2. Service and Version Detection

So now that you’ve discovered open ports like:

88/tcp     open  kerberos-sec       # Kerberos authentication for domain logins
135/tcp    open  msrpc              # Microsoft RPC endpoint mapper
139/tcp    open  netbios-ssn        # NetBIOS session service (legacy file sharing)
389/tcp    open  ldap               # LDAP directory service (domain controller indicator)
445/tcp    open  microsoft-ds       # SMB over TCP for file sharing and remote access
464/tcp    open  kpasswd5           # Kerberos password change service
593/tcp    open  http-rpc-epmap     # RPC over HTTP, used for remote management
636/tcp    open  ldapssl            # LDAP over SSL/TLS (secure LDAP)
3268/tcp   open  globalcatLDAP      # Global Catalog LDAP (non-SSL)
3269/tcp   open  globalcatLDAPssl   # Global Catalog LDAP over SSL

Tool Used: nmap

The next step is to identify the services running on those ports and their versions. This is important because once you know the version, you can check if there are any known vulnerabilities (CVEs).

✅ Use this Nmap command:

nmap -sV -p 88,135,139,389,445,464,593,636,3268,3269 -Pn 192.168.10.4

Explanation:

-sV → Detects the service and version
-p → Tells Nmap which ports to scan
-Pn → Skips ping (treats the host as alive)

Optional (more aggressive scan):

If you want more detailed info like OS detection and script scanning, you can add -A:

nmap -sV -A -p 88,135,139,389,445,464,593,636,3268,3269 -Pn 192.168.10.4

⚠️ Warning: The -A option is more aggressive and might trigger alerts on the target system.

Previous1. Full TCP Port Scan on Target Host Next3. Null Session SMB Enumeration

Last updated 1 month ago