01 Reconnaissance

Nmap Scan

# Basic Two level Recon for exam
1) nmap -p- -T5 --min-rate=1000 10.10.10.192 -oG fkclai.nmap
2) nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.192 -o nmap-result.txt
# Enumerate subnet
nmap -sn 10.11.1.1/24
# Fast simple scan
nmap -sS 10.11.1.111
# Full complete slow scan with output
nmap -v -sT -A -T4 -p- -Pn --script vuln -oA full 10.11.1.111
# Scan for UDP
nmap 10.11.1.111 -sU

Network Scan

# Netdiscover
netdiscover -i eth0
netdiscover -r 10.11.1.1/24
# Nmap
nmap -sn 10.11.1.1/24
nmap -sn 10.11.1.1-253
nmap -sn 10.11.1.*
# NetBios
nbtscan -r 10.11.1.1/24

tcpdump - packet scan

tcpdump -i eth0
tcpdump -c -i eth0
tcpdump -A -i eth0
tcpdump -w 0001.pcap -i eth0
tcpdump -r 0001.pcap
tcpdump -n -i eth0
tcpdump -i eth0 port 22
tcpdump -i eth0 -src 172.21.10.X
tcpdump -i eth0 -dst 172.21.10.X