This tool can retrieve host addresses, name servers, MX records, sub domains, whois performances and reverse lookups for netblocks. It performs a quick enumeration.
Command Use:
The flags allow for a powerful scan including sub domains.
This tool will use google to search a domain for given file types and extract the metadata to a viewable HTML file. It is part of the footprinting stages of penetration testing.
Command Use:
This is a tool used to extract hostnames, subdomains, IP and email addresses from a given domain through information from google. It is part of the footprinting stages of penetration testing.
Command Use:
This tool is used to gather e-mail accounts, usernames, hostnames, subdomains from public sources such as google, bing and Linkedin. In penetration testing, this is part of performing enumeration or footprinting a network
Supported sources are:
Command Use:
nmap is a great tool to use to perform a network ping sweep, however there is an effective way to perform a ping sweep with out any additional installation. A FOR loop can be used to perform consecutive pings.
Ping Sweep FOR Loop: FOR /L %i in (<Host Number Start (0-255)>,1,<Ending Host Number (0-255)>) do @ping -n 1 <Network Prefix>.%i | find “Reply”
The FOR loop is basically saying start at a network prefix with stated starting host number value and send a ping. Once a reply as been received the first loop is finished and it continues to the next loop. After each loop, the host number increases and a ping is sent to that address on the network. For example, say the network prefix is 192.168.0 and we want to ping host numbers (3-43). We would enter 3 as our beginning host number and 43 as are finishing host number. The one in between the two parameters states to increase each address by one for each running of the for loop. This allows us to ping each host on the the specified network range, thus performing a ping sweep.
Windows Example:
The following command ping sweeps addresses in range 192.168.100.0 – 192.168.100.255
FOR /L %i in (1,1,255) do @ping -n 1 192.168.100.%i | find "Reply"
The same function can be done in the Linux Terminal.
Linux Ping Sweep:
Linux is slightly different but follows almost the same pattern.
for i in {0..255}; do ping -c 1 -t 1 <IP PREFIX>.$i | grep 'from'; done
Mount a Linux Drive in Linux Machine:
Mount a Windows Drive in a Windows Machine:
In a Linux machine, for a Windows Drive, it is required to state that the drive uses a Samba File System. This will notify Linux of how to read the drive.
List Users: cat /etc/passwd | grep “/home” |cut -d: -f1 && cat /etc/passwd | grep “/root” |cut -d: -f1
The Command ‘cat /etc/passwd | grep “/home” |cut -d: -f1’ on its own will list all the users found in the home directory. However root is not found in that directory so I added the additional statement to grep users in the /root directory, which will be root.
Add User: adduser <username> OR useradd <username>
Remove User: userdel <username>
Create User gGoup: groupadd <group name>
Add User to a Group: usermod -a -G <group name> <username>
Remove user:
to
Delete Group: groupdel <group name>
Command: net use <drive letter>: /persistent:yes \\<computer address or name>\<share name> /u:<username> <password>
Command to display drive’s directory root contents: dir <drive letter>:/
Command to display: reg query <registry keyname> /v <value name>
Command to change value: reg add <registry keyname> /v <value name> /t <type: DWORD, etc.> /d <data> /f
Registry keyname – complete registry key name
/v – adds or changes a value
/t – The type of value: REG_BINARY, REG_DWORD…
/s – specifies the character used to separate strings
/d – data assigned to a value
/f – forces overwriting of existing values with prompting
***Registry values manage computer settings and operations. If a registry is incorrectly changed or deleted, the computer might not startup or run.
Display Firewall Settings: netsh advfirewall firewall show rule name=all
Disable the Firewall: netsh advfirewall set allprofiles state off
Re-enable the Firewall: netsh advfirewall set allprofiles state on