Auto complete (hit tab)Hit tab again if you want to get a listhistory

1.  
2.  
3. Auto complete (hit tab)
4. Hit tab again if you want to get a list
5.  
6. history file - logs everything typed
7. history > webappcommands
8. !NUMBER to run command
9. !NUMBER&&!NUMBER
10.  
11. search through history
12. history | grep nmap
13.  
14.  
15. control R (for reverse search)
16.  
17. nmap to find stuff
18. ping scan to find all the services
19.  
20.  
21. nmap -sP 192.168.23.0/24
22. nmap -sL 216.92.251.0/24
23.  
24. - know basics of DNDS
25. - 3 way handshake
26.  
27. nmap -sT 293.268.153.130 -p 1-65535
28.  
29. - need to know what version of http
30. service prob
31.  
32. nmap -sV 192. -p 80
33.  
34.  
35.  
36. what if we just want to find web servers?
37. nmap -sT 192 -p 80 -oG web (dont use > which is to a file. instead, use oG to format)
38.  
39. cat web (read web)
40. cat web | grep open
41.  
42.  
43. gedit
44. #find all web servers
45. nmap -sT 192./24 -p 80 web
46. cat web | grep open > web1
47. cat web1 | cut -f2 -d":" | cut -f1 -"(" > web2
48. cat web2
49.  
50. or
51.  
52. awk '{print $2}' web1 > listweb
53. cat listweb
54.  
55.  
56.  
57. ----
58.  
59. #find all web servers
60. nmap -sT 192./24 -p 80 -oG web
61. cat web | grep open > web1
62. awk '{print $2}' web1 > web2
63. #of all the web servers found, check to see which are also
64. #dns servers
65. nmap -iL web2 -p 53 -oG dns
66. cat dns | grep open > dns1
67. awk '{print $2}' dns1 > dns2
68. echo "Here are the web servers!"
69. cat web2
70. echo "Here are the dns servers!"
71. cat dns2
72.  
73.  
74.  
75. ----
76.  
77. dig msstate.edu
78. # verify ip address resolves to msstate.edu
79. #use dnsrecon
80. ./dnsrecon.py -r 216...1-216...254 > webstate
81. cat webstate | grep msstate.edu > champs
82. cat champs
83. more champs
84. grep faculty
85.  
86.  
87. - get all that is msstate (grep)
88. awk '{print $4} champs2 > champs3
89. cat champs3
90.  
91. # check how many you can reach
92. nmap -iL champs3 -sP -oG champup
93. cat champup | grep up
94.  
95. # check which ones we can reach on port 80
96. cat champup | grep Up > champweb
97. awk 'print $2' champweb > champfinal
98. nmap -iL champfinal -sS -p 80 -oG champwebup
99. cat champwebup | grep open
100.  
101. cat champwebup | wc -l
102. cat champwebup | grep open | wc -l #that has words open (has web server)
103. cat champwebup | grep open
104. awk '{print $2}' webupopen > webversion
105. nmap -iL webversion -sV -p 80 -og champversion
106.  
107.  
108. # google apache 2.2.15 vulnerabilities
109. cat champversion | grep IIS
110. cat champversion | grep -i IIS
111. cat champversion | grep -i IIS
112.  
113.  
114. nmap wont be caught if you just look at ip layer cause it doesnt even go there
115. uses ARP
116.  
117. know 3way handshake
118. did syn, syn ack, and then syn within wireshark
119.  
120. watching traffic is important
121.  
122. omnipeak
123. pcap file
124.  
125. packet captures
126. rootkits
127.  
128. snort
129.  
130. stealthy christmas scan.. null scan
131.  
132.  
133. nmap -sF 192 -p --mtu240
134.  
135.  
136.  
137.  
138. keatron.evans@infosecinstitute.com
139. blinksecurity.com/wapt.htm
140.  
141.  
142.  
143.  
144. nmap -sT IP -p 21 -t insane
145.  
146.  
147. PORT 0 usually used for covert communication because it doesnt get detected by IDS
148.  
149.  
150.  
151.  
152. Connect to a website:
153. First, DNS
154. Then, 3-way handshake (syn; syn ack; syn)
155.  
156.  
157. Review WireShark
158. Review comunication session with Yahoo
159.  
160. Review status codes
161.  
162. -post is on the test
163.  
164. HOW TO INTERACT WITH WEBSITE USING TELNET?
165.  
166.  
167.  
168. wget http://www.infosecinstitute.com
169. firefox index.html.1
170.  
171.  
172. wget -r 1 http://ww.infosecinstitute.com