using hping to iterate through an address space

# for i in 'seq 1 255'; do hping3 --count 1 x.x.x.$i; done [hping_an_address_space]
# for i in 'seq 1 255'; do hping3 --count 1 x.x.x.$i 2>/dev/null | grep ip=; done [list those that repond, grep output for "ip="; taking the standard rror message and throwing them away ]
# hping3 target_IP_address <--
# tcpdump -nn host your_IP_address and host target_IP_address -p -i tap0 <-- (possibly stop iptables on the source linux machine
# hping3 -icmp -data 40 -file text.txt target_IP_address -p -i tap0 <-- (payload size of 40 bytes populated with a file called test.txt)
# hping3 --icmp --interval 10 --beep target_IP_addres <-- (will continue to beep when the source could ping the target_IP_address. beep will stop as soon as the network is disconnected)

#!/bin/bash

if [ "$1" == "" ]

then

echo "Uaage /pingweeps.sh [network]"

echo "E.g :/pingsweep.sh 102.168.1"

else

for ip in `seq 1 254` ; do

ping -c 1 $1.$ip | grep "64 bytes" | cut -d " " -f 4 | sed 's/://' &

done

Oneliner ping from powershell. Will ping first 20 ip of 192.168.1

ps>1..20 | % {"192.168.1.$($_):
$(Test-Connection -count 1 -comp 192.168.1.$($_) -quiet)"}

From <https://learn-powershell.net/2011/01/31/quick-hits-ping-sweep-one-liner/>

Oneliner ping from cmd line

FOR /L %i in (1,1,255) do @ping -n 1 192.168.100.%i | find "Reply"

cat ping3.txt | sort -u

for ip in $(cat iplist.txt); do nmap -Pn $ip; done

Comments

VM 9 : PHP Include And Post Exploitation

Walkthrough 1. https://medium.com/@Kan1shka9/pentesterlab-php-include-and-post-exploitation-walkthrough-8a85bcfa7b1d 2. Ine [] 3. http://megwhite.com.au/pentester-lab-bootcamp-walkthrough-php-include-post-exploitation/ 4. http://fallensnow-jack.blogspot.com/2014/07/pentester-lab-php-lfi-post-exploitation.html Notes: root@kali:~# nmap 10.0.0.12 Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-30 12:23 EDT Nmap scan report for 10.0.0.12 Host is up (0.00035s latency). Not shown: 999 filtered ports PORT STATE SERVICE 80/tcp open http MAC Address: 08:00:27:1F:12:24 (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds root@kali:~# Enumerating port 80 Run dirb root@kali:~# dirb http://10.0.0.12/ ----------------- DIRB v2.22 By The Dark Raver...

VM 5: Vulnix :

Walkthru: A. https://mrh4sh.github.io/vulnix-solution [SMTP and Finger enumeration, creating linux user with specific UID, root squashing, ssh pwd cracking using medusa & hydra, logging using ssh keys, updating /usr/sbin/exportfs] B. http://overflowsecurity.com/hacklab-vulnix/ [ same as above. create ssh keys for root and copied to victim to login as root w/o recovering pwd] C. https://www.rebootuser.com/?p=988[ local bash shell from nfs] B. https://www.vulnhub.com/?q=vulnix&sort=date-des&type=vm [list of solutions] D. https://www.rebootuser.com/?p=988 [User Enumeration #1 – SMTP, Finger; Entry Point including hydra, Putty(using rlogin service), nfs (showmount,mount) ] Notes: - As you can see the root user is the only account which is logged on the remote host.Now that we have a specific username we can use it in order to obtain more information about this user with the command finger root@host . - Another effective use of the finger...

Penetration Testing Framework 0.57

Network Footprinting (Reconnaissance) The tester would attempt to gather as much information as possible about the selected network. Reconnaissance can take two forms i.e. active and passive. A passive attack is always the best starting point as this would normally defeat intrusion detection systems and other forms of protection etc. afforded to the network. This would usually involve trying to discover publicly available information by utilising a web browser and visiting newsgroups etc. An active form would be more intrusive and may show up in audit logs and may take the form of an attempted DNS zone transfer or a social engineering type of attack. http://www.vulnerabilityassessment.co.uk/

nagpentest

Search This Blog