Thehackerslabs-Phantom Robotics
默认的用户凭证 username: mark password: suP3rPa$sw0rd2026!& Nmap [/home/kali/temp]$ nmap 192.168.56.100 -A -p- PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2026-07-13 12:20:55Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: PHANTOM.THL0., Site: Default-First-Site-Name) |_ssl-date: 2026-07-13T12:22:27+00:00; 0s from scanner time. | ssl-cert: Subject: commonName=DC01.PHANTOM.THL | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.PHANTOM.THL | Not valid before: 2026-02-21T23:24:38 |_Not valid after: 2027-02-21T23:24:38 445/tcp open microsoft-ds? 464/tcp open kpasswd5? 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: PHANTOM.THL0., Site: Default-First-Site-Name) |_ssl-date: 2026-07-13T12:22:27+00:00; 0s from scanner time. | ssl-cert: Subject: commonName=DC01.PHANTOM.THL | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.PHANTOM.THL | Not valid before: 2026-02-21T23:24:38 |_Not valid after: 2027-02-21T23:24:38 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: PHANTOM.THL0., Site: Default-First-Site-Name) | ssl-cert: Subject: commonName=DC01.PHANTOM.THL | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.PHANTOM.THL | Not valid before: 2026-02-21T23:24:38 |_Not valid after: 2027-02-21T23:24:38 |_ssl-date: 2026-07-13T12:22:27+00:00; 0s from scanner time. 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: PHANTOM.THL0., Site: Default-First-Site-Name) |_ssl-date: 2026-07-13T12:22:27+00:00; 0s from scanner time. | ssl-cert: Subject: commonName=DC01.PHANTOM.THL | Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1:<unsupported>, DNS:DC01.PHANTOM.THL | Not valid before: 2026-02-21T23:24:38 |_Not valid after: 2027-02-21T23:24:38 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-header: Microsoft-HTTPAPI/2.0 |_http-title: Not Found 9389/tcp open mc-nmf .NET Message Framing 49664/tcp open msrpc Microsoft Windows RPC 49670/tcp open msrpc Microsoft Windows RPC 57796/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0 57797/tcp open msrpc Microsoft Windows RPC 57808/tcp open msrpc Microsoft Windows RPC 57817/tcp open msrpc Microsoft Windows RPC 57831/tcp open msrpc Microsoft Windows RPC MAC Address: 08:00:27:B2:9C:C3 (PCS Systemtechnik/Oracle VirtualBox virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running (JUST GUESSING): Microsoft Windows 2022|11|2016 (97%) OS CPE: cpe:/o:microsoft:windows_server_2022 cpe:/o:microsoft:windows_11 cpe:/o:microsoft:windows_server_2016 Aggressive OS guesses: Microsoft Windows Server 2022 (97%), Microsoft Windows 11 21H2 (91%), Microsoft Windows Server 2016 (91%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop Service Info: Host: DC01; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: | smb2-security-mode: | 3:1:1: |_ Message signing enabled and required | smb2-time: | date: 2026-07-13T12:21:47 |_ start_date: N/A |_nbstat: NetBIOS name: DC01, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:b2:9c:c3 (PCS Systemtechnik/Oracle VirtualBox virtual NIC) TRACEROUTE HOP RTT ADDRESS 1 0.41 ms 192.168.56.100 修改 /etc/hosts 如下 ...