Pivoting
Uploaded nmap to /tmp folder and scanned network
./nmap-adot8 -sn 10.200.72.0/24 -oN hosts
# Nmap 7.80SVN scan initiated Wed Mar 20 19:37:15 2024 as: ./nmap-adot8 -sn -oN scan-adot8 10.200.101.0/24
Cannot find nmap-payloads. UDP payloads are disabled.
Nmap scan report for ip-10-200-101-1.eu-west-1.compute.internal (10.200.101.1)
Cannot find nmap-mac-prefixes: Ethernet vendor correlation will not be performed
Host is up (0.00028s latency).
MAC Address: 02:23:3F:A3:95:4B (Unknown)
Nmap scan report for ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100)
Host is up (0.00043s latency).
MAC Address: 02:07:BE:ED:97:53 (Unknown)
Nmap scan report for ip-10-200-101-150.eu-west-1.compute.internal (10.200.101.150)
Host is up (0.00091s latency).
MAC Address: 02:14:6D:02:C8:21 (Unknown)
Nmap scan report for ip-10-200-101-250.eu-west-1.compute.internal (10.200.101.250)
Host is up (0.00026s latency).
MAC Address: 02:CC:C0:0D:98:63 (Unknown)
Nmap scan report for ip-10-200-101-200.eu-west-1.compute.internal (10.200.101.200)
Host is up.
# Nmap done at Wed Mar 20 19:37:16 2024 -- 256 IP addresses (5 hosts up) scanned in 1.63 seconds
10.200.101.100
./nmap-adot8 -T5 -Pn -v 10.200.101.100
Starting Nmap 7.80SVN ( https://nmap.org ) at 2024-03-20 19:49 GMT
Unable to find nmap-services! Resorting to /etc/services
Cannot find nmap-payloads. UDP payloads are disabled.
Initiating ARP Ping Scan at 19:49
Scanning 10.200.101.100 [1 port]
Completed ARP Ping Scan at 19:49, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:49
Completed Parallel DNS resolution of 1 host. at 19:49, 0.00s elapsed
Initiating SYN Stealth Scan at 19:49
Scanning ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100) [6150 ports]
SYN Stealth Scan Timing: About 47.34% done; ETC: 19:50 (0:00:34 remaining)
Completed SYN Stealth Scan at 19:50, 62.70s elapsed (6150 total ports)
Nmap scan report for ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100)
Cannot find nmap-mac-prefixes: Ethernet vendor correlation will not be performed
Host is up (0.00011s latency).
All 6150 scanned ports on ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100) are filtered
MAC Address: 02:07:BE:ED:97:53 (Unknown)
Read data files from: /etc
Nmap done: 1 IP address (1 host up) scanned in 62.72 seconds
Raw packets sent: 12301 (541.228KB) | Rcvd: 1 (28B)10.200.101.150
./nmap-adot8 -sS -T5 -Pn -v 10.200.101.150
Starting Nmap 7.80SVN ( https://nmap.org ) at 2024-03-20 19:52 GMT
Unable to find nmap-services! Resorting to /etc/services
Cannot find nmap-payloads. UDP payloads are disabled.
Initiating ARP Ping Scan at 19:52
Scanning 10.200.101.150 [1 port]
Completed ARP Ping Scan at 19:52, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:52
Completed Parallel DNS resolution of 1 host. at 19:52, 0.00s elapsed
Initiating SYN Stealth Scan at 19:52
Scanning ip-10-200-101-150.eu-west-1.compute.internal (10.200.101.150) [6150 ports]
Discovered open port 3389/tcp on 10.200.101.150
Discovered open port 135/tcp on 10.200.101.150
Discovered open port 80/tcp on 10.200.101.150
Discovered open port 139/tcp on 10.200.101.150
Discovered open port 445/tcp on 10.200.101.150
Discovered open port 5985/tcp on 10.200.101.150
Completed SYN Stealth Scan at 19:52, 17.51s elapsed (6150 total ports)
Nmap scan report for ip-10-200-101-150.eu-west-1.compute.internal (10.200.101.150)
Cannot find nmap-mac-prefixes: Ethernet vendor correlation will not be performed
Host is up (0.00051s latency).
Not shown: 6144 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open epmap
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
5985/tcp open wsman
MAC Address: 02:14:6D:02:C8:21 (Unknown)
Read data files from: /etc
Nmap done: 1 IP address (1 host up) scanned in 17.54 seconds
Raw packets sent: 18451 (811.828KB) | Rcvd: 19 (820B)