Hack$Notes
  • Hack$Notes
  • Enumeration
    • NMAP Scanning
    • Hping3 Scanning
      • IDLE SCAN
    • DNS Enum
    • SMB Enum
    • SMTP Enum
    • POP3
    • SNMP Enum
    • LDAP Enum
    • HTTP Enum
      • CheckList
    • FTP Enum
    • SSH Enum
    • MySQL Enum
    • Oracle Enum
    • NFS Enum
    • Internet Relay Chat (IRC)
    • Telnet
    • Kerberos
    • Finger
    • Ports Open/Close
    • ident
    • Postgresl
  • Transferring Files
  • Metasploit Framework
    • Msfvenom tutorial
    • Msfvenom Payloads
  • Reverse Shells
  • Buffer Overflow
    • B.O Steps
    • SLmail B.O
  • Spawning a Shell
  • Password Attacks
    • Passing the Hash
    • SAM/SYSTEM
    • Passwords
    • Hydra
    • Medusa
    • Ncrack
    • Unshadow
    • Hashcat
    • John The Ripper
    • fcrackzip
  • Privilege Escalation
    • Windows
      • Kernel Exploits
      • Stored Credentials
      • Unquoted Service Path
      • Always Install Elevated
      • Weak Permissions
      • Schedule Tasks
      • AutoRun Executables
      • Startup Apps
      • Passwords
      • Win PrivEsc Tools
    • Linux
      • Kernel Exploits
      • Service Exploits
      • PATH Variable
      • SUID/GUID files
      • CronJobs
      • Sudo
      • Custom Executable
      • Linux PrivEsc Tools
  • Port Forwarding
  • Tools / Techniques
    • General Check List
    • Misc. Commands
    • Steganography
    • Evasion Techniques
    • SQL Injection Payloads
    • LFI / RFI
    • Recover contents
    • JAR Files
    • Strace/Ltrace
    • Port Knocking
    • Screenshots in Kali
    • Curl
  • Resources
    • Books
    • Links
Powered by GitBook
On this page

Was this helpful?

  1. Enumeration

NMAP Scanning

Various nmap scans

Full UDP Scan

nmap -sU -sV -vv -oA quick_udp 10.10.10.20
nmap -A -sV -sU --script=default,vuln --open -oA udp_full_scan 10.10.10.20

Full TCP Scan

nmap -sC -sV -p- -vv -oA full 10.10.10.20
nmap -A -sV --script=default,vuln -p- --open -oA tcp_full_scan 10.10.10.20
nmap -T4 -A -p- 10.10.10.20

Port Knock

for x in 7000 8000 9000; do nmap -Pn --host_timeout 201 --max-retries 0 -p $x 1

Scan all ports

nmap -sS -A -T4 -p 1-65535 -oA nmapscan.txt 10.10.10.20

OS Guess

nmap -O -v -n 10.10.10.0/24 --osscan-guess

NSE scripts

Used for:

  • Service enumeration

  • Brute-force

  • Vulnerabilities

  • /usr/share/nmap/scripts/ # Directory

--script=name-of-the-script
OR
--script name-of-the-script.nse

Vulnerability Scan

# On general
nmap --script vuln -oA nmap vulnscan 10.10.10.20

# On specific ports
nmap --script +vuln -p80,1999,8180,35316 10.10.10.20 
nmap --script +vuln -p4433 10.10.10.20
nmap --script +vuln -p2049,445,80,60666 10.10.10.20
PreviousEnumerationNextHping3 Scanning

Last updated 5 years ago

Was this helpful?