Skip to main content

FOR Loops

>> FOR /L %i in (1,1,255) do @ping -n 1 10.10.10.%i | find "Reply"

--> is a ping sweep
>> FOR /f %i in (password.lst) do @echo %i & @net use file://target_ip_addr/ %i /u:[username] 2>nul &&  pause

--> password guess; instead of pause, we could append our results to a file with :

&& echo Username: %i >> success.txt

>> FOR /L %i in (1,1,255) do echo %i & ping -n 5 127.0.0.1 & cls -->
[command1] & [command2] --> run multiple commands
[command1] && [command2] --> run multiple commands only if the prior command is succeeded without error

u could use the echo cmd to build a script line by line by running the following cmd several times, varying the line each time you run it

c:\ echo [line] << file.bat

The FOR loop variable must be changed from %[var] to %%[var] to make in a batch file. Place 2 %age sign infront of each vaiable name

=========================

windows>for /L %i in (1,1,255) do @echo 192.168.58.%i: & @nslookup  192.168.58.%i 192.168.58.60 2>nul | find "Name"

this cmd starts a FOR /L couting loop at 1, counts by 1, and proceed through 255, using %i as the variable. At ach iteration through the loop, it echoes the ip address that it is trying by a colon, w/o displaying the echo cmd (@echo 192.168.58.%i:). then it performs a reverse lookup of each ip address against server 192.168.58.60 using lookup, again w/o displaying the nslookup cmd (@nslookup 192.168.58.%i 192.168.58.160). if nslookup cant find a name it display a mesg of ***[server] cant find..... we want to get rid of that standard error so we redirect it to nul. we search the outupt of the cmd with the find command, looking for the string  "Name" b/c sucssessfully searched names will include this string.

windows>for /L %i in (1,1,255) do @nslookup  192.168.58.%i 192.168.58.60 2>nul | find "Name" && echo 192.168.58.%i

will display to ip address when we succsssfully resolve a name, we could run.

========================================

windows>for /f %i in (ports.txt) do @nc.exe -n -vv -w3 192.168.54.139 %i

build a port scanner using ports.txt which simply contains the port numbers (one port number at a line). you could use following to develop the list.

windows> echo 21 >> ports.txt
windows> echo 22 >> ports.txt
windows> echo 23 >> ports.txt

Comments

Popular posts from this blog

VM 9 : PHP Include And Post Exploitation

Walkthrough 1.        https://medium.com/@Kan1shka9/pentesterlab-php-include-and-post-exploitation-walkthrough-8a85bcfa7b1d 2.        Ine [] 3.        http://megwhite.com.au/pentester-lab-bootcamp-walkthrough-php-include-post-exploitation/ 4.        http://fallensnow-jack.blogspot.com/2014/07/pentester-lab-php-lfi-post-exploitation.html Notes: root@kali:~# nmap 10.0.0.12 Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-30 12:23 EDT Nmap scan report for 10.0.0.12 Host is up (0.00035s latency). Not shown: 999 filtered ports PORT    STATE SERVICE 80/tcp open   http MAC Address: 08:00:27:1F:12:24 (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds root@kali:~# Enumerating port 80 Run dirb root@kali:~# dirb http://10.0.0.12/ ----------------- DIRB v2.22 By The Dark Raver...

VM 5: Vulnix :

Walkthru: A. https://mrh4sh.github.io/vulnix-solution [SMTP and Finger enumeration, creating linux user with specific UID, root squashing, ssh pwd cracking using medusa & hydra, logging using ssh keys, updating /usr/sbin/exportfs] B. http://overflowsecurity.com/hacklab-vulnix/ [ same as above. create ssh keys for root and copied to victim to login as root w/o recovering pwd] C. https://www.rebootuser.com/?p=988[ local bash shell from nfs] B. https://www.vulnhub.com/?q=vulnix&sort=date-des&type=vm [list of solutions] D. https://www.rebootuser.com/?p=988 [User Enumeration #1 – SMTP, Finger; Entry Point including hydra, Putty(using rlogin service), nfs (showmount,mount) ] Notes: - As you can see the root user is the only account which is logged on the remote  host.Now that we have a specific username we can use it in order to obtain more information about this user with the command  finger root@host . -  Another effective use of the finger...

VM 13 : Basic Pentest 1 csec

Notes: Walkthru: 1. https://medium.com/@evire/basic-pentesting-1-7251fb3e3f9e [ w/metasploi t using Wordpress t] 2. https://prasannakumar.in/infosec/vulnhub-basic-pentesting-1-writeup/ [ w/metasploit using ftp ] 3.  https://www.ceos3c.com/hacking/basic-pentesting-1-walkthrough/ [ by uploading php-reverse-shell in wordpress ] 4. http://k3ramas.blogspot.com/2018/02/basic-pentesting-1-walkthrough.html [  access wordpress config file to get pwd and access the DB ] 5.  https://cowsayroot.com/walkthrough-basic-pentesting-1/ [ Wpscan, ftp metasploit vulnerability, phpbash ] 6.   http://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/    [use msfvenom to create  to create php shell to be uploaded in Wordpress ] 7.   https://d7x.promiselabs.net/2018/01/30/ctf-basic-pentesting-a-guide-for-beginners/ [adding command using using PHP] Notes:  Ports - 21...ProFTPD 1.3.3c - 22 openSSH 7.2p2 ubuntu ...