GitHubPsMapExec

Recon

Common SCCM Ports

LogoPorts used for connections - Configuration ManagerMicrosoftLearn
Protocol
Port(s)
Service

TCP

8530, 8531,

Site Server, Management Point

10123

TCP

49152-49159

Distribution Point

UDP

4011

Operating System Deployment (OSD)

Nmap

# SCCM search
nmap -p 80,443,445,1433,10123,8530,8531 -sV [IP]

# search PXE
nmap -p 67,68,69,4011,547 -sV -sU [IP]

PowerShell

([ADSISearcher]("objectClass=mSSMSManagementPoint")).FindAll() | % {$_.Properties}

Configuration Manager

Linux Recon

python3 sccmhunter.py find -u <user> -p <password> -d <domain> -dc-ip <ip> -debug

# Review collected information
python3 sccmhunter.py show -all

Discovery through SMB

smbmap -u <user> -p <password> -d <domain> -H <ip>

Last updated