Red Team Notes

less than 1 minute read

HTTP Port 80:

Find Hidden Files / Dir:

Dirb
```
  dirb http://www.target.com
```
Dirbuster - GUI
```
  dirbuster &
```

Gobuster

  gobuster -u http://192.168.0.20 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt 

HTTP Port 135, 137, 139, 445:

SMB Enumeration:

nmblookup

nmblookup is used to query NetBIOS names and map them to IP addresses in a network

nmblookup -A 192.168.1.103

nbtscan

Tries to scan NetBIOS name servers open on a local or remote TCP/IP network. It enumerates the whole subnet.

nbtscan 192.168.1.1/24

SMBMap

Enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands

smbmap -H 192.168.1.102
smbmap -H 192.168.1.102 -d metasploitable -u msfadmin -p msfadmin

Smbclient

smbclient is a client that can ‘talk’ to an SMB/CIFS server.

smbclient -L 192.168.1.102
smbclient //192.168.1.102/tmp

Rpcclient

Used to open an authenticated SMB session to a target machine.

rpcclient -U "" -N 192.168.1.102
enumdomusers

Nmap

nmap --script smb-vuln* -p 139,445 192.168.1.103

Enum4linux

A wrapper around the Samba tools smbclient, rpclient, net, and nmblookup.

enum4linux -a 192.168.1.102

Enumeration Mind Map

upload-image

Share on

Twitter Facebook LinkedIn

Sofblocks