01 Reconnaissance

Nmap Scan
# Basic Two level Recon for exam
1) nmap -p- -T5 --min-rate=1000 10.10.10.192 -oG fkclai.nmap
2) nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.192 -o nmap-result.txt
​
​
# Enumerate subnet
nmap -sn 10.11.1.1/24
​
# Fast simple scan
nmap -sS 10.11.1.111
​
# Full complete slow scan with output
nmap -v -sT -A -T4 -p- -Pn --script vuln -oA full 10.11.1.111
​
# Scan for UDP
nmap 10.11.1.111 -sU
​
​
Network Scan
# Netdiscover
netdiscover -i eth0
netdiscover -r 10.11.1.1/24
​
# Nmap
nmap -sn 10.11.1.1/24
nmap -sn 10.11.1.1-253
nmap -sn 10.11.1.*
​
# NetBios
nbtscan -r 10.11.1.1/24
tcpdump - packet scan 
tcpdump -i eth0
tcpdump -c -i eth0
tcpdump -A -i eth0
tcpdump -w 0001.pcap -i eth0
tcpdump -r 0001.pcap
tcpdump -n -i eth0
tcpdump -i eth0 port 22
tcpdump -i eth0 -src 172.21.10.X
tcpdump -i eth0 -dst 172.21.10.X
​

Exploit/CVE PoC - Previous

Twitter Control an RCE attack

Next - Exploitation Guide

02 Port Enumeration

Last updated 4 months ago