Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Auto complete (hit tab)
- Hit tab again if you want to get a list
- history file - logs everything typed
- history > webappcommands
- !NUMBER to run command
- !NUMBER&&!NUMBER
- search through history
- history | grep nmap
- control R (for reverse search)
- nmap to find stuff
- ping scan to find all the services
- nmap -sP 192.168.23.0/24
- nmap -sL 216.92.251.0/24
- - know basics of DNDS
- - 3 way handshake
- nmap -sT 293.268.153.130 -p 1-65535
- - need to know what version of http
- service prob
- nmap -sV 192. -p 80
- what if we just want to find web servers?
- nmap -sT 192 -p 80 -oG web (dont use > which is to a file. instead, use oG to format)
- cat web (read web)
- cat web | grep open
- gedit
- #find all web servers
- nmap -sT 192./24 -p 80 web
- cat web | grep open > web1
- cat web1 | cut -f2 -d":" | cut -f1 -"(" > web2
- cat web2
- or
- awk '{print $2}' web1 > listweb
- cat listweb
- ----
- #find all web servers
- nmap -sT 192./24 -p 80 -oG web
- cat web | grep open > web1
- awk '{print $2}' web1 > web2
- #of all the web servers found, check to see which are also
- #dns servers
- nmap -iL web2 -p 53 -oG dns
- cat dns | grep open > dns1
- awk '{print $2}' dns1 > dns2
- echo "Here are the web servers!"
- cat web2
- echo "Here are the dns servers!"
- cat dns2
- ----
- dig msstate.edu
- # verify ip address resolves to msstate.edu
- #use dnsrecon
- ./dnsrecon.py -r 216...1-216...254 > webstate
- cat webstate | grep msstate.edu > champs
- cat champs
- more champs
- grep faculty
- - get all that is msstate (grep)
- awk '{print $4} champs2 > champs3
- cat champs3
- # check how many you can reach
- nmap -iL champs3 -sP -oG champup
- cat champup | grep up
- # check which ones we can reach on port 80
- cat champup | grep Up > champweb
- awk 'print $2' champweb > champfinal
- nmap -iL champfinal -sS -p 80 -oG champwebup
- cat champwebup | grep open
- cat champwebup | wc -l
- cat champwebup | grep open | wc -l #that has words open (has web server)
- cat champwebup | grep open
- awk '{print $2}' webupopen > webversion
- nmap -iL webversion -sV -p 80 -og champversion
- # google apache 2.2.15 vulnerabilities
- cat champversion | grep IIS
- cat champversion | grep -i IIS
- cat champversion | grep -i IIS
- nmap wont be caught if you just look at ip layer cause it doesnt even go there
- uses ARP
- know 3way handshake
- did syn, syn ack, and then syn within wireshark
- watching traffic is important
- omnipeak
- pcap file
- packet captures
- rootkits
- snort
- stealthy christmas scan.. null scan
- nmap -sF 192 -p --mtu240
- keatron.evans@infosecinstitute.com
- blinksecurity.com/wapt.htm
- nmap -sT IP -p 21 -t insane
- PORT 0 usually used for covert communication because it doesnt get detected by IDS
- Connect to a website:
- First, DNS
- Then, 3-way handshake (syn; syn ack; syn)
- Review WireShark
- Review comunication session with Yahoo
- Review status codes
- -post is on the test
- HOW TO INTERACT WITH WEBSITE USING TELNET?
- wget http://www.infosecinstitute.com
- firefox index.html.1
- wget -r 1 http://ww.infosecinstitute.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement