Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NetBIOS
- Find all Netbios servers on subnet
- nmap -sV -v -p 139,445 10.0.0.1/24
- Nmap display Netbios name
- nmap -sU --script nbstat.nse -p 137 target
- Nmap check if Netbios servers are vulnerable to MS08-067
- nmap --script-args=unsafe=1 --script smb-check-vulns.nse -p 445 target
- SMB
- Enum
- enum4linux -a target_ip
- nbtscan 192.168.1.0/24
- Mount NFS share to /mnt/nfs
- mount 192.168.1.1:/vol/share /mnt/nfs
- Mount Windows CIFS / SMB share on Linux at /mnt/cifs if you remove password it will prompt on the CLI (more secure as it wont end up in bash_history)
- mount -t cifs -o username=user,password=pass, domain=blah //192.168.1.X/share-name /mnt/cifs
- Linux
- finger @192.168.1.x
- finger root@192.168.1.x
- finger user@192.168.1.x
- SNMP
- snmpcheck -t 192.168.1.X -c public
- snmpwalk -c public -v1 192.168.1.X 1 grep hrSWRunName|cut -d* * -f
- snmpenum -t 192.168.1.X
- User enum
- snmpwalk public -v1 192.168.X.XXX 1 |grep 77.1.2.25 |cut -d" " -f4
- nmap -sT -p 161 192.168.X.XXX/254 -oG snmp_results.txt
- DNS
- Zone transfer (Linux)
- dig axfr blah.com @ns1.blah.com
- Zone transfer (Windows)
- nslookup -> set type=any -> ls -d blah.com
- Recon
- dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml
- Packet Inspection
- tcpdump tcp port 80 -w output.pcap -i eth0
- TTL fingerprinting
- Windows: 128
- Linux: 64
- Solaris: 255
- Cisco/Network: 255
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement