sudo nmap -Pn -p- --min-rate 300 t1 -oN init
sudo nmap -Pn -p- -A t1 -oN versions
sudo nmap -Pn -sU --top-ports=100 -oN udpscan t1 -oN udp #UDP
Very Rare
- 111 & 2049: NFS
sudo nmap --script nfs* 10.129.14.128 -sV -p111,2049
- 512 (rlogin)
- 4369 + 25672: (epmd /erlang)
- 5000: dtale
- 8443 (might be priv esc as well)
- 9255: AChat
- 6064
Rare
AD/ WIN bundle
- 53
- 88 & 464: kerberos (sudo ntpdate -s $IP⇒ updte time to be as target)
- 389/3268/3269(636): (ldaps) (check AD)