PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
445/tcp open microsoft-ds?
3389/tcp open ms-wbt-server Microsoft Terminal Services
|_ssl-date: 2024-02-07T05:15:40+00:00; +13s from scanner time.
| ssl-cert: Subject: commonName=m3webaw.m3c.local
| Not valid before: 2024-01-02T11:18:31
|_Not valid after: 2024-07-03T11:18:31
| rdp-ntlm-info:
| Target_Name: M3C
| NetBIOS_Domain_Name: M3C
| NetBIOS_Computer_Name: M3WEBAW
| DNS_Domain_Name: m3c.local
| DNS_Computer_Name: m3webaw.m3c.local
| DNS_Tree_Name: m3c.local
| Product_Version: 10.0.17763
|_ System_Time: 2024-02-07T05:15:00+00:00
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
The user svc_sql have constrained delegation on this machine. Post-Exploitation. The users from Server admins can ps remote.
To reach to svc_apache we need to most probably get to this machine and then then recon the next steps. with svc_apache we need to perform RBCD to get m3dc.m3c.local.
This machine is a webserver so most probably we we exploit some apache related service to gain access to this account.