THE CU
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
    • RDP Analysis
  • Land A Job
    • Entry-Level InfoSec Jobs
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Certifications
    • Finance, Travel, and Mental HealthBooks
    • Finance Resources
    • Infosec Conferences
    • CTFs
    • Cyber Ranges
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers

Network Enumeration
​Cheat Sheet

Basic Scan

nmap -n -T4 -sS -sV -sU -O –max-scan-delay 20 -p T:1-65535,U:161 -iL [IP List] -oA [scan_results]

FTP

nmap -sV -Pn -vv -p 20,21 –script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 -oA [scan results] [ip]

SQL

MSSQL
​nmap -sV -Pn -p 1433 –script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes –script-args=mssql.instance-port=1433,smsql.username-sa,mssql.password-sa -oN [scan results] [IP]

SMB

nmap -p 139,445 –script=smb-enum-shares.nse,smb-ls.nse,smb-enum-users.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-security-mode.nse,smbv2-enabled.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse,smbv2-enabled.nse [IP] -oA [scan_results]

NullSession
enum4linux [ip] > enum4linux.txt

Share Enumeration
smbclient -L \\SERVER -I [IP] -N
  • -I = IP
  • -N = no pass
  • -L = host
Example: smbclient //host/wwwroot -I 192.168.1.1 -N

SMTP

nmap -sV -Pn -p 25 –script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -oA [scan_results] [IP] 

SNMP

Snmp-Check
snmp-check [IP]

Resources:
​http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
Home      Blogs    Disclaimers    Copyright Notice   Cookie Policy ​
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
    • RDP Analysis
  • Land A Job
    • Entry-Level InfoSec Jobs
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Certifications
    • Finance, Travel, and Mental HealthBooks
    • Finance Resources
    • Infosec Conferences
    • CTFs
    • Cyber Ranges
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers