x00f\x00_\x00S\x00i\x00g\x00n\x00e\x00d\x00_\x00F\x00a\x00l\x00l\x00b\x00a\x00c\x00k</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">\x00S\x00S\x00L\x00_\x00S\x00e\x00l\x00f\x00_\x00S\x00i\x00g\x00n\x00e\x00d\x00_\x00F\x00a\x00l\x00l\x00b\x00a\x00c\x00k</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">C1107140C86C83C9C828E256992C82696364F7CA130FD67697AE7F7C032875299DC6EF136508C25716CD8C91492B1213E85AA71F785F320F31166B1EA9B4C00F6A7621C82541C841ACF7F03610C0E6E6C170D971717E138738F14B2AE226A1FB528DEA6C7647376AC75D0877A1182F5401DC8C1B6359E2E89A08644B3CEAF070B40FB7E8DCC106FFCDA83959B7A5040BB4B9B08A347ED0403E008346F853267B02044E179E376889695A8C9A693D907E7B5CC53B1D9B0568F4C6333B47EF90D1F33D38D92A333D1598A0AEA815C247B0A71F66DD8DC384B2EFC5CC3B8B53DFA7F3F5E34EB2C9440BAAC466475692B2BAA7F698B65ACC71EEB822010A5271B95D</elem>
+<elem key="exponent">65537</elem>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2023-02-28T04:28:02</elem>
+<elem key="notAfter">2053-02-28T04:28:02</elem>
+</table>
+<elem key="md5">015ca460f1ffd07cb7e668baa3858ef2</elem>
+<elem key="sha1">e5402a47a83d13f0a50e8e0fbded72e7b51f17d4</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7&#xa;MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA&#xa;bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx&#xa;OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs&#xa;AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI&#xa;bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94&#xa;XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2&#xa;Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0&#xa;ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq&#xa;Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa&#xa;zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL&#xa;M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN&#xa;ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh&#xa;xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB&#xa;1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc&#xa;nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf&#xa;foL8PQ==&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ms-sql-ntlm-info" output="ERROR: Script execution failed (use -d to debug)"/></port>
+<port protocol="tcp" portid="3268"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb0., Site: Default-First-Site-Name" hostname="DC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ssl-date" output="2023-02-28T19:05:32+00:00; +7h59m55s from scanner time."><elem key="date">2023-02-28T19:05:32+00:00</elem>
+<elem key="delta">28795.0</elem>
+</script></port>
+<port protocol="tcp" portid="3269"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb0., Site: Default-First-Site-Name" hostname="DC" ostype="Windows" tunnel="ssl" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ssl-date" output="2023-02-28T19:05:32+00:00; +7h59m55s from scanner time."><elem key="date">2023-02-28T19:05:32+00:00</elem>
+<elem key="delta">28795.0</elem>
+</script></port>
+<port protocol="tcp" portid="5985"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="http" product="Microsoft HTTPAPI httpd" version="2.0" extrainfo="SSDP/UPnP" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="http-title" output="Not Found"><elem key="title">Not Found</elem>
+</script><script id="http-server-header" output="Microsoft-HTTPAPI/2.0"><elem>Microsoft-HTTPAPI/2.0</elem>
+</script></port>
+<port protocol="tcp" portid="9389"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="mc-nmf" product=".NET Message Framing" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="49667"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="49673"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ncacn_http" product="Microsoft Windows RPC over HTTP" version="1.0" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="49674"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="49696"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="49703"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="53254"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="53"/>
+<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=63FDE004%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=108%GCD=1%ISR=107%TI=I%TS=U)&#xa;SEQ(SP=108%GCD=1%ISR=107%TI=I%II=I%SS=S%TS=U)&#xa;OPS(O1=M54ENW8NNS%O2=M54ENW8NNS%O3=M54ENW8%O4=M54ENW8NNS%O5=M54ENW8NNS%O6=M54ENNS)&#xa;WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)&#xa;ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M54ENW8NNS%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=N)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=80%CD=Z)&#xa;"/>
+</os>
+<distance value="2"/>
+<tcpsequence index="264" difficulty="Good luck!" values="BA873C41,A40C44F0,9A8D2D2,C880910,8831D5B,7054EC3C"/>
+<ipidsequence class="Incremental" values="C24B,C24C,C24D,C24E,C24F,C250"/>
+<tcptssequence class="none returned (unsupported)"/>
+<hostscript><script id="p2p-conficker" output="&#xa;  Checking for Conficker.C or higher...&#xa;  Check 1 (port 44244/tcp): CLEAN (Timeout)&#xa;  Check 2 (port 64892/tcp): CLEAN (Timeout)&#xa;  Check 3 (port 13054/udp): CLEAN (Timeout)&#xa;  Check 4 (port 46576/udp): CLEAN (Timeout)&#xa;  0/4 checks are positive: Host is CLEAN or ports are blocked&#xa;"/><script id="smb2-security-mode" output="&#xa;  311: &#xa;    Message signing enabled and required"><table key="311">
+<elem>Message signing enabled and required</elem>
+</table>
+</script><script id="smb2-time" output="&#xa;  date: 2023-02-28T19:04:56&#xa;  start_date: N/A"><elem key="date">2023-02-28T19:04:56</elem>
+<elem key="start_date">N/A</elem>
+</script><script id="clock-skew" output="mean: 7h59m54s, deviation: 0s, median: 7h59m54s"><elem key="median">28794</elem>
+<elem key="mean">28794</elem>
+<elem key="stddev">0</elem>
+<elem key="count">6</elem>
+</script></hostscript><trace port="135" proto="tcp">
+<hop ttl="1" ipaddr="10.10.16.1" rtt="212.80"/>
+<hop ttl="2" ipaddr="10.129.184.130" rtt="212.88" host="escape.htb"/>
+</trace>
+<times srtt="180500" rttvar="45305" to="361720"/>
+</host>
+<taskbegin task="NSE" time="1677582340"/>
+<taskend task="NSE" time="1677582340"/>
+<taskbegin task="NSE" time="1677582340"/>
+<taskend task="NSE" time="1677582340"/>
+<taskbegin task="NSE" time="1677582340"/>
+<taskend task="NSE" time="1677582340"/>
+<runstats><finished time="1677582340" timestr="Tue Feb 28 12:05:40 2023" summary="Nmap done at Tue Feb 28 12:05:40 2023; 1 IP address (1 host up) scanned in 284.14 seconds" elapsed="284.14" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml

@@ -0,0 +1,344 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:00:56 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -sC -&#45;version-all -A -&#45;osscan-guess -oN /home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml escape.htb" start="1677582056" startstr="Tue Feb 28 12:00:56 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1000" services="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="SYN Stealth Scan" time="1677582057"/>
+<taskend task="SYN Stealth Scan" time="1677582068" extrainfo="1000 total ports"/>
+<taskbegin task="Service scan" time="1677582068"/>
+<taskend task="Service scan" time="1677582573" extrainfo="12 services on 1 host"/>
+<taskbegin task="Traceroute" time="1677582581"/>
+<taskend task="Traceroute" time="1677582581"/>
+<taskbegin task="Parallel DNS resolution of 1 host." time="1677582581"/>
+<taskend task="Parallel DNS resolution of 1 host." time="1677582581"/>
+<taskbegin task="NSE" time="1677582582"/>
+<taskprogress task="NSE" time="1677582613" percent="99.94" remaining="1" etc="1677582613"/>
+<taskend task="NSE" time="1677582622"/>
+<taskbegin task="NSE" time="1677582622"/>
+<taskend task="NSE" time="1677582626"/>
+<taskbegin task="NSE" time="1677582626"/>
+<taskend task="NSE" time="1677582626"/>
+<host starttime="1677582057" endtime="1677582626"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="filtered" count="988">
+<extrareasons reason="no-response" count="988" proto="tcp" ports="1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,70,79-85,89-90,99-100,106,109-111,113,119,125,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,406-407,416-417,425,427,443-444,458,465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,616-617,625,631,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"/>
+</extraports>
+<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="domain" method="table" conf="3"/></port>
+<port protocol="tcp" portid="88"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="kerberos-sec" product="Microsoft Windows Kerberos" extrainfo="server time: 2023-02-28 19:01:10Z" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:microsoft:kerberos</cpe><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="netbios-ssn" product="Microsoft Windows netbios-ssn" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="389"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb, Site: Default-First-Site-Name" hostname="DC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-date" output="2023-02-28T19:10:19+00:00; +7h59m55s from scanner time."><elem key="delta">28795.0</elem>
+<elem key="date">2023-02-28T19:10:19+00:00</elem>
+</script><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script></port>
+<port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="microsoft-ds" method="table" conf="3"/></port>
+<port protocol="tcp" portid="464"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="kpasswd5" method="table" conf="3"/></port>
+<port protocol="tcp" portid="593"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ncacn_http" product="Microsoft Windows RPC over HTTP" version="1.0" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="tcp" portid="636"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb0., Site: Default-First-Site-Name" hostname="DC" ostype="Windows" tunnel="ssl" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-date" output="2023-02-28T19:10:19+00:00; +7h59m55s from scanner time."><elem key="delta">28795.0</elem>
+<elem key="date">2023-02-28T19:10:19+00:00</elem>
+</script><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script></port>
+<port protocol="tcp" portid="1433"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ms-sql-s" product="Microsoft SQL Server 2019" version="15.00.2000.00; RTM" method="probed" conf="10"><cpe>cpe:/a:microsoft:sql_server:2019</cpe></service><script id="ssl-cert" output="Subject: commonName=SSL_Self_Signed_Fallback&#xa;Issuer: commonName=SSL_Self_Signed_Fallback&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2023-02-28T04:28:02&#xa;Not valid after:  2053-02-28T04:28:02&#xa;MD5:   015ca460f1ffd07cb7e668baa3858ef2&#xa;SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7&#xa;MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA&#xa;bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx&#xa;OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs&#xa;AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI&#xa;bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94&#xa;XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2&#xa;Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0&#xa;ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq&#xa;Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa&#xa;zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL&#xa;M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN&#xa;ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh&#xa;xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB&#xa;1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc&#xa;nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf&#xa;foL8PQ==&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">\x00S\x00S\x00L\x00_\x00S\x00e\x00l\x00f\x00_\x00S\x00i\x00g\x00n\x00e\x00d\x00_\x00F\x00a\x00l\x00l\x00b\x00a\x00c\x00k</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">\x00S\x00S\x00L\x00_\x00S\x00e\x00l\x00f\x00_\x00S\x00i\x00g\x00n\x00e\x00d\x00_\x00F\x00a\x00l\x00l\x00b\x00a\x00c\x00k</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">C1107140C86C83C9C828E256992C82696364F7CA130FD67697AE7F7C032875299DC6EF136508C25716CD8C91492B1213E85AA71F785F320F31166B1EA9B4C00F6A7621C82541C841ACF7F03610C0E6E6C170D971717E138738F14B2AE226A1FB528DEA6C7647376AC75D0877A1182F5401DC8C1B6359E2E89A08644B3CEAF070B40FB7E8DCC106FFCDA83959B7A5040BB4B9B08A347ED0403E008346F853267B02044E179E376889695A8C9A693D907E7B5CC53B1D9B0568F4C6333B47EF90D1F33D38D92A333D1598A0AEA815C247B0A71F66DD8DC384B2EFC5CC3B8B53DFA7F3F5E34EB2C9440BAAC466475692B2BAA7F698B65ACC71EEB822010A5271B95D</elem>
+<elem key="exponent">65537</elem>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2023-02-28T04:28:02</elem>
+<elem key="notAfter">2053-02-28T04:28:02</elem>
+</table>
+<elem key="md5">015ca460f1ffd07cb7e668baa3858ef2</elem>
+<elem key="sha1">e5402a47a83d13f0a50e8e0fbded72e7b51f17d4</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7&#xa;MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA&#xa;bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx&#xa;OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs&#xa;AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI&#xa;bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94&#xa;XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2&#xa;Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0&#xa;ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq&#xa;Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa&#xa;zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL&#xa;M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN&#xa;ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh&#xa;xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB&#xa;1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc&#xa;nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf&#xa;foL8PQ==&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ssl-date" output="2023-02-28T19:10:19+00:00; +7h59m55s from scanner time."><elem key="delta">28795.0</elem>
+<elem key="date">2023-02-28T19:10:19+00:00</elem>
+</script><script id="ms-sql-info" output="ERROR: Script execution failed (use -d to debug)"/><script id="ms-sql-ntlm-info" output="ERROR: Script execution failed (use -d to debug)"/></port>
+<port protocol="tcp" portid="3268"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb0., Site: Default-First-Site-Name" hostname="DC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-date" output="2023-02-28T19:10:19+00:00; +7h59m55s from scanner time."><elem key="delta">28795.0</elem>
+<elem key="date">2023-02-28T19:10:19+00:00</elem>
+</script><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script></port>
+<port protocol="tcp" portid="3269"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="ldap" product="Microsoft Windows Active Directory LDAP" extrainfo="Domain: sequel.htb0., Site: Default-First-Site-Name" hostname="DC" ostype="Windows" tunnel="ssl" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service><script id="ssl-cert" output="Subject: commonName=dc.sequel.htb&#xa;Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb&#xa;Issuer: commonName=sequel-DC-CA/domainComponent=sequel&#xa;Public Key type: rsa&#xa;Public Key bits: 2048&#xa;Signature Algorithm: sha256WithRSAEncryption&#xa;Not valid before: 2022-11-18T21:20:35&#xa;Not valid after:  2023-11-18T21:20:35&#xa;MD5:   869f7f54b2edff74708d1a6ddf34b9bd&#xa;SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa&#xa;-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;"><table key="subject">
+<elem key="commonName">dc.sequel.htb</elem>
+</table>
+<table key="issuer">
+<elem key="commonName">sequel-DC-CA</elem>
+<elem key="domainComponent">sequel</elem>
+</table>
+<table key="pubkey">
+<elem key="type">rsa</elem>
+<elem key="bits">2048</elem>
+<elem key="modulus">A69278AA2EFE072FE4D988F2D49F37649D73FECA4EEF85BDB546703DF82F9838F42817F8151DC837D1AD2E08D55FA087C13B5ECFC91D976B5CE7C1C1F28F41E26C9A2A3CE12A6457D747986927B489C4F97D95282C3C42533E28BBF7DBB4CDC052D3C45CA06892E0678BEC7CC0CD97A545D1CE75D63CBDF0A9016C07DD6932E6F5673FCA99ECB71198314F8DCF74F6380992700EFA4851E5E0DBDDC71B5AFFC8CA97DF5019E1E3CB78D603A58CE87CA8380B92BFDA668DFB04D3675B7A0118AA016050AF11514C7EAF4CEA13E8D17EE87C402D7171C56C3FECEADF2785A5E58E6E8B51F9BD64B57AB9D53C4F7C6A22637B7079993B0F733C3BA0A04511DB3345</elem>
+<elem key="exponent">65537</elem>
+</table>
+<table key="extensions">
+<table>
+<elem key="name">1.3.6.1.4.1.311.20.2</elem>
+</table>
+<table>
+<elem key="name">X509v3 Extended Key Usage</elem>
+<elem key="value">TLS Web Client Authentication, TLS Web Server Authentication</elem>
+</table>
+<table>
+<elem key="name">X509v3 Key Usage</elem>
+<elem key="value">Digital Signature, Key Encipherment</elem>
+<elem key="critical">true</elem>
+</table>
+<table>
+<elem key="name">S/MIME Capabilities</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Key Identifier</elem>
+<elem key="value">22:E2:60:5F:A1:1E:F7:90:9E:56:2A:7B:95:BB:4C:0E:DE:6C:58:87</elem>
+</table>
+<table>
+<elem key="name">X509v3 Authority Key Identifier</elem>
+<elem key="value">62:9F:32:A3:A0:F0:38:20:D4:60:C0:CD:6D:C5:FA:51:30:5E:C3:15</elem>
+</table>
+<table>
+<elem key="name">X509v3 CRL Distribution Points</elem>
+<elem key="value">Full Name:&#xa;  URI:ldap:///CN=sequel-DC-CA,CN=dc,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?certificateRevocationList?base?objectClass=cRLDistributionPoint</elem>
+</table>
+<table>
+<elem key="name">Authority Information Access</elem>
+<elem key="value">CA Issuers - URI:ldap:///CN=sequel-DC-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=sequel,DC=htb?cACertificate?base?objectClass=certificationAuthority</elem>
+</table>
+<table>
+<elem key="name">X509v3 Subject Alternative Name</elem>
+<elem key="value">othername: 1.3.6.1.4.1.311.25.1::&lt;unsupported&gt;, DNS:dc.sequel.htb</elem>
+</table>
+</table>
+<elem key="sig_algo">sha256WithRSAEncryption</elem>
+<table key="validity">
+<elem key="notBefore">2022-11-18T21:20:35</elem>
+<elem key="notAfter">2023-11-18T21:20:35</elem>
+</table>
+<elem key="md5">869f7f54b2edff74708d1a6ddf34b9bd</elem>
+<elem key="sha1">742ab4522191331767395039db9b3b2e27b6f7fa</elem>
+<elem key="pem">-&#45;&#45;&#45;&#45;BEGIN CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF&#xa;ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs&#xa;MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4&#xa;MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B&#xa;AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv&#xa;mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0&#xa;icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p&#xa;Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo&#xa;fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl&#xa;5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww&#xa;LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy&#xa;MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw&#xa;eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA&#xa;MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl&#xa;AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7&#xa;lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud&#xa;HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj&#xa;LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD&#xa;Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv&#xa;Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50&#xa;MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl&#xa;cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049&#xa;U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy&#xa;dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5&#xa;MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj&#xa;LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+&#xa;/VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed&#xa;RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC&#xa;frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r&#xa;nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb&#xa;Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=&#xa;-&#45;&#45;&#45;&#45;END CERTIFICATE-&#45;&#45;&#45;&#45;&#xa;</elem>
+</script><script id="ssl-date" output="2023-02-28T19:10:19+00:00; +7h59m55s from scanner time."><elem key="delta">28795.0</elem>
+<elem key="date">2023-02-28T19:10:19+00:00</elem>
+</script></port>
+</ports>
+<os><portused state="open" proto="tcp" portid="53"/>
+<osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=63FDE122%P=x86_64-pc-linux-gnu)&#xa;SEQ(SP=104%GCD=1%ISR=106%TI=I%II=I%SS=O%TS=U)&#xa;SEQ(SP=104%GCD=1%ISR=106%TS=U)&#xa;OPS(O1=M54ENW8NNS%O2=M54ENW8NNS%O3=M54ENW8%O4=M54ENW8NNS%O5=M54ENW8NNS%O6=M54ENNS)&#xa;WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)&#xa;ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M54ENW8NNS%CC=Y%Q=)&#xa;T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=N)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=80%CD=Z)&#xa;"/>
+</os>
+<distance value="2"/>
+<tcpsequence index="260" difficulty="Good luck!" values="E49840F4,E1F4FBCB,46ADAB32,204D64FF,35816094,6B5B6DD2"/>
+<ipidsequence class="Busy server or unknown class" values="EA77,EA78,EAA1,EAA2,EAA3,EAA4"/>
+<tcptssequence class="none returned (unsupported)"/>
+<hostscript><script id="clock-skew" output="mean: 7h59m54s, deviation: 0s, median: 7h59m54s"><elem key="mean">28794</elem>
+<elem key="median">28794</elem>
+<elem key="stddev">0</elem>
+<elem key="count">6</elem>
+</script><script id="smb2-security-mode" output="&#xa;  311: &#xa;    Message signing enabled and required"><table key="311">
+<elem>Message signing enabled and required</elem>
+</table>
+</script><script id="smb2-time" output="&#xa;  date: 2023-02-28T19:09:38&#xa;  start_date: N/A"><elem key="date">2023-02-28T19:09:38</elem>
+<elem key="start_date">N/A</elem>
+</script><script id="p2p-conficker" output="&#xa;  Checking for Conficker.C or higher...&#xa;  Check 1 (port 44244/tcp): CLEAN (Timeout)&#xa;  Check 2 (port 64892/tcp): CLEAN (Timeout)&#xa;  Check 3 (port 13054/udp): CLEAN (Timeout)&#xa;  Check 4 (port 46576/udp): CLEAN (Timeout)&#xa;  0/4 checks are positive: Host is CLEAN or ports are blocked&#xa;"/></hostscript><trace port="445" proto="tcp">
+<hop ttl="1" ipaddr="10.10.16.1" rtt="252.43"/>
+<hop ttl="2" ipaddr="10.129.184.130" rtt="252.73" host="escape.htb"/>
+</trace>
+<times srtt="214650" rttvar="57965" to="446510"/>
+</host>
+<taskbegin task="NSE" time="1677582626"/>
+<taskend task="NSE" time="1677582626"/>
+<taskbegin task="NSE" time="1677582626"/>
+<taskend task="NSE" time="1677582626"/>
+<taskbegin task="NSE" time="1677582626"/>
+<taskend task="NSE" time="1677582626"/>
+<runstats><finished time="1677582626" timestr="Tue Feb 28 12:10:26 2023" summary="Nmap done at Tue Feb 28 12:10:26 2023; 1 IP address (1 host up) scanned in 570.02 seconds" elapsed="570.02" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml

@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 12:00:56 2023 as: nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml escape.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sU -A -&#45;top-ports 100 -oN /home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml escape.htb" start="1677582056" startstr="Tue Feb 28 12:00:56 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="udp" protocol="udp" numservices="100" services="7,9,17,19,49,53,67-69,80,88,111,120,123,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="NSE" time="1677582057"/>
+<taskend task="NSE" time="1677582057"/>
+<taskbegin task="UDP Scan" time="1677582057"/>
+<taskend task="UDP Scan" time="1677582062" extrainfo="100 total ports"/>
+<taskbegin task="Service scan" time="1677582063"/>
+<taskprogress task="Service scan" time="1677582160" percent="4.00" remaining="2328" etc="1677584488"/>
+<taskprogress task="Service scan" time="1677582258" percent="34.00" remaining="379" etc="1677582637"/>
+<taskprogress task="Service scan" time="1677582355" percent="64.00" remaining="165" etc="1677582519"/>
+<taskend task="Service scan" time="1677582453" extrainfo="100 services on 1 host"/>
+<taskbegin task="Traceroute" time="1677582458"/>
+<taskend task="Traceroute" time="1677582461"/>
+<taskbegin task="Parallel DNS resolution of 1 host." time="1677582461"/>
+<taskend task="Parallel DNS resolution of 1 host." time="1677582461"/>
+<taskbegin task="NSE" time="1677582461"/>
+<taskprogress task="NSE" time="1677582492" percent="98.60" remaining="1" etc="1677582492"/>
+<taskprogress task="NSE" time="1677582522" percent="98.62" remaining="1" etc="1677582523"/>
+<taskprogress task="NSE" time="1677582552" percent="98.64" remaining="2" etc="1677582553"/>
+<taskprogress task="NSE" time="1677582582" percent="98.69" remaining="2" etc="1677582584"/>
+<taskprogress task="NSE" time="1677582612" percent="98.71" remaining="2" etc="1677582614"/>
+<taskprogress task="NSE" time="1677582642" percent="98.74" remaining="3" etc="1677582644"/>
+<taskprogress task="NSE" time="1677582672" percent="98.79" remaining="3" etc="1677582675"/>
+<taskprogress task="NSE" time="1677582702" percent="98.81" remaining="3" etc="1677582705"/>
+<taskprogress task="NSE" time="1677582732" percent="98.86" remaining="4" etc="1677582735"/>
+<taskprogress task="NSE" time="1677582762" percent="98.88" remaining="4" etc="1677582765"/>
+<taskprogress task="NSE" time="1677582792" percent="98.90" remaining="4" etc="1677582796"/>
+<taskprogress task="NSE" time="1677582822" percent="98.94" remaining="4" etc="1677582826"/>
+<taskprogress task="NSE" time="1677582852" percent="98.97" remaining="5" etc="1677582856"/>
+<taskprogress task="NSE" time="1677582882" percent="98.99" remaining="5" etc="1677582886"/>
+<taskprogress task="NSE" time="1677582912" percent="99.01" remaining="5" etc="1677582917"/>
+<taskprogress task="NSE" time="1677582942" percent="99.07" remaining="5" etc="1677582947"/>
+<taskprogress task="NSE" time="1677582972" percent="99.10" remaining="5" etc="1677582977"/>
+<taskprogress task="NSE" time="1677583002" percent="99.12" remaining="5" etc="1677583007"/>
+<taskprogress task="NSE" time="1677583032" percent="99.15" remaining="5" etc="1677583037"/>
+<taskprogress task="NSE" time="1677583062" percent="99.18" remaining="5" etc="1677583067"/>
+<taskprogress task="NSE" time="1677583092" percent="99.23" remaining="5" etc="1677583097"/>
+<taskprogress task="NSE" time="1677583122" percent="99.26" remaining="5" etc="1677583127"/>
+<taskprogress task="NSE" time="1677583152" percent="99.29" remaining="5" etc="1677583157"/>
+<taskprogress task="NSE" time="1677583182" percent="99.32" remaining="5" etc="1677583187"/>
+<taskprogress task="NSE" time="1677583212" percent="99.34" remaining="6" etc="1677583217"/>
+<taskprogress task="NSE" time="1677583242" percent="99.36" remaining="6" etc="1677583247"/>
+<taskprogress task="NSE" time="1677583272" percent="99.41" remaining="5" etc="1677583277"/>
+<taskprogress task="NSE" time="1677583302" percent="99.45" remaining="5" etc="1677583307"/>
+<taskprogress task="NSE" time="1677583332" percent="99.49" remaining="5" etc="1677583336"/>
+<taskprogress task="NSE" time="1677583362" percent="99.50" remaining="5" etc="1677583366"/>
+<taskprogress task="NSE" time="1677583392" percent="99.52" remaining="5" etc="1677583397"/>
+<taskprogress task="NSE" time="1677583422" percent="99.57" remaining="5" etc="1677583426"/>
+<taskprogress task="NSE" time="1677583452" percent="99.60" remaining="4" etc="1677583456"/>
+<taskprogress task="NSE" time="1677583482" percent="99.63" remaining="4" etc="1677583486"/>
+<taskprogress task="NSE" time="1677583512" percent="99.66" remaining="4" etc="1677583516"/>
+<taskprogress task="NSE" time="1677583542" percent="99.70" remaining="4" etc="1677583545"/>
+<taskprogress task="NSE" time="1677583572" percent="99.72" remaining="4" etc="1677583575"/>
+<taskprogress task="NSE" time="1677583602" percent="99.74" remaining="3" etc="1677583605"/>
+<taskprogress task="NSE" time="1677583632" percent="99.78" remaining="3" etc="1677583635"/>
+<taskprogress task="NSE" time="1677583662" percent="99.82" remaining="3" etc="1677583664"/>
+<taskprogress task="NSE" time="1677583692" percent="99.85" remaining="2" etc="1677583694"/>
+<taskprogress task="NSE" time="1677583722" percent="99.88" remaining="2" etc="1677583724"/>
+<taskprogress task="NSE" time="1677583752" percent="99.92" remaining="2" etc="1677583753"/>
+<taskprogress task="NSE" time="1677583782" percent="99.95" remaining="1" etc="1677583783"/>
+<taskprogress task="NSE" time="1677583812" percent="99.98" remaining="1" etc="1677583812"/>
+<taskend task="NSE" time="1677583819"/>
+<taskbegin task="NSE" time="1677583819"/>
+<taskend task="NSE" time="1677583824"/>
+<taskbegin task="NSE" time="1677583824"/>
+<taskend task="NSE" time="1677583824"/>
+<host starttime="1677582057" endtime="1677583824"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="escape.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><extraports state="open|filtered" count="97">
+<extrareasons reason="no-response" count="97" proto="udp" ports="7,9,17,19,49,67-69,80,111,120,135-139,158,161-162,177,427,443,445,497,500,514-515,518,520,593,623,626,631,996-999,1022-1023,1025-1030,1433-1434,1645-1646,1701,1718-1719,1812-1813,1900,2000,2048-2049,2222-2223,3283,3456,3703,4444,4500,5000,5060,5353,5632,9200,10000,17185,20031,30718,31337,32768-32769,32771,32815,33281,49152-49154,49156,49181-49182,49185-49186,49188,49190-49194,49200-49201,65024"/>
+</extraports>
+<port protocol="udp" portid="53"><state state="open" reason="udp-response" reason_ttl="127"/><service name="domain" extrainfo="generic dns response: SERVFAIL" servicefp="SF-Port53-UDP:V=7.93%I=7%D=2/28%Time=63FDDF03%P=x86_64-pc-linux-gnu%r(NBTStat,32,&quot;\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01&quot;);" method="probed" conf="10"/><script id="fingerprint-strings" output="&#xa;  NBTStat: &#xa;    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"><elem key="NBTStat">&#xa;    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA</elem>
+</script></port>
+<port protocol="udp" portid="88"><state state="open" reason="udp-response" reason_ttl="0"/><service name="kerberos-sec" product="Microsoft Windows Kerberos" extrainfo="server time: 2023-02-28 19:01:03Z" ostype="Windows" method="probed" conf="10"><cpe>cpe:/a:microsoft:kerberos</cpe><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+<port protocol="udp" portid="123"><state state="open" reason="udp-response" reason_ttl="127"/><service name="ntp" product="NTP" version="v3" method="probed" conf="10"/><script id="ntp-info" output="&#xa;  receive time stamp: 2023-02-28T19:07:40"><elem key="receive time stamp">2023-02-28T19:07:40</elem>
+</script></port>
+</ports>
+<os><osfingerprint fingerprint="SCAN(V=7.93%E=4%D=2/28%OT=%CT=%CU=%PV=Y%DS=10%DC=T%G=N%TM=63FDE5D0%P=x86_64-pc-linux-gnu)&#xa;SEQ(II=I)&#xa;U1(R=N)&#xa;IE(R=Y%DFI=N%TG=80%CD=Z)&#xa;"/>
+</os>
+<distance value="10"/>
+<hostscript><script id="clock-skew" output="7h59m58s"><elem key="count">1</elem>
+<elem key="median">28798</elem>
+<elem key="mean">28798</elem>
+<elem key="stddev">0</elem>
+</script></hostscript><trace port="53" proto="udp">
+<hop ttl="1" ipaddr="10.10.16.1" rtt="211.55"/>
+<hop ttl="10" ipaddr="10.129.184.130" rtt="86.35" host="escape.htb"/>
+</trace>
+<times srtt="123273" rttvar="54187" to="340021"/>
+</host>
+<taskbegin task="NSE" time="1677583824"/>
+<taskend task="NSE" time="1677583824"/>
+<taskbegin task="NSE" time="1677583824"/>
+<taskend task="NSE" time="1677583824"/>
+<taskbegin task="NSE" time="1677583824"/>
+<taskend task="NSE" time="1677583824"/>
+<runstats><finished time="1677583824" timestr="Tue Feb 28 12:30:24 2023" summary="Nmap done at Tue Feb 28 12:30:24 2023; 1 IP address (1 host up) scanned in 1768.66 seconds" elapsed="1768.66" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>

HTB/escape/results/sequel.htb/report/notes.txt

@@ -0,0 +1,92 @@
+[*] domain found on tcp/53.
+
+
+
+[*] kerberos-sec found on tcp/88.
+
+
+
+[*] msrpc found on tcp/135.
+
+
+
+[*] netbios-ssn found on tcp/139.
+
+
+
+[*] ldap found on tcp/389.
+
+
+
+[*] microsoft-ds found on tcp/445.
+
+
+
+[*] kpasswd5 found on tcp/464.
+
+
+
+[*] ncacn_http found on tcp/593.
+
+
+
+[*] ldap found on tcp/636.
+
+
+
+[*] ms-sql-s found on tcp/1433.
+
+
+
+[*] ldap found on tcp/3268.
+
+
+
+[*] ldap found on tcp/3269.
+
+
+
+[*] wsman found on tcp/5985.
+
+
+
+[*] mc-nmf found on tcp/9389.
+
+
+
+[*] msrpc found on tcp/49667.
+
+
+
+[*] ncacn_http found on tcp/49673.
+
+
+
+[*] msrpc found on tcp/49674.
+
+
+
+[*] msrpc found on tcp/49696.
+
+
+
+[*] msrpc found on tcp/49703.
+
+
+
+[*] msrpc found on tcp/53254.
+
+
+
+[*] domain found on udp/53.
+
+
+
+[*] kerberos-sec found on udp/88.
+
+
+
+[*] ntp found on udp/123.
+
+
+

HTB/escape/results/sequel.htb/scans/_commands.log

@@ -0,0 +1,108 @@
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/escape/results/sequel.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/xml/_quick_tcp_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/escape/results/sequel.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/xml/_full_tcp_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/escape/results/sequel.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/xml/_top_100_udp_nmap.xml" sequel.htb
+
+dnsrecon -n sequel.htb -d sequel.htb 2>&1
+
+dig -p 53 -x sequel.htb @sequel.htb
+
+dig AXFR -p 53 @sequel.htb sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml" sequel.htb
+
+gobuster dns -d sequel.htb -r sequel.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/sequel.htb/scans/tcp53/tcp_53_sequel.htb_subdomains_subdomains-top1million-110000.txt"
+
+nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="sequel.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" sequel.htb
+
+impacket-getArch -target sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml" sequel.htb
+
+impacket-rpcdump -port 135 sequel.htb
+
+enum4linux -a -M -l -d sequel.htb 2>&1
+
+nbtscan -rvh 10.129.184.130 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml" sequel.htb
+
+smbclient -L //sequel.htb -N -I sequel.htb 2>&1
+
+smbmap -H sequel.htb -P 139 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp389/xml/tcp_389_ldap_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml" sequel.htb
+
+smbmap -H sequel.htb -P 445 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="sequel.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" sequel.htb
+
+impacket-rpcdump -port 593 sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 636 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp636/tcp_636_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml" sequel.htb
+
+sslscan --show-certificate --no-colour sequel.htb:636 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 1433 --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port=1433,mssql.username=sa,mssql.password=sa" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 3269 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp3269/tcp_3269_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp3269/xml/tcp_3269_ldap_nmap.xml" sequel.htb
+
+sslscan --show-certificate --no-colour sequel.htb:3269 2>&1
+
+nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49674 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp49674/tcp_49674_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp49674/xml/tcp_49674_rpc_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49696 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp49696/tcp_49696_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp49696/xml/tcp_49696_rpc_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 49703 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp49703/tcp_49703_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp49703/xml/tcp_49703_rpc_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sV -p 53254 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp53254/tcp_53254_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp53254/xml/tcp_53254_rpc_nmap.xml" sequel.htb
+
+dig AXFR -p 53 @sequel.htb sequel.htb
+
+dig AXFR -p 53 @sequel.htb
+
+smbmap -u null -p "" -H sequel.htb -P 445 2>&1
+
+smbmap -u null -p "" -H sequel.htb -P 139 2>&1
+
+smbmap -H sequel.htb -P 445 -R 2>&1
+
+smbmap -H sequel.htb -P 139 -R 2>&1
+
+smbmap -u null -p "" -H sequel.htb -P 445 -R 2>&1
+
+smbmap -u null -p "" -H sequel.htb -P 139 -R 2>&1
+
+smbmap -H sequel.htb -P 445 -x "ipconfig /all" 2>&1
+
+smbmap -H sequel.htb -P 139 -x "ipconfig /all" 2>&1
+
+smbmap -u null -p "" -H sequel.htb -P 445 -x "ipconfig /all" 2>&1
+
+smbmap -u null -p "" -H sequel.htb -P 139 -x "ipconfig /all" 2>&1
+
+dnsrecon -n sequel.htb -d sequel.htb 2>&1
+
+dig -p 53 -x sequel.htb @sequel.htb
+
+dig AXFR -p 53 @sequel.htb sequel.htb
+
+nmap -vv --reason -Pn -T4 -sU -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/udp53/udp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/udp53/xml/udp_53_dns_nmap.xml" sequel.htb
+
+gobuster dns -d sequel.htb -r sequel.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/sequel.htb/scans/udp53/udp_53_sequel.htb_subdomains_subdomains-top1million-110000.txt"
+
+nmap -vv --reason -Pn -T4 -sU -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="sequel.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/sequel.htb/scans/udp88/udp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/udp88/xml/udp_88_kerberos_nmap.xml" sequel.htb
+
+nmap -vv --reason -Pn -T4 -sU -sV -p 123 --script="banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/sequel.htb/scans/udp123/udp_123_ntp_nmap.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/udp123/xml/udp_123_ntp_nmap.xml" sequel.htb
+
+dig AXFR -p 53 @sequel.htb sequel.htb
+
+dig AXFR -p 53 @sequel.htb
+

HTB/escape/results/sequel.htb/scans/_errors.log

@@ -0,0 +1,5 @@
+[*] Service scan DNS Reverse Lookup (tcp/53/domain/dns-reverse-lookup) ran a command which returned a non-zero exit code (9).
+[-] Command: dig -p 53 -x sequel.htb @sequel.htb
+[-] Error Output:
+
+

HTB/escape/results/sequel.htb/scans/_full_tcp_nmap.txt

@@ -0,0 +1,282 @@
+# Nmap 7.93 scan initiated Tue Feb 28 14:18:32 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/htb/escape/results/sequel.htb/scans/_full_tcp_nmap.txt -oX /home/simon/htb/escape/results/sequel.htb/scans/xml/_full_tcp_nmap.xml sequel.htb
+Nmap scan report for sequel.htb (10.129.184.130)
+Host is up, received user-set (0.17s latency).
+rDNS record for 10.129.184.130: escape.htb
+Scanned at 2023-02-28 14:18:33 CET for 368s
+Not shown: 65515 filtered tcp ports (no-response)
+PORT      STATE SERVICE       REASON          VERSION
+53/tcp    open  domain        syn-ack ttl 127 Simple DNS Plus
+88/tcp    open  kerberos-sec  syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-02-28 21:22:33Z)
+135/tcp   open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+139/tcp   open  netbios-ssn   syn-ack ttl 127 Microsoft Windows netbios-ssn
+389/tcp   open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T21:24:32+00:00; +7h59m54s from scanner time.
+445/tcp   open  microsoft-ds? syn-ack ttl 127
+464/tcp   open  kpasswd5?     syn-ack ttl 127
+593/tcp   open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
+636/tcp   open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T21:24:33+00:00; +7h59m54s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+1433/tcp  open  ms-sql-s      syn-ack ttl 127 Microsoft SQL Server 2019 15.00.2000.00; RTM
+|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
+| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
+| Issuer: commonName=SSL_Self_Signed_Fallback
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2023-02-28T04:28:02
+| Not valid after:  2053-02-28T04:28:02
+| MD5:   015ca460f1ffd07cb7e668baa3858ef2
+| SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4
+| -----BEGIN CERTIFICATE-----
+| MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7
+| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
+| bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx
+| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
+| AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI
+| bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94
+| XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2
+| Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0
+| ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq
+| Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa
+| zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL
+| M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN
+| ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh
+| xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB
+| 1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc
+| nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf
+| foL8PQ==
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T21:24:32+00:00; +7h59m54s from scanner time.
+3268/tcp  open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T21:24:32+00:00; +7h59m54s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+3269/tcp  open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T21:24:32+00:00; +7h59m54s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+5985/tcp  open  http          syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
+|_http-server-header: Microsoft-HTTPAPI/2.0
+|_http-title: Not Found
+9389/tcp  open  mc-nmf        syn-ack ttl 127 .NET Message Framing
+49667/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+49673/tcp open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
+49674/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+49696/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+49703/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+53254/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
+OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
+No OS matches for host
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=63FE0099%P=x86_64-pc-linux-gnu)
+SEQ(SP=102%GCD=1%ISR=108%TI=I%TS=U)
+SEQ(SP=102%GCD=1%ISR=108%TI=I%II=I%SS=S%TS=U)
+OPS(O1=M54ENW8NNS%O2=M54ENW8NNS%O3=M54ENW8%O4=M54ENW8NNS%O5=M54ENW8NNS%O6=M54ENNS)
+WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)
+ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M54ENW8NNS%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=80%CD=Z)
+
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=258 (Good luck!)
+IP ID Sequence Generation: Incremental
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+| p2p-conficker: 
+|   Checking for Conficker.C or higher...
+|   Check 1 (port 44244/tcp): CLEAN (Timeout)
+|   Check 2 (port 64892/tcp): CLEAN (Timeout)
+|   Check 3 (port 13054/udp): CLEAN (Timeout)
+|   Check 4 (port 46576/udp): CLEAN (Timeout)
+|_  0/4 checks are positive: Host is CLEAN or ports are blocked
+|_clock-skew: mean: 7h59m53s, deviation: 0s, median: 7h59m53s
+| smb2-time: 
+|   date: 2023-02-28T21:23:56
+|_  start_date: N/A
+| smb2-security-mode: 
+|   311: 
+|_    Message signing enabled and required
+
+TRACEROUTE (using port 445/tcp)
+HOP RTT       ADDRESS
+1   212.67 ms 10.10.16.1
+2   212.86 ms escape.htb (10.129.184.130)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 14:24:41 2023 -- 1 IP address (1 host up) scanned in 369.08 seconds

HTB/escape/results/sequel.htb/scans/_manual_commands.txt

@@ -0,0 +1,126 @@
+[*] domain on tcp/53
+
+	[-] Use dnsrecon to bruteforce subdomains of a DNS domain.
+
+		dnsrecon -n sequel.htb -d sequel.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/htb/escape/results/sequel.htb/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt
+
+	[-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name.
+
+		dnsrecon -n sequel.htb -d <DOMAIN-NAME> 2>&1 | tee /home/simon/htb/escape/results/sequel.htb/scans/tcp53/tcp_53_dnsrecon_default_manual.txt
+
+[*] msrpc on tcp/135
+
+	[-] RPC Client:
+
+		rpcclient -p 135 -U "" sequel.htb
+
+[*] netbios-ssn on tcp/139
+
+	[-] Bruteforce SMB
+
+		crackmapexec smb sequel.htb --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt"
+
+	[-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:
+
+		nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" sequel.htb
+
+[*] ldap on tcp/389
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://sequel.htb:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/sequel.htb/scans/tcp389/tcp_389_ldap_all-entries.txt"
+
+[*] microsoft-ds on tcp/445
+
+	[-] Bruteforce SMB
+
+		crackmapexec smb sequel.htb --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt"
+
+	[-] Lookup SIDs
+
+		impacket-lookupsid '[username]:[password]@sequel.htb'
+
+	[-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:
+
+		nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/htb/escape/results/sequel.htb/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/htb/escape/results/sequel.htb/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" sequel.htb
+
+[*] ldap on tcp/636
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://sequel.htb:636 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/sequel.htb/scans/tcp636/tcp_636_ldap_all-entries.txt"
+
+[*] ms-sql-s on tcp/1433
+
+	[-] (sqsh) interactive database shell:
+
+		sqsh -U <username> -P <password> -S sequel.htb:1433
+
+[*] ldap on tcp/3268
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://sequel.htb:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/sequel.htb/scans/tcp3268/tcp_3268_ldap_all-entries.txt"
+
+[*] ldap on tcp/3269
+
+	[-] ldapsearch command (modify before running):
+
+		ldapsearch -x -D "<username>" -w "<password>" -H ldap://sequel.htb:3269 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/htb/escape/results/sequel.htb/scans/tcp3269/tcp_3269_ldap_all-entries.txt"
+
+[*] wsman on tcp/5985
+
+	[-] Bruteforce logins:
+
+		crackmapexec winrm sequel.htb -d 'sequel.htb' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt'
+
+	[-] Check login (requires credentials):
+
+		crackmapexec winrm sequel.htb -d 'sequel.htb' -u '<username>' -p '<password>'
+
+	[-] Evil WinRM (gem install evil-winrm):
+
+		evil-winrm -u '<user>' -p '<password>' -i sequel.htb
+
+		evil-winrm -u '<user>' -H '<hash>' -i sequel.htb
+
+[*] msrpc on tcp/49667
+
+	[-] RPC Client:
+
+		rpcclient -p 49667 -U "" sequel.htb
+
+[*] msrpc on tcp/49674
+
+	[-] RPC Client:
+
+		rpcclient -p 49674 -U "" sequel.htb
+
+[*] msrpc on tcp/49696
+
+	[-] RPC Client:
+
+		rpcclient -p 49696 -U "" sequel.htb
+
+[*] msrpc on tcp/49703
+
+	[-] RPC Client:
+
+		rpcclient -p 49703 -U "" sequel.htb
+
+[*] msrpc on tcp/53254
+
+	[-] RPC Client:
+
+		rpcclient -p 53254 -U "" sequel.htb
+
+[*] domain on udp/53
+
+	[-] Use dnsrecon to bruteforce subdomains of a DNS domain.
+
+		dnsrecon -n sequel.htb -d sequel.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/htb/escape/results/sequel.htb/scans/udp53/udp_53_dnsrecon_subdomain_bruteforce.txt
+
+	[-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name.
+
+		dnsrecon -n sequel.htb -d <DOMAIN-NAME> 2>&1 | tee /home/simon/htb/escape/results/sequel.htb/scans/udp53/udp_53_dnsrecon_default_manual.txt
+

HTB/escape/results/sequel.htb/scans/_patterns.log

@@ -0,0 +1,2 @@
+Identified Architecture: 64-bit
+

HTB/escape/results/sequel.htb/scans/_quick_tcp_nmap.txt

@@ -0,0 +1,278 @@
+# Nmap 7.93 scan initiated Tue Feb 28 14:18:32 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/htb/escape/results/sequel.htb/scans/_quick_tcp_nmap.txt -oX /home/simon/htb/escape/results/sequel.htb/scans/xml/_quick_tcp_nmap.xml sequel.htb
+Nmap scan report for sequel.htb (10.129.184.130)
+Host is up, received user-set (0.14s latency).
+rDNS record for 10.129.184.130: escape.htb
+Scanned at 2023-02-28 14:18:33 CET for 566s
+Not shown: 988 filtered tcp ports (no-response)
+PORT     STATE SERVICE       REASON          VERSION
+53/tcp   open  domain?       syn-ack ttl 127
+| fingerprint-strings: 
+|   teamspeak-tcpquery-ver: 
+|_    jxbLQWuDYn38lOKTriwJ
+88/tcp   open  kerberos-sec  syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-02-28 21:18:46Z)
+135/tcp  open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
+139/tcp  open  netbios-ssn   syn-ack ttl 127 Microsoft Windows netbios-ssn
+389/tcp  open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T21:27:51+00:00; +7h59m54s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+445/tcp  open  microsoft-ds? syn-ack ttl 127
+464/tcp  open  kpasswd5?     syn-ack ttl 127
+593/tcp  open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
+636/tcp  open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T21:27:51+00:00; +7h59m54s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+1433/tcp open  ms-sql-s      syn-ack ttl 127 Microsoft SQL Server 2019 15.00.2000.00; RTM
+|_ssl-date: 2023-02-28T21:27:51+00:00; +7h59m54s from scanner time.
+| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
+| Issuer: commonName=SSL_Self_Signed_Fallback
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2023-02-28T04:28:02
+| Not valid after:  2053-02-28T04:28:02
+| MD5:   015ca460f1ffd07cb7e668baa3858ef2
+| SHA-1: e5402a47a83d13f0a50e8e0fbded72e7b51f17d4
+| -----BEGIN CERTIFICATE-----
+| MIIDADCCAeigAwIBAgIQKye49f7TLI5Pb8dqKNLCszANBgkqhkiG9w0BAQsFADA7
+| MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEA
+| bABsAGIAYQBjAGswIBcNMjMwMjI4MDQyODAyWhgPMjA1MzAyMjgwNDI4MDJaMDsx
+| OTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBs
+| AGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEQcUDI
+| bIPJyCjiVpksgmljZPfKEw/Wdpeuf3wDKHUpncbvE2UIwlcWzYyRSSsSE+hapx94
+| XzIPMRZrHqm0wA9qdiHIJUHIQaz38DYQwObmwXDZcXF+E4c48Usq4iah+1KN6mx2
+| Rzdqx10Id6EYL1QB3IwbY1ni6JoIZEs86vBwtA+36NzBBv/NqDlZt6UEC7S5sIo0
+| ftBAPgCDRvhTJnsCBE4XnjdoiWlajJppPZB+e1zFOx2bBWj0xjM7R++Q0fM9ONkq
+| Mz0VmKCuqBXCR7CnH2bdjcOEsu/FzDuLU9+n8/XjTrLJRAuqxGZHVpKyuqf2mLZa
+| zHHuuCIBClJxuV0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAg95cwbf/8uFPCAmL
+| M/5TQkcyFY3pvG4IN7j3Bvn4PjuCUYiu2v1Nza5KECZa5j+kB2nzvMj1oGYEXqZN
+| ge8jfZl0iVnQ+jzxdcSgt+y/zwz9YHtyNscDa1ejLWWUkSdkbBrL7IIfCwa7Gukh
+| xTWDcOO1mB0dSgn3HJmjXx66iAKkBWIdna8dSeXWnEnHWERDJsl9wxFOoPWbkuHB
+| 1yeOM6eq+mOtfyypytMUpZF8KoGXb7pYwNusvcRNfaVazt/2YDj9vmACv0pZSttc
+| nM3bQQCqLxUBJIF/t4eLoEmIZd+tzsBS72TYkZ0j+kF8vuDc/He+ETTofZ4bTkrf
+| foL8PQ==
+|_-----END CERTIFICATE-----
+|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
+|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)
+3268/tcp open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+|_ssl-date: 2023-02-28T21:27:51+00:00; +7h59m54s from scanner time.
+3269/tcp open  ssl/ldap      syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: sequel.htb0., Site: Default-First-Site-Name)
+|_ssl-date: 2023-02-28T21:27:51+00:00; +7h59m53s from scanner time.
+| ssl-cert: Subject: commonName=dc.sequel.htb
+| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::<unsupported>, DNS:dc.sequel.htb
+| Issuer: commonName=sequel-DC-CA/domainComponent=sequel
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha256WithRSAEncryption
+| Not valid before: 2022-11-18T21:20:35
+| Not valid after:  2023-11-18T21:20:35
+| MD5:   869f7f54b2edff74708d1a6ddf34b9bd
+| SHA-1: 742ab4522191331767395039db9b3b2e27b6f7fa
+| -----BEGIN CERTIFICATE-----
+| MIIFyzCCBLOgAwIBAgITHgAAAASQUnv8kTh0LwAAAAAABDANBgkqhkiG9w0BAQsF
+| ADBEMRMwEQYKCZImiZPyLGQBGRYDaHRiMRYwFAYKCZImiZPyLGQBGRYGc2VxdWVs
+| MRUwEwYDVQQDEwxzZXF1ZWwtREMtQ0EwHhcNMjIxMTE4MjEyMDM1WhcNMjMxMTE4
+| MjEyMDM1WjAYMRYwFAYDVQQDEw1kYy5zZXF1ZWwuaHRiMIIBIjANBgkqhkiG9w0B
+| AQEFAAOCAQ8AMIIBCgKCAQEAppJ4qi7+By/k2Yjy1J83ZJ1z/spO74W9tUZwPfgv
+| mDj0KBf4FR3IN9GtLgjVX6CHwTtez8kdl2tc58HB8o9B4myaKjzhKmRX10eYaSe0
+| icT5fZUoLDxCUz4ou/fbtM3AUtPEXKBokuBni+x8wM2XpUXRznXWPL3wqQFsB91p
+| Mub1Zz/Kmey3EZgxT43PdPY4CZJwDvpIUeXg293HG1r/yMqX31AZ4ePLeNYDpYzo
+| fKg4C5K/2maN+wTTZ1t6ARiqAWBQrxFRTH6vTOoT6NF+6HxALXFxxWw/7OrfJ4Wl
+| 5Y5ui1H5vWS1ernVPE98aiJje3B5mTsPczw7oKBFEdszRQIDAQABo4IC4DCCAtww
+| LwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQBy
+| MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAw
+| eAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCA
+| MAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFl
+| AwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUIuJgX6Ee95CeVip7
+| lbtMDt5sWIcwHwYDVR0jBBgwFoAUYp8yo6DwOCDUYMDNbcX6UTBewxUwgcQGA1Ud
+| HwSBvDCBuTCBtqCBs6CBsIaBrWxkYXA6Ly8vQ049c2VxdWVsLURDLUNBLENOPWRj
+| LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD
+| Tj1Db25maWd1cmF0aW9uLERDPXNlcXVlbCxEQz1odGI/Y2VydGlmaWNhdGVSZXZv
+| Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
+| MIG9BggrBgEFBQcBAQSBsDCBrTCBqgYIKwYBBQUHMAKGgZ1sZGFwOi8vL0NOPXNl
+| cXVlbC1EQy1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
+| U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1zZXF1ZWwsREM9aHRiP2NBQ2Vy
+| dGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5
+| MDkGA1UdEQQyMDCgHwYJKwYBBAGCNxkBoBIEENIKdyhMrBRIsqTPzAbls0uCDWRj
+| LnNlcXVlbC5odGIwDQYJKoZIhvcNAQELBQADggEBAJLkSygHvC+jUd6MD07n6vN+
+| /VbEboj++2qaUZjrXcZJf24t85ETixEmwP+xjsvuw8ivxV+OrPEZsipJ7cwPjxed
+| RcwjpeXyq7+FszZR9Q/QwgMGhwpWCLVg/e7I9HiEORu/acH5AIOsXp0oTB7N9rMC
+| frCIs3KAU990pyV+JhzfseVjJiiXmKeivvvLJuknwYmulanleOZSWlljckXWz29r
+| nKQfODM1CJN7sWoNGN+H3hVlQzJihM8qm9NO1PLinpUkPAq5JovsOvr75ZOvIgSb
+| Ea0hY7tIoQdoEwbZMSMCQDdOSlpI6fjJge10vCZp/YUgSL8bgtzttCGYN92LKrQ=
+|_-----END CERTIFICATE-----
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port53-TCP:V=7.93%I=9%D=2/28%Time=63FE00B1%P=x86_64-pc-linux-gnu%r(team
+SF:speak-tcpquery-ver,2C,"\0\*Ak\x81\x82\0\x01\0\0\0\0\0\0\x14jxbLQWuDYn38
+SF:lOKTriwJ\x03com\0\0\x1c\0\x01");
+Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
+OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
+No OS matches for host
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=63FE015F%P=x86_64-pc-linux-gnu)
+SEQ(SP=101%GCD=1%ISR=103%II=I%TS=U)
+OPS(O1=M54ENW8NNS%O2=M54ENW8NNS%O3=M54ENW8%O4=M54ENW8NNS%O5=M54ENW8NNS%O6=M54ENNS)
+WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)
+ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M54ENW8NNS%CC=Y%Q=)
+T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
+T2(R=N)
+T3(R=N)
+T4(R=N)
+U1(R=N)
+IE(R=Y%DFI=N%TG=80%CD=Z)
+
+Network Distance: 2 hops
+TCP Sequence Prediction: Difficulty=257 (Good luck!)
+IP ID Sequence Generation: Busy server or unknown class
+Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_clock-skew: mean: 7h59m53s, deviation: 0s, median: 7h59m53s
+| smb2-time: 
+|   date: 2023-02-28T21:27:14
+|_  start_date: N/A
+| smb2-security-mode: 
+|   311: 
+|_    Message signing enabled and required
+| p2p-conficker: 
+|   Checking for Conficker.C or higher...
+|   Check 1 (port 44244/tcp): CLEAN (Timeout)
+|   Check 2 (port 64892/tcp): CLEAN (Timeout)
+|   Check 3 (port 13054/udp): CLEAN (Timeout)
+|   Check 4 (port 46576/udp): CLEAN (Timeout)
+|_  0/4 checks are positive: Host is CLEAN or ports are blocked
+
+TRACEROUTE (using port 53/tcp)
+HOP RTT       ADDRESS
+1   129.68 ms 10.10.16.1
+2   130.22 ms escape.htb (10.129.184.130)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 14:27:59 2023 -- 1 IP address (1 host up) scanned in 567.67 seconds

HTB/escape/results/sequel.htb/scans/_top_100_udp_nmap.txt

@@ -0,0 +1,40 @@
+# Nmap 7.93 scan initiated Tue Feb 28 14:18:32 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/htb/escape/results/sequel.htb/scans/_top_100_udp_nmap.txt -oX /home/simon/htb/escape/results/sequel.htb/scans/xml/_top_100_udp_nmap.xml sequel.htb
+Nmap scan report for sequel.htb (10.129.184.130)
+Host is up, received user-set (0.14s latency).
+rDNS record for 10.129.184.130: escape.htb
+Scanned at 2023-02-28 14:18:33 CET for 1764s
+Not shown: 97 open|filtered udp ports (no-response)
+PORT    STATE SERVICE      REASON               VERSION
+53/udp  open  domain       udp-response ttl 127 (generic dns response: SERVFAIL)
+| fingerprint-strings: 
+|   NBTStat: 
+|_    CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+88/udp  open  kerberos-sec udp-response         Microsoft Windows Kerberos (server time: 2023-02-28 21:18:37Z)
+123/udp open  ntp          udp-response ttl 127 NTP v3
+| ntp-info: 
+|_  receive time stamp: 2023-02-28T21:25:10
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port53-UDP:V=7.93%I=7%D=2/28%Time=63FDFF42%P=x86_64-pc-linux-gnu%r(NBTS
+SF:tat,32,"\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAA
+SF:AAAAAAA\0\0!\0\x01");
+Too many fingerprints match this host to give specific OS details
+TCP/IP fingerprint:
+SCAN(V=7.93%E=4%D=2/28%OT=%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=63FE060D%P=x86_64-pc-linux-gnu)
+SEQ(II=I)
+U1(R=N)
+IE(R=Y%DFI=N%TG=80%CD=Z)
+
+Network Distance: 2 hops
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_clock-skew: 7h59m55s
+
+TRACEROUTE (using port 123/udp)
+HOP RTT       ADDRESS
+1   144.16 ms 10.10.16.1
+2   144.42 ms escape.htb (10.129.184.130)
+
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 14:47:57 2023 -- 1 IP address (1 host up) scanned in 1765.56 seconds

HTB/escape/results/sequel.htb/scans/tcp135/tcp_135_rpc_architecture.txt

@@ -0,0 +1,6 @@
+Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
+
+[*] Gathering OS architecture for 1 machines
+[*] Socket connect timeout set to 2 secs
+sequel.htb is 64-bit
+

HTB/escape/results/sequel.htb/scans/tcp135/tcp_135_rpc_nmap.txt

@@ -0,0 +1,13 @@
+# Nmap 7.93 scan initiated Tue Feb 28 14:24:42 2023 as: nmap -vv --reason -Pn -T4 -sV -p 135 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/sequel.htb/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/htb/escape/results/sequel.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml sequel.htb
+Nmap scan report for sequel.htb (10.129.184.130)
+Host is up, received user-set (0.17s latency).
+rDNS record for 10.129.184.130: escape.htb
+Scanned at 2023-02-28 14:24:45 CET for 23s
+
+PORT    STATE SERVICE REASON          VERSION
+135/tcp open  msrpc   syn-ack ttl 127 Microsoft Windows RPC
+Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Read data files from: /usr/bin/../share/nmap
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Feb 28 14:25:08 2023 -- 1 IP address (1 host up) scanned in 25.94 seconds

HTB/escape/results/sequel.htb/scans/tcp135/tcp_135_rpc_rpcdump.txt

@@ -0,0 +1,925 @@
+Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
+
+[*] Retrieving endpoint list from sequel.htb
+Protocol: [MS-RSP]: Remote Shutdown Protocol
+Provider: wininit.exe
+UUID    : D95AFE70-A6D5-4259-822E-2C84DA1DDB0D v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49664]
+          ncalrpc:[WindowsShutdown]
+          ncacn_np:\\DC[\PIPE\InitShutdown]
+          ncalrpc:[WMsgKRpc0A7BE0]
+
+Protocol: N/A
+Provider: winlogon.exe
+UUID    : 76F226C3-EC14-4325-8A99-6A46348418AF v1.0
+Bindings:
+          ncalrpc:[WindowsShutdown]
+          ncacn_np:\\DC[\PIPE\InitShutdown]
+          ncalrpc:[WMsgKRpc0A7BE0]
+          ncalrpc:[WMsgKRpc0A9011]
+
+Protocol: N/A
+Provider: N/A
+UUID    : D09BDEB5-6171-4A34-BFE2-06FA82652568 v1.0
+Bindings:
+          ncalrpc:[csebpub]
+          ncalrpc:[LRPC-5c17a202088881a462]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+          ncalrpc:[LRPC-e158f8adbff8147a36]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 697DCDA9-3BA9-4EB2-9247-E11F1901B0D2 v1.0
+Bindings:
+          ncalrpc:[LRPC-5c17a202088881a462]
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 9B008953-F195-4BF9-BDE0-4471971E58ED v1.0
+Bindings:
+          ncalrpc:[LRPC-bd8b3a8afbcd6704be]
+          ncalrpc:[LRPC-fce001c8f331e7078d]
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : DD59071B-3215-4C59-8481-972EDADC0F6A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D47017B-B33B-46AD-9E18-FE96456C5078 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 95406F0B-B239-4318-91BB-CEA3A46FF0DC v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4ED8ABCC-F1E2-438B-981F-BB0E8ABC010C v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0FF1F646-13BB-400A-AB50-9A78F2B7A85A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 6982A06E-5FE2-46B1-B39C-A2C545BFA069 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 082A3471-31B6-422A-B931-A54401960C62 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : FAE436B0-B864-4A87-9EDA-298547CD82F2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E53D94CA-7464-4839-B044-09A2FB8B3AE5 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 178D84BE-9291-4994-82C6-3F909ACA5A03 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4DACE966-A243-4450-AE3F-9B7BCB5315B8 v2.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1832BCF6-CAB8-41D4-85D2-C9410764F75A v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C521FACF-09A9-42C5-B155-72388595CBF0 v0.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2C7FD9CE-E706-4B40-B412-953107EF9BB0 v0.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 88ABCBC3-34EA-76AE-8215-767520655A23 v0.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 76C217BC-C8B4-4201-A745-373AD9032B1A v1.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 55E6B932-1979-45D6-90C5-7F6270724112 v1.0
+Bindings:
+          ncalrpc:[LRPC-81fd23248af931407c]
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 857FB1BE-084F-4FB5-B59C-4B2C4BE5F0CF v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B8CADBAF-E84B-46B9-84F2-6F71C03F9E55 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 20C40295-8DBA-48E6-AEBF-3E78EF3BB144 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2513BCBE-6CD4-4348-855E-7EFB3C336DD3 v1.0
+Bindings:
+          ncalrpc:[LRPC-a80bed133b19965dbb]
+          ncalrpc:[OLE6F40C13DA0AD701C318460D7C4D1]
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D3E2735-CEA0-4ECC-A9E2-41A2D81AED4E v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C605F9FB-F0A3-4E2A-A073-73560F8D9E3E v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1B37CA91-76B1-4F5E-A3C7-2ABFC61F2BB0 v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8BFC3BE1-6DEF-4E2D-AF74-7C47CD0ADE4A v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2D98A740-581D-41B9-AA0D-A88B9D5CE938 v1.0
+Bindings:
+          ncalrpc:[LRPC-580b2dd6d06aa456cb]
+          ncalrpc:[actkernel]
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0361AE94-0316-4C6C-8AD8-C594375800E2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 5824833B-3C1A-4AD2-BDFD-C31D19E23ED2 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : BDAA0970-413B-4A3E-9E5D-F6DC9D7E0760 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3B338D89-6CFA-44B8-847E-531531BC9992 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8782D3B9-EBBD-4644-A3D8-E8725381919B v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 085B0334-E454-4D91-9B8C-4134F9E793F3 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4BEC6BB8-B5C2-4B6F-B2C1-5DA5CF92D0D9 v1.0
+Bindings:
+          ncalrpc:[umpo]
+
+Protocol: N/A
+Provider: sysntfy.dll
+UUID    : C9AC6DB5-82B7-4E55-AE8A-E464ED7B4277 v1.0 Impl friendly name
+Bindings:
+          ncalrpc:[LRPC-f7c911d0f7174d6368]
+          ncalrpc:[LRPC-f439a74f7da7485dcc]
+          ncalrpc:[IUserProfile2]
+          ncalrpc:[LRPC-62f9922acfcb157b86]
+          ncalrpc:[senssvc]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : A500D4C6-0DD1-4543-BC0C-D5F93486EAF8 v1.0
+Bindings:
+          ncalrpc:[LRPC-a318fcfb6ae3fa2006]
+          ncalrpc:[LRPC-e158f8adbff8147a36]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E40F7B57-7A25-4CD3-A135-7F7D3DF9D16B v1.0 Network Connection Broker server endpoint
+Bindings:
+          ncalrpc:[LRPC-48fe5c4c32c4fba26d]
+          ncalrpc:[OLEF18236561B248B245D2DC5F96304]
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 880FD55E-43B9-11E0-B1A8-CF4EDFD72085 v1.0 KAPI Service endpoint
+Bindings:
+          ncalrpc:[LRPC-48fe5c4c32c4fba26d]
+          ncalrpc:[OLEF18236561B248B245D2DC5F96304]
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 5222821F-D5E2-4885-84F1-5F6185A0EC41 v1.0 Network Connection Broker server endpoint for NCB Reset module
+Bindings:
+          ncalrpc:[LRPC-61d98b184023698c32]
+          ncalrpc:[LRPC-89637613130110b279]
+
+Protocol: N/A
+Provider: nsisvc.dll
+UUID    : 7EA70BCF-48AF-4F6A-8968-6A440754D5FA v1.0 NSI server endpoint
+Bindings:
+          ncalrpc:[LRPC-ebe5c71b49cf000e16]
+
+Protocol: N/A
+Provider: dhcpcsvc6.dll
+UUID    : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D6 v1.0 DHCPv6 Client LRPC Endpoint
+Bindings:
+          ncalrpc:[dhcpcsvc6]
+          ncalrpc:[dhcpcsvc]
+
+Protocol: N/A
+Provider: dhcpcsvc.dll
+UUID    : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D5 v1.0 DHCP Client LRPC Endpoint
+Bindings:
+          ncalrpc:[dhcpcsvc]
+
+Protocol: [MS-EVEN6]: EventLog Remoting Protocol
+Provider: wevtsvc.dll
+UUID    : F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C v1.0 Event log TCPIP
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49665]
+          ncacn_np:\\DC[\pipe\eventlog]
+          ncalrpc:[eventlog]
+
+Protocol: N/A
+Provider: gpsvc.dll
+UUID    : 2EB08E3E-639F-4FBA-97B1-14F878961076 v1.0 Group Policy RPC Interface
+Bindings:
+          ncalrpc:[LRPC-39c79f87490a4a110d]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3A9EF155-691D-4449-8D05-09AD57031823 v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49666]
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: schedsvc.dll
+UUID    : 86D35949-83C9-4044-B424-DB363231FD0C v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49666]
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 33D84484-3626-47EE-8C6F-E7E98B113BE1 v2.0
+Bindings:
+          ncalrpc:[LRPC-965a47c0cfc00088f1]
+          ncalrpc:[ubpmtaskhostchannel]
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: taskcomp.dll
+UUID    : 378E52B0-C0A9-11CF-822D-00AA0051E40F v1.0
+Bindings:
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol
+Provider: taskcomp.dll
+UUID    : 1FF70682-0A51-30E8-076D-740BE8CEE98B v1.0
+Bindings:
+          ncacn_np:\\DC[\PIPE\atsvc]
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: schedsvc.dll
+UUID    : 0A74EF1C-41A4-4E06-83AE-DC74FB1CDD53 v1.0
+Bindings:
+          ncalrpc:[LRPC-c27415b99ead1df8f3]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 3473DD4D-2E88-4006-9CBA-22570909DD10 v5.1 WinHttp Auto-Proxy Service
+Bindings:
+          ncalrpc:[1eb54f27-f33c-4433-bfb8-b78495d0c683]
+          ncalrpc:[LRPC-ed2a3a7c79ccbe8063]
+
+Protocol: N/A
+Provider: MPSSVC.dll
+UUID    : 2FB92682-6599-42DC-AE13-BD2CA89BD11C v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-f4d6055253fb967246]
+          ncalrpc:[LRPC-13ab1d34f84db64998]
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F47433C3-3E9D-4157-AAD4-83AA1F5C2D4C v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-13ab1d34f84db64998]
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: MPSSVC.dll
+UUID    : 7F9D11BF-7FB9-436B-A812-B2D50C5D4C03 v1.0 Fw APIs
+Bindings:
+          ncalrpc:[LRPC-7bbfd3b6900d39ecd4]
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: BFE.DLL
+UUID    : DD490425-5325-4565-B774-7E27D6C09C24 v1.0 Base Firewall Engine API
+Bindings:
+          ncalrpc:[LRPC-ca7381c7e2ee919cb5]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 7F1343FE-50A9-4927-A778-0C5859517BAC v1.0 DfsDs service
+Bindings:
+          ncacn_np:\\DC[\PIPE\wkssvc]
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : EB081A0D-10EE-478A-A1DD-50995283E7A8 v3.0 Witness Client Test Interface
+Bindings:
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F2C9B409-C1C9-4100-8639-D8AB1486694A v1.0 Witness Client Upcall Server
+Bindings:
+          ncalrpc:[LRPC-82e9674003c6c0e5e8]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C2D1B5DD-FA81-4460-9DD6-E7658B85454B v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F44E62AF-DAB1-44C2-8013-049A9DE417D6 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 7AEB6705-3AE6-471A-882D-F39C109EDC12 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E7F76134-9EF5-4949-A2D6-3368CC0988F3 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B37F900A-EAE4-4304-A2AB-12BB668C0188 v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : ABFB6CA3-0C5E-4734-9285-0AEE72FE8D1C v1.0
+Bindings:
+          ncalrpc:[LRPC-3e373d9b662bff8718]
+          ncalrpc:[OLE284D6F09522602EECADB33F0C538]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 0D3C7F20-1C8D-4654-A1B3-51563B298BDA v1.0 UserMgrCli
+Bindings:
+          ncalrpc:[LRPC-4af0391ddc7fbb0d04]
+          ncalrpc:[OLED53BB4BCFCCC2BBB55E1D97B9812]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B18FBAB6-56F8-4702-84E0-41053293A869 v1.0 UserMgrCli
+Bindings:
+          ncalrpc:[LRPC-4af0391ddc7fbb0d04]
+          ncalrpc:[OLED53BB4BCFCCC2BBB55E1D97B9812]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C49A5A70-8A7F-4E70-BA16-1E8F1F193EF1 v1.0 Adh APIs
+Bindings:
+          ncalrpc:[OLEDF6833784EBE2C242203FE93FABD]
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: N/A
+UUID    : C36BE077-E14B-4FE9-8ABC-E856EF4F048B v1.0 Proxy Manager client server endpoint
+Bindings:
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2E6035B2-E8F1-41A7-A044-656B439C4C34 v1.0 Proxy Manager provider server endpoint
+Bindings:
+          ncalrpc:[TeredoControl]
+          ncalrpc:[TeredoDiagnostics]
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: N/A
+Provider: iphlpsvc.dll
+UUID    : 552D076A-CB29-4E44-8B6A-D15E59E2C0AF v1.0 IP Transition Configuration endpoint
+Bindings:
+          ncalrpc:[LRPC-66219246559bc2996b]
+
+Protocol: [MS-NRPC]: Netlogon Remote Protocol
+Provider: netlogon.dll
+UUID    : 12345678-1234-ABCD-EF00-01234567CFFB v1.0
+Bindings:
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-RAA]: Remote Authorization API Protocol
+Provider: N/A
+UUID    : 0B1C2170-5732-4E0E-8CD3-D9B16F3B84D7 v0.0 RemoteAccessCheck
+Bindings:
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+          ncalrpc:[NETLOGON_LRPC]
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol
+Provider: samsrv.dll
+UUID    : 12345778-1234-ABCD-EF00-0123456789AC v1.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49674]
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-LSAT]: Local Security Authority (Translation Methods) Remote
+Provider: lsasrv.dll
+UUID    : 12345778-1234-ABCD-EF00-0123456789AB v0.0
+Bindings:
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol
+Provider: ntdsai.dll
+UUID    : E3514235-4B06-11D1-AB04-00C04FC2DCD2 v4.0 MS NT Directory DRS Interface
+Bindings:
+          ncacn_np:\\DC[\pipe\27246f59f6788486]
+          ncacn_http:10.129.184.130[49673]
+          ncalrpc:[NTDS_LPC]
+          ncalrpc:[OLEF481DF3D6D4CA7AFC07451286EAB]
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 51A227AE-825B-41F2-B4A9-1AC9557A1018 v1.0 Ngc Pop Key Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 8FB74744-B2FF-4C00-BE0D-9EF9A191FE1B v1.0 Ngc Pop Key Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : B25A52BF-E5DD-4F4A-AEA6-8CA7272A0E86 v2.0 KeyIso
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49667]
+          ncalrpc:[samss lpc]
+          ncalrpc:[SidKey Local End Point]
+          ncalrpc:[protected_storage]
+          ncalrpc:[lsasspirpc]
+          ncalrpc:[lsapolicylookup]
+          ncalrpc:[LSA_EAS_ENDPOINT]
+          ncalrpc:[lsacap]
+          ncalrpc:[LSARPC_ENDPOINT]
+          ncalrpc:[securityevent]
+          ncalrpc:[audit]
+          ncacn_np:\\DC[\pipe\lsass]
+
+Protocol: N/A
+Provider: N/A
+UUID    : A4B8D482-80CE-40D6-934D-B22A01A44FE7 v1.0 LicenseManager
+Bindings:
+          ncalrpc:[LicenseServiceEndpoint]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 1A0D010F-1C33-432C-B0F5-8CF4E8053099 v1.0 IdSegSrv service
+Bindings:
+          ncalrpc:[LRPC-d0b063b89dcacf8d2f]
+
+Protocol: N/A
+Provider: srvsvc.dll
+UUID    : 98716D03-89AC-44C7-BB8C-285824E51C4A v1.0 XactSrv service
+Bindings:
+          ncalrpc:[LRPC-d0b063b89dcacf8d2f]
+
+Protocol: N/A
+Provider: N/A
+UUID    : DF4DF73A-C52D-4E3A-8003-8437FDF8302A v0.0 WM_WindowManagerRPC\Server
+Bindings:
+          ncalrpc:[LRPC-5f5f21e3e191e1ae92]
+
+Protocol: N/A
+Provider: sysmain.dll
+UUID    : B58AA02E-2884-4E97-8176-4EE06D794184 v1.0
+Bindings:
+          ncalrpc:[LRPC-3cb1b63884da9c017f]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 98CD761E-E77D-41C8-A3C0-0FB756D90EC2 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : D22895EF-AFF4-42C5-A5B2-B14466D34AB4 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : E38F5360-8572-473E-B696-1B46873BEEAB v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 95095EC8-32EA-4EB0-A3E2-041F97B36168 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : FD8BE72B-A9CD-4B2C-A9CA-4DED242FBE4D v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 4C9DBF19-D39E-4BB9-90EE-8F7179B20283 v1.0
+Bindings:
+          ncalrpc:[LRPC-b292050936d238a481]
+
+Protocol: [MS-CMPO]: MSDTC Connection Manager:
+Provider: msdtcprx.dll
+UUID    : 906B0CE0-C70B-1067-B317-00DD010662DA v1.0
+Bindings:
+          ncalrpc:[LRPC-a5c382c126b1e1826a]
+          ncalrpc:[OLEE90A03417C6C8CB6892D014A39AC]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+          ncalrpc:[LRPC-f4593a19c3fb61a42c]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 2F5F6521-CB55-1059-B446-00DF0BCE31DB v1.0 Unimodem LRPC Endpoint
+Bindings:
+          ncalrpc:[unimdmsvc]
+          ncalrpc:[tapsrvlpc]
+          ncacn_np:\\DC[\pipe\tapsrv]
+
+Protocol: N/A
+Provider: N/A
+UUID    : 650A7E26-EAB8-5533-CE43-9C1DFCE11511 v1.0 Vpn APIs
+Bindings:
+          ncalrpc:[LRPC-4050dd6bde9b3cf16e]
+          ncalrpc:[VpnikeRpc]
+          ncalrpc:[RasmanLrpc]
+          ncacn_np:\\DC[\PIPE\ROUTER]
+
+Protocol: [MS-SCMR]: Service Control Manager Remote Protocol
+Provider: services.exe
+UUID    : 367ABB81-9844-35F1-AD32-98F038001003 v2.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49694]
+
+Protocol: [MS-ICPR]: ICertPassage Remote Protocol
+Provider: certsrv.exe
+UUID    : 91AE6020-9E3C-11CF-8D7C-00AA00C091BE v0.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49696]
+          ncacn_np:\\DC[\pipe\cert]
+          ncalrpc:[OLE2F89DA9340E3DA4F3F79F495C660]
+
+Protocol: N/A
+Provider: N/A
+UUID    : F3F09FFD-FBCF-4291-944D-70AD6E0E73BB v1.0
+Bindings:
+          ncalrpc:[LRPC-946a4809e3af3c8ecc]
+
+Protocol: N/A
+Provider: nrpsrv.dll
+UUID    : 30ADC50C-5CBC-46CE-9A0E-91914789E23C v1.0 NRP server endpoint
+Bindings:
+          ncalrpc:[LRPC-593a2e405b40559e71]
+
+Protocol: [MS-DNSP]: Domain Name Service (DNS) Server Management
+Provider: dns.exe
+UUID    : 50ABC2A4-574D-40B3-9D66-EE4FD5FBA076 v5.0
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[49703]
+
+Protocol: [MS-FRS2]: Distributed File System Replication Protocol
+Provider: dfsrmig.exe
+UUID    : 897E2E5F-93F3-4376-9C9C-FD2277495C27 v1.0 Frs2 Service
+Bindings:
+          ncacn_ip_tcp:10.129.184.130[53254]
+          ncalrpc:[OLEA043F2C22A38A12D9DA9DBBFF6A7]
+
+Protocol: N/A
+Provider: N/A
+UUID    : BF4DC912-E52F-4904-8EBE-9317C1BDD497 v1.0
+Bindings:
+          ncalrpc:[LRPC-d8baf42a4a1b922f1b]
+          ncalrpc:[OLEF83A252BFDB35852F018EE0218FC]
+
+Protocol: N/A
+Provider: pcasvc.dll
+UUID    : 0767A036-0D22-48AA-BA69-B619480F38CB v1.0 PcaSvc
+Bindings:
+          ncalrpc:[LRPC-c72e6d5f54f5eaea61]
+
+[*] Received 400 endpoints.
+

HTB/escape/results/sequel.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.93 scan initiated Tue Feb 28 14:24:42 2023 as: nmap -vv -&#45;reason -Pn -T4 -sV -p 135 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/sequel.htb/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/htb/escape/results/sequel.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml sequel.htb -->
+<nmaprun scanner="nmap" args="nmap -vv -&#45;reason -Pn -T4 -sV -p 135 -&#45;script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/htb/escape/results/sequel.htb/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/htb/escape/results/sequel.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml sequel.htb" start="1677590682" startstr="Tue Feb 28 14:24:42 2023" version="7.93" xmloutputversion="1.05">
+<scaninfo type="syn" protocol="tcp" numservices="1" services="135"/>
+<verbose level="2"/>
+<debugging level="0"/>
+<taskbegin task="NSE" time="1677590685"/>
+<taskend task="NSE" time="1677590685"/>
+<taskbegin task="NSE" time="1677590685"/>
+<taskend task="NSE" time="1677590685"/>
+<taskbegin task="SYN Stealth Scan" time="1677590685"/>
+<taskend task="SYN Stealth Scan" time="1677590686" extrainfo="1 total ports"/>
+<taskbegin task="Service scan" time="1677590686"/>
+<taskend task="Service scan" time="1677590693" extrainfo="1 service on 1 host"/>
+<taskbegin task="NSE" time="1677590693"/>
+<taskend task="NSE" time="1677590708"/>
+<taskbegin task="NSE" time="1677590708"/>
+<taskend task="NSE" time="1677590708"/>
+<host starttime="1677590685" endtime="1677590708"><status state="up" reason="user-set" reason_ttl="0"/>
+<address addr="10.129.184.130" addrtype="ipv4"/>
+<hostnames>
+<hostname name="sequel.htb" type="user"/>
+<hostname name="escape.htb" type="PTR"/>
+</hostnames>
+<ports><port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" method="probed" conf="10"><cpe>cpe:/o:microsoft:windows</cpe></service></port>
+</ports>
+<times srtt="166073" rttvar="166073" to="830365"/>
+</host>
+<taskbegin task="NSE" time="1677590708"/>
+<taskend task="NSE" time="1677590708"/>
+<taskbegin task="NSE" time="1677590708"/>
+<taskend task="NSE" time="1677590708"/>
+<runstats><finished time="1677590708" timestr="Tue Feb 28 14:25:08 2023" summary="Nmap done at Tue Feb 28 14:25:08 2023; 1 IP address (1 host up) scanned in 25.94 seconds" elapsed="25.94" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>