01 Reconnaissance

Nmap Scan

1
# Basic Two level Recon for exam
2
1) nmap -p- -T5 --min-rate=1000 10.10.10.192 -oG fkclai.nmap
3
2) nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.192 -o nmap-result.txt
4
5
6
# Enumerate subnet
7
nmap -sn 10.11.1.1/24
8
9
# Fast simple scan
10
nmap -sS 10.11.1.111
11
12
# Full complete slow scan with output
13
nmap -v -sT -A -T4 -p- -Pn --script vuln -oA full 10.11.1.111
14
15
# Scan for UDP
16
nmap 10.11.1.111 -sU
17
18
Copied!

Network Scan

1
# Netdiscover
2
netdiscover -i eth0
3
netdiscover -r 10.11.1.1/24
4
5
# Nmap
6
nmap -sn 10.11.1.1/24
7
nmap -sn 10.11.1.1-253
8
nmap -sn 10.11.1.*
9
10
# NetBios
11
nbtscan -r 10.11.1.1/24
Copied!

tcpdump - packet scan

1
tcpdump -i eth0
2
tcpdump -c -i eth0
3
tcpdump -A -i eth0
4
tcpdump -w 0001.pcap -i eth0
5
tcpdump -r 0001.pcap
6
tcpdump -n -i eth0
7
tcpdump -i eth0 port 22
8
tcpdump -i eth0 -src 172.21.10.X
9
tcpdump -i eth0 -dst 172.21.10.X
Copied!
Last modified 1yr ago