nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml" escape.htb

dnsrecon -n escape.htb -d escape.htb 2>&1

dig -p 53 -x escape.htb @escape.htb

dig AXFR -p 53 @escape.htb escape.htb

nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml" escape.htb

gobuster dns -d escape.htb -r escape.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_escape.htb_subdomains_subdomains-top1million-110000.txt"

nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" escape.htb

impacket-getArch -target escape.htb

nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml" escape.htb

impacket-rpcdump -port 135 escape.htb

enum4linux -a -M -l -d escape.htb 2>&1

nbtscan -rvh 10.129.25.138 2>&1

nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml" escape.htb

smbclient -L //escape.htb -N -I escape.htb 2>&1

smbmap -H escape.htb -P 139 2>&1

nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp389/xml/tcp_389_ldap_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml" escape.htb

smbmap -H escape.htb -P 445 2>&1

nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" escape.htb

impacket-rpcdump -port 593 escape.htb

nmap -vv --reason -Pn -T4 -sV -p 636 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml" escape.htb

sslscan --show-certificate --no-colour escape.htb:636 2>&1

nmap -vv --reason -Pn -T4 -sV -p 1433 --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port=1433,mssql.username=sa,mssql.password=sa" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 3269 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/xml/tcp_3269_ldap_nmap.xml" escape.htb

sslscan --show-certificate --no-colour escape.htb:3269 2>&1

nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 49678 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49678/tcp_49678_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49678/xml/tcp_49678_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 49698 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49698/tcp_49698_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49698/xml/tcp_49698_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 49702 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49702/tcp_49702_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49702/xml/tcp_49702_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 60738 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp60738/tcp_60738_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp60738/xml/tcp_60738_rpc_nmap.xml" escape.htb

dig AXFR -p 53 @escape.htb escape.htb

dig AXFR -p 53 @escape.htb

smbmap -u null -p "" -H escape.htb -P 139 2>&1

smbmap -u null -p "" -H escape.htb -P 445 2>&1

smbmap -H escape.htb -P 139 -R 2>&1

smbmap -H escape.htb -P 445 -R 2>&1

smbmap -u null -p "" -H escape.htb -P 139 -R 2>&1

smbmap -u null -p "" -H escape.htb -P 445 -R 2>&1

smbmap -H escape.htb -P 139 -x "ipconfig /all" 2>&1

smbmap -H escape.htb -P 445 -x "ipconfig /all" 2>&1

smbmap -u null -p "" -H escape.htb -P 139 -x "ipconfig /all" 2>&1

smbmap -u null -p "" -H escape.htb -P 445 -x "ipconfig /all" 2>&1

nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/htb/escape/results/escape.htb/scans/_quick_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_quick_tcp_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/htb/escape/results/escape.htb/scans/_full_tcp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_full_tcp_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/htb/escape/results/escape.htb/scans/_top_100_udp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/xml/_top_100_udp_nmap.xml" escape.htb

dnsrecon -n escape.htb -d escape.htb 2>&1

dig -p 53 -x escape.htb @escape.htb

dig AXFR -p 53 @escape.htb escape.htb

nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp53/xml/tcp_53_dns_nmap.xml" escape.htb

gobuster dns -d escape.htb -r escape.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/escape.htb/scans/tcp53/tcp_53_escape.htb_subdomains_subdomains-top1million-110000.txt"

nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" escape.htb

impacket-getArch -target escape.htb

nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp135/xml/tcp_135_rpc_nmap.xml" escape.htb

impacket-rpcdump -port 135 escape.htb

enum4linux -a -M -l -d escape.htb 2>&1

nbtscan -rvh 10.129.184.130 2>&1

nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp139/xml/tcp_139_smb_nmap.xml" escape.htb

smbclient -L //escape.htb -N -I escape.htb 2>&1

smbmap -H escape.htb -P 139 2>&1

nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp389/xml/tcp_389_ldap_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp445/xml/tcp_445_smb_nmap.xml" escape.htb

smbmap -H escape.htb -P 445 2>&1

nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" escape.htb

impacket-rpcdump -port 593 escape.htb

nmap -vv --reason -Pn -T4 -sV -p 636 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp636/tcp_636_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp636/xml/tcp_636_ldap_nmap.xml" escape.htb

sslscan --show-certificate --no-colour escape.htb:636 2>&1

nmap -vv --reason -Pn -T4 -sV -p 1433 --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port=1433,mssql.username=sa,mssql.password=sa" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/tcp_1433_mssql_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp1433/xml/tcp_1433_mssql_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 3269 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/tcp_3269_ldap_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp3269/xml/tcp_3269_ldap_nmap.xml" escape.htb

sslscan --show-certificate --no-colour escape.htb:3269 2>&1

nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 49674 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49674/tcp_49674_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49674/xml/tcp_49674_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 49696 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49696/tcp_49696_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49696/xml/tcp_49696_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 49703 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp49703/tcp_49703_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp49703/xml/tcp_49703_rpc_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sV -p 53254 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/htb/escape/results/escape.htb/scans/tcp53254/tcp_53254_rpc_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/tcp53254/xml/tcp_53254_rpc_nmap.xml" escape.htb

dig AXFR -p 53 @escape.htb escape.htb

dig AXFR -p 53 @escape.htb

smbmap -u null -p "" -H escape.htb -P 139 2>&1

smbmap -u null -p "" -H escape.htb -P 445 2>&1

smbmap -H escape.htb -P 445 -R 2>&1

smbmap -H escape.htb -P 139 -R 2>&1

smbmap -u null -p "" -H escape.htb -P 445 -R 2>&1

smbmap -u null -p "" -H escape.htb -P 139 -R 2>&1

smbmap -H escape.htb -P 139 -x "ipconfig /all" 2>&1

smbmap -u null -p "" -H escape.htb -P 139 -x "ipconfig /all" 2>&1

smbmap -H escape.htb -P 445 -x "ipconfig /all" 2>&1

smbmap -u null -p "" -H escape.htb -P 445 -x "ipconfig /all" 2>&1

dnsrecon -n escape.htb -d escape.htb 2>&1

dig -p 53 -x escape.htb @escape.htb

dig AXFR -p 53 @escape.htb escape.htb

nmap -vv --reason -Pn -T4 -sU -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_dns_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/udp53/xml/udp_53_dns_nmap.xml" escape.htb

gobuster dns -d escape.htb -r escape.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/htb/escape/results/escape.htb/scans/udp53/udp_53_escape.htb_subdomains_subdomains-top1million-110000.txt"

nmap -vv --reason -Pn -T4 -sU -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="escape.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/htb/escape/results/escape.htb/scans/udp88/udp_88_kerberos_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/udp88/xml/udp_88_kerberos_nmap.xml" escape.htb

nmap -vv --reason -Pn -T4 -sU -sV -p 123 --script="banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/htb/escape/results/escape.htb/scans/udp123/udp_123_ntp_nmap.txt" -oX "/home/simon/htb/escape/results/escape.htb/scans/udp123/xml/udp_123_ntp_nmap.xml" escape.htb

dig AXFR -p 53 @escape.htb escape.htb

dig AXFR -p 53 @escape.htb