using hping to iterate through an address space

# for i in 'seq 1 255'; do hping3 --count 1 x.x.x.$i; done [hping_an_address_space]
# for i in 'seq 1 255'; do hping3 --count 1 x.x.x.$i 2>/dev/null | grep ip=; done [list those that repond, grep output for "ip="; taking the standard rror message and throwing them away ]
# hping3 target_IP_address <--
# tcpdump -nn host your_IP_address and host target_IP_address -p -i tap0 <-- (possibly stop iptables on the source linux machine
# hping3 -icmp -data 40 -file text.txt target_IP_address -p -i tap0 <-- (payload size of 40 bytes populated with a file called test.txt)
# hping3 --icmp --interval 10 --beep target_IP_addres <-- (will continue to beep when the source could ping the target_IP_address. beep will stop as soon as the network is disconnected)

#!/bin/bash

if [ "$1" == "" ]

then

echo "Uaage /pingweeps.sh [network]"

echo "E.g :/pingsweep.sh 102.168.1"

else

for ip in `seq 1 254` ; do

ping -c 1 $1.$ip | grep "64 bytes" | cut -d " " -f 4 | sed 's/://' &

done

Oneliner ping from powershell. Will ping first 20 ip of 192.168.1

ps>1..20 | % {"192.168.1.$($_):
$(Test-Connection -count 1 -comp 192.168.1.$($_) -quiet)"}

From <https://learn-powershell.net/2011/01/31/quick-hits-ping-sweep-one-liner/>

Oneliner ping from cmd line

FOR /L %i in (1,1,255) do @ping -n 1 192.168.100.%i | find "Reply"

cat ping3.txt | sort -u

for ip in $(cat iplist.txt); do nmap -Pn $ip; done

Comments

VM 9 : PHP Include And Post Exploitation

Walkthrough 1. https://medium.com/@Kan1shka9/pentesterlab-php-include-and-post-exploitation-walkthrough-8a85bcfa7b1d 2. Ine [] 3. http://megwhite.com.au/pentester-lab-bootcamp-walkthrough-php-include-post-exploitation/ 4. http://fallensnow-jack.blogspot.com/2014/07/pentester-lab-php-lfi-post-exploitation.html Notes: root@kali:~# nmap 10.0.0.12 Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-30 12:23 EDT Nmap scan report for 10.0.0.12 Host is up (0.00035s latency). Not shown: 999 filtered ports PORT STATE SERVICE 80/tcp open http MAC Address: 08:00:27:1F:12:24 (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds root@kali:~# Enumerating port 80 Run dirb root@kali:~# dirb http://10.0.0.12/ ----------------- DIRB v2.22 By The Dark Raver...

VM 15: Kioptix 2014

Walkthru Notes 2nd approach using nc via web using php reverse shell 3rd approach w/o metasploit =================== walkthru: 1. Updating OpenFuck Exploit(764) but it didnt work here @ https://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/ 2. ============== Notes: 80/tcp open http Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox virtual NIC) Running: FreeBSD 9.X|10.X OS CPE: cpe:/o:freebsd:freebsd:9 cpe:/o:freebsd:freebsd:10 OS details: FreeBSD 9.0-RELEASE - 10.3-RELEASE PORT STATE SERVICE VERSION 8080/tcp open http Apache httpd 2.2.21 ((FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8) |_http-server-header: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 PHP/5.3.8 |_http-title: 403 Forbidden MAC Address: 08:00:27:82:89:F9 (Oracle VirtualBox...

Penetration Testing Framework 0.57

Network Footprinting (Reconnaissance) The tester would attempt to gather as much information as possible about the selected network. Reconnaissance can take two forms i.e. active and passive. A passive attack is always the best starting point as this would normally defeat intrusion detection systems and other forms of protection etc. afforded to the network. This would usually involve trying to discover publicly available information by utilising a web browser and visiting newsgroups etc. An active form would be more intrusive and may show up in audit logs and may take the form of an attempted DNS zone transfer or a social engineering type of attack. http://www.vulnerabilityassessment.co.uk/

nagpentest

Search This Blog