# Pivoting Uploaded nmap to /tmp folder and scanned network ```bash ./nmap-adot8 -sn 10.200.72.0/24 -oN hosts # Nmap 7.80SVN scan initiated Wed Mar 20 19:37:15 2024 as: ./nmap-adot8 -sn -oN scan-adot8 10.200.101.0/24 Cannot find nmap-payloads. UDP payloads are disabled. Nmap scan report for ip-10-200-101-1.eu-west-1.compute.internal (10.200.101.1) Cannot find nmap-mac-prefixes: Ethernet vendor correlation will not be performed Host is up (0.00028s latency). MAC Address: 02:23:3F:A3:95:4B (Unknown) Nmap scan report for ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100) Host is up (0.00043s latency). MAC Address: 02:07:BE:ED:97:53 (Unknown) Nmap scan report for ip-10-200-101-150.eu-west-1.compute.internal (10.200.101.150) Host is up (0.00091s latency). MAC Address: 02:14:6D:02:C8:21 (Unknown) Nmap scan report for ip-10-200-101-250.eu-west-1.compute.internal (10.200.101.250) Host is up (0.00026s latency). MAC Address: 02:CC:C0:0D:98:63 (Unknown) Nmap scan report for ip-10-200-101-200.eu-west-1.compute.internal (10.200.101.200) Host is up. # Nmap done at Wed Mar 20 19:37:16 2024 -- 256 IP addresses (5 hosts up) scanned in 1.63 seconds ``` ## 10.200.101.100 ```basic ./nmap-adot8 -T5 -Pn -v 10.200.101.100 Starting Nmap 7.80SVN ( https://nmap.org ) at 2024-03-20 19:49 GMT Unable to find nmap-services! Resorting to /etc/services Cannot find nmap-payloads. UDP payloads are disabled. Initiating ARP Ping Scan at 19:49 Scanning 10.200.101.100 [1 port] Completed ARP Ping Scan at 19:49, 0.00s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 19:49 Completed Parallel DNS resolution of 1 host. at 19:49, 0.00s elapsed Initiating SYN Stealth Scan at 19:49 Scanning ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100) [6150 ports] SYN Stealth Scan Timing: About 47.34% done; ETC: 19:50 (0:00:34 remaining) Completed SYN Stealth Scan at 19:50, 62.70s elapsed (6150 total ports) Nmap scan report for ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100) Cannot find nmap-mac-prefixes: Ethernet vendor correlation will not be performed Host is up (0.00011s latency). All 6150 scanned ports on ip-10-200-101-100.eu-west-1.compute.internal (10.200.101.100) are filtered MAC Address: 02:07:BE:ED:97:53 (Unknown) Read data files from: /etc Nmap done: 1 IP address (1 host up) scanned in 62.72 seconds Raw packets sent: 12301 (541.228KB) | Rcvd: 1 (28B) ``` ## 10.200.101.150 ```bash ./nmap-adot8 -sS -T5 -Pn -v 10.200.101.150 Starting Nmap 7.80SVN ( https://nmap.org ) at 2024-03-20 19:52 GMT Unable to find nmap-services! Resorting to /etc/services Cannot find nmap-payloads. UDP payloads are disabled. Initiating ARP Ping Scan at 19:52 Scanning 10.200.101.150 [1 port] Completed ARP Ping Scan at 19:52, 0.00s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 19:52 Completed Parallel DNS resolution of 1 host. at 19:52, 0.00s elapsed Initiating SYN Stealth Scan at 19:52 Scanning ip-10-200-101-150.eu-west-1.compute.internal (10.200.101.150) [6150 ports] Discovered open port 3389/tcp on 10.200.101.150 Discovered open port 135/tcp on 10.200.101.150 Discovered open port 80/tcp on 10.200.101.150 Discovered open port 139/tcp on 10.200.101.150 Discovered open port 445/tcp on 10.200.101.150 Discovered open port 5985/tcp on 10.200.101.150 Completed SYN Stealth Scan at 19:52, 17.51s elapsed (6150 total ports) Nmap scan report for ip-10-200-101-150.eu-west-1.compute.internal (10.200.101.150) Cannot find nmap-mac-prefixes: Ethernet vendor correlation will not be performed Host is up (0.00051s latency). Not shown: 6144 filtered ports PORT STATE SERVICE 80/tcp open http 135/tcp open epmap 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-wbt-server 5985/tcp open wsman MAC Address: 02:14:6D:02:C8:21 (Unknown) Read data files from: /etc Nmap done: 1 IP address (1 host up) scanned in 17.54 seconds Raw packets sent: 18451 (811.828KB) | Rcvd: 19 (820B) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://pnpt.adot8.com/external-pentest-playbook/wreath-try-hack-me/pivoting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.