.infineon/_-Review/nmap.md

---
created: 2024-01-06T01:25:36.042Z
type: topic
updated: 2024-11-03T18:42:23.038Z
---

# NMap

```bash
# https://www.stationx.net/nmap-cheat-sheet/
# https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
"C:\Program Files (x86)\Nmap\nmap.exe"
```

```yml
Nmap 7.94 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sn: Ping Scan - disable port scan
  -Pn: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  --exclude-ports <port ranges>: Exclude the specified ports from scanning
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports sequentially - don't randomize
  --top-ports <number>: Scan <number> most common ports
  --port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=<Lua scripts>: <Lua scripts> is a comma separated list of
           directories, script-files or script-categories
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
  --script-args-file=filename: provide NSE script args in a file
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
  --script-help=<Lua scripts>: Show help about scripts.
           <Lua scripts> is a comma-separated list of script-files or
           script-categories.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, or append 'ms' (milliseconds),
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  --max-retries <tries>: Caps number of port scan probe retransmissions.
  --host-timeout <time>: Give up on target after this long
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
  --min-rate <number>: Send packets no slower than <number> per second
  --max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
  -f; --mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/--source-port <portnum>: Use given port number
  --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
  --data <hex string>: Append a custom payload to sent packets
  --data-string <string>: Append a custom ASCII string to sent packets
  --data-length <num>: Append random data to sent packets
  --ip-options <options>: Send packets with specified ip options
  --ttl <val>: Set IP time-to-live field
  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use -vv or more for greater effect)
  -d: Increase debugging level (use -dd or more for greater effect)
  --reason: Display the reason a port is in a particular state
  --open: Only show open (or possibly open) ports
  --packet-trace: Show all packets sent and received
  --iflist: Print host interfaces and routes (for debugging)
  --append-output: Append to rather than clobber specified output files
  --resume <filename>: Resume an aborted scan
  --noninteractive: Disable runtime interactions via keyboard
  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  --webxml: Reference stylesheet from Nmap.Org for more portable XML
  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
  -6: Enable IPv6 scanning
  -A: Enable OS detection, version detection, script scanning, and traceroute
  --datadir <dirname>: Specify custom Nmap data file location
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
```

```bash
"C:\Program Files (x86)\Nmap\nmap.exe" -v -sn 10.95.176.49
```

```yml
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:24 US Mountain Standard Time
Initiating ARP Ping Scan at 07:24
Scanning 10.95.176.49 [1 port]
Completed ARP Ping Scan at 07:24, 1.42s elapsed (1 total hosts)
Nmap scan report for 10.95.176.49 [host down]
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.44 seconds
           Raw packets sent: 2 (56B) | Rcvd: 0 (0B)
```

```bash
"C:\Program Files (x86)\Nmap\nmap.exe" -v -sn 10.95.176.46
```

```yml
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:24 US Mountain Standard Time
Initiating Parallel DNS resolution of 1 host. at 07:24
Completed Parallel DNS resolution of 1 host. at 07:24, 0.01s elapsed
Nmap scan report for MESTSA003.infineon.com (10.95.176.46)
Host is up.
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
```

```bash
"C:\Program Files (x86)\Nmap\nmap.exe" -v -sn 10.95.176.60
```

```yml
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:24 US Mountain Standard Time
Initiating ARP Ping Scan at 07:24
Scanning 10.95.176.60 [1 port]
Completed ARP Ping Scan at 07:24, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:24
Completed Parallel DNS resolution of 1 host. at 07:24, 0.02s elapsed
Nmap scan report for MESTSA005.infineon.com (10.95.176.60)
Host is up (0.0010s latency).
MAC Address: 00:50:56:8E:63:CF (VMware)
Read data files from: C:\Program Files (x86)\Nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
           Raw packets sent: 1 (28B) | Rcvd: 1 (28B)
```

```bash
"C:\Program Files (x86)\Nmap\nmap.exe" -v -A 10.95.176.60 -oX 10.95.176.xml
```

```bash
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:25 US Mountain Standard Time
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 07:25
Completed NSE at 07:25, 0.00s elapsed
Initiating NSE at 07:25
Completed NSE at 07:25, 0.00s elapsed
Initiating NSE at 07:25
Completed NSE at 07:25, 0.00s elapsed
Initiating ARP Ping Scan at 07:25
Scanning 10.95.176.60 [1 port]
Completed ARP Ping Scan at 07:25, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:25
Completed Parallel DNS resolution of 1 host. at 07:25, 0.02s elapsed
Initiating SYN Stealth Scan at 07:25
Scanning MESTSA005.infineon.com (10.95.176.60) [1000 ports]
Discovered open port 445/tcp on 10.95.176.60
Discovered open port 135/tcp on 10.95.176.60
Discovered open port 80/tcp on 10.95.176.60
Discovered open port 139/tcp on 10.95.176.60
Discovered open port 3389/tcp on 10.95.176.60
Discovered open port 5050/tcp on 10.95.176.60
Completed SYN Stealth Scan at 07:25, 4.70s elapsed (1000 total ports)
Initiating Service scan at 07:25
Scanning 6 services on MESTSA005.infineon.com (10.95.176.60)
Completed Service scan at 07:25, 11.02s elapsed (6 services on 1 host)
Initiating OS detection (try #1) against MESTSA005.infineon.com (10.95.176.60)
Retrying OS detection (try #2) against MESTSA005.infineon.com (10.95.176.60)
NSE: Script scanning 10.95.176.60.
Initiating NSE at 07:25
Completed NSE at 07:26, 40.10s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.10s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Nmap scan report for MESTSA005.infineon.com (10.95.176.60)
Host is up (0.00020s latency).
Not shown: 994 filtered tcp ports (no-response)
PORT     STATE SERVICE       VERSION
80/tcp   open  http          nginx 1.20.1
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.20.1
|_http-favicon: Unknown favicon MD5: 40D4F2C38D1CD854AD463F16373CBCB6
| http-title: Swagger UI
|_Requested resource was index.html
135/tcp  open  msrpc         Microsoft Windows RPC
139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
445/tcp  open  microsoft-ds?
3389/tcp open  ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
|   Target_Name: INFINEON
|   NetBIOS_Domain_Name: INFINEON
|   NetBIOS_Computer_Name: MESTSA005
|   DNS_Domain_Name: infineon.com
|   DNS_Computer_Name: MESTSA005.infineon.com
|   DNS_Tree_Name: infineon.com
|   Product_Version: 10.0.17763
|_  System_Time: 2023-12-05T14:25:42+00:00
| ssl-cert: Subject: commonName=MESTSA005.infineon.com
| Subject Alternative Name: DNS:MESTSA005.infineon.com
| Issuer: commonName=Infineon Technologies AG Machine CA 2/organizationName=Infineon Technologies AG/countryName=DE
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2023-02-02T08:12:48
| Not valid after:  2024-02-02T08:12:48
| MD5:   cf40:75b6:5bf1:369b:940a:c81e:6773:7f84
|_SHA-1: 6c95:afca:ff55:efc1:3cd5:2aa3:1f02:bb47:28d0:b98c
|_ssl-date: 2023-12-05T14:26:22+00:00; 0s from scanner time.
5050/tcp open  http          nginx 1.20.1
|_http-title: Welcome to nginx!
|_http-server-header: nginx/1.20.1
| http-methods:
|_  Supported Methods: GET HEAD
MAC Address: 00:50:56:8E:63:CF (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2019 (97%)
Aggressive OS guesses: Microsoft Windows Server 2019 (97%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-time:
|   date: 2023-12-05T14:25:42
|_  start_date: N/A
| nbstat: NetBIOS name: MESTSA005, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:8e:63:cf (VMware)
| Names:
|   MESTSA005<20>        Flags: <unique><active>
|   MESTSA005<00>        Flags: <unique><active>
|_  INFINEON<00>         Flags: <group><active>
| smb2-security-mode:
|   3:1:1:
|_    Message signing enabled and required

TRACEROUTE
HOP RTT     ADDRESS
1   0.20 ms MESTSA005.infineon.com (10.95.176.60)

NSE: Script Post-scanning.
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.87 seconds
           Raw packets sent: 2070 (94.772KB) | Rcvd: 43 (2.950KB)
```

```bash
# https://www.stationx.net/nmap-cheat-sheet/
"C:\Program Files (x86)\Nmap\nmap.exe" -A 10.95.176.0/26 -F -oX "D:\Tmp\10.95.176.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 10.95.154.0/25 -F -oX "D:\Tmp\10.95.154.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.1.0/26 -F -oX "D:\Tmp\192.168.1.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.2.0/26 -F -oX "D:\Tmp\192.168.2.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.3.0/26 -F -oX "D:\Tmp\192.168.3.0.xml"
nmap -A 192.168.4.0/26 -F -oX /home/mike/192.168.4.0.xml
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.4.0/26 -F -oX "D:\Tmp\192.168.4.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.4.64/26 -F -oX "D:\Tmp\192.168.4.64.xml"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/192.168.4.64.xml" > "D:/Tmp/192.168.4.64.json"
```

```bash
# Office-5G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.1.0/26 -oX "D:\Tmp\phares\Network\192.168.1.0.xml"
```

```bash
# Laundry-5G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.2.0/26 -oX "D:\Tmp\phares\Network\192.168.2.0.xml"
```

```bash
# Media-5G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.3.0/26 -oX "D:\Tmp\phares\Network\192.168.3.0.xml"
```

```bash
# Loft-2G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.4.0/26 -oX "D:\Tmp\phares\Network\192.168.4.0.xml"
```

```bash
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.1.0.xml" > "D:/Tmp/phares/Network/192.168.1.0.json"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.2.0.xml" > "D:/Tmp/phares/Network/192.168.2.0.json"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.3.0.xml" > "D:/Tmp/phares/Network/192.168.3.0.json"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.4.0.xml" > "D:/Tmp/phares/Network/192.168.4.0.json"
L:/DevOps/Mesa_FI/File-Folder-Helper/bin/Release/net8.0/win-x64/publish/File-Folder-Helper.exe s X D:/Tmp/Phares/Network Day-Helper-2023-12-12 1*.json
```

```bash
# https://github.com/vdjagilev/nmap-formatter
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/10.95.154.xml" > "D:/Tmp/10.95.154.json"
copy "L:\Git\nmap-formatter\.vscode\10.95.154.xml" "L:\Git\Notes-EC-Documentation\EC-Documentation\nmap\10.95.154.xml"
```

```yml
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:51 US Mountain Standard Time
Nmap scan report for 10.95.176.1
Host is up (0.0049s latency).
All 100 scanned ports on 10.95.176.1 are in ignored states.
Not shown: 100 closed tcp ports (reset)
MAC Address: 00:08:E3:FF:FD:90 (Cisco Systems)

Nmap scan report for MESSR001.infineon.com (10.95.176.9)
Host is up (0.00063s latency).
Not shown: 93 filtered tcp ports (no-response)
PORT     STATE SERVICE
53/tcp   open  domain
88/tcp   open  kerberos-sec
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
389/tcp  open  ldap
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: F4:03:43:AE:90:A0 (Hewlett Packard Enterprise)

Nmap scan report for MESSN002.infineon.com (10.95.176.21)
Host is up (0.00056s latency).
Not shown: 96 closed tcp ports (reset)
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:19:C2 (VMware)

Nmap scan report for MESSR002.infineon.com (10.95.176.25)
Host is up (0.00063s latency).
Not shown: 93 filtered tcp ports (no-response)
PORT     STATE SERVICE
53/tcp   open  domain
88/tcp   open  kerberos-sec
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
389/tcp  open  ldap
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:24:15 (VMware)

Nmap scan report for MESSAD1001.infineon.com (10.95.176.35)
Host is up (0.00060s latency).
Not shown: 95 closed tcp ports (reset)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:51:F6 (VMware)

Nmap scan report for MESSN003.infineon.com (10.95.176.36)
Host is up (0.00055s latency).
Not shown: 96 closed tcp ports (reset)
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:80:86 (VMware)

Nmap scan report for MESSMSCCM02.infineon.com (10.95.176.37)
Host is up (0.00090s latency).
Not shown: 95 filtered tcp ports (no-response)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:95:BA (VMware)

Nmap scan report for MESSP1003.infineon.com (10.95.176.38)
Host is up (0.00038s latency).
Not shown: 90 filtered tcp ports (no-response)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
515/tcp  open  printer
1433/tcp open  ms-sql-s
3389/tcp open  ms-wbt-server
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap
8443/tcp open  https-alt
MAC Address: 00:50:56:8E:84:5A (VMware)

Nmap scan report for MESSA004.infineon.com (10.95.176.44)
Host is up (0.00062s latency).
Not shown: 94 closed tcp ports (reset)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:A1:D2 (VMware)

Nmap scan report for MESSA005.infineon.com (10.95.176.45)
Host is up (0.00074s latency).
Not shown: 94 closed tcp ports (reset)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
8888/tcp open  sun-answerbook
MAC Address: 00:50:56:8E:5A:0D (VMware)

Nmap scan report for MESTSA004.infineon.com (10.95.176.47)
Host is up (0.00077s latency).
Not shown: 96 closed tcp ports (reset)
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:0E:AF (VMware)

Nmap scan report for MESSA012.infineon.com (10.95.176.50)
Host is up (0.00065s latency).
Not shown: 94 closed tcp ports (reset)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
8888/tcp open  sun-answerbook
MAC Address: 00:50:56:8E:79:14 (VMware)

Nmap scan report for MESTSA005.infineon.com (10.95.176.60)
Host is up (0.00032s latency).
Not shown: 95 filtered tcp ports (no-response)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
MAC Address: 00:50:56:8E:63:CF (VMware)

Nmap scan report for MESTSA006.infineon.com (10.95.176.61)
Host is up (0.00081s latency).
Not shown: 94 filtered tcp ports (no-response)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
5051/tcp open  ida-agent
MAC Address: 00:50:56:8E:A8:92 (VMware)

Nmap scan report for MESTSA003.infineon.com (10.95.176.46)
Host is up (0.0028s latency).
Not shown: 93 closed tcp ports (reset)
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
5051/tcp open  ida-agent

Nmap done: 64 IP addresses (15 hosts up) scanned in 4.03 seconds
```

```bash
# https://www.youtube.com/watch?v=-rSqbgI7oZM
sudo -i
apt-get install nmap
apt-get install wireshark
apt-get install ettercap-text-only
ettercap -T -S -i ens18 -M arp:remote /192.168.3.1// /192.168.3.42//
# https://apackets.com/upload
```

```bash
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.31.50 -F -oX "D:\Tmp\192.168.31.50.xml"
```

```bash Wed Oct 09 2024 07:13:04 GMT-0700 (Mountain Standard Time)
# https://nmap.org/nsedoc/scripts/rdp-ntlm-info.html
nmap -p 3389 --script rdp-ntlm-info <target>
"C:\Program Files (x86)\Nmap\nmap.exe" -A 10.95.154.0/25 -F -oX "D:\Tmp\10.95.154.0.xml"
# 7) lastboot=
# 10.95.154.9
# 10.95.154.14
# 10.95.154.18
# scovery" output="
# 10.95.154.29
# 10.95.154.31
# 10.95.154.32
# 4) key="date"
# 4) id="ssl-cert"
# 2) key="notBefore"
# 2) key="notAfter"
# 2) id="ssl-date"
# 2) id="smb2-time"
# 1) key="System_Time"
# 1) key="start_date"
# 1) id="rdp-ntlm-info"
```

```c# Wed Oct 09 2024 11:13:59 GMT-0700 (Mountain Standard Time)
private static void LastBoot()
{
    DateTime dateTime;
    long[] seconds = [307988, 13835175, 891721, 3111906, 2663952, 672527, 13827962];
    string[] lastBootTimes = ["Sat Oct 5 19:05:28 2024", "Thu May 2 05:32:21 2024", "Sun Sep 29 00:56:35 2024", "Tue Sep 3 08:13:30 2024", "Sun Sep 8 12:39:24 2024", "Tue Oct 1 13:49:49 2024", "Thu May 2 07:32:34 2024"];
    System.Console.WriteLine(DateTime.Now.ToString("ddd MMM d HH:mm:ss yyyy"));
    for (int i = 0; i < seconds.Length; i++)
    {
        dateTime = DateTime.ParseExact(lastBootTimes[i], "ddd MMM d HH:mm:ss yyyy", null);
        System.Console.WriteLine(dateTime.AddSeconds(seconds[i]).ToString("yyyy-MM-dd HH:mm:ss"));
    }
}
```