Publicly accessible notes about my pentesting/red teaming experiments tested on several controlled environments/infrastructures that involve playing with various tools and techniques used by penetration testers and redteamers during a security assessment.
We welcome contributions as github pull requests.
Kudos and thanks for the people who did the hard stuff
- Pentest/red team cheatsheet that collects snippets of codes and commands to help pentester during an engagement(saving time/fast search for a specific command).
- Understand how the attacks can be performed
- take notes for future reference
Mapping the Network
Gather information about the Domain name and windows machine running in the network
bash$ cd /usr/share/Responder/tools
bash$ sudo python RunFinger.py -i 192.168.1.1/24
Scanning IP networks for NetBIOS name information.
bash$ sudo nbtscan -v -s : 192.168.1.0/24
Crackmapexec v 4.0
Scan the network range based on the SMB information
bash$ cme smb 192.168.1.1/24
Scan all the machine network and save the outputs .
- -oA options : Means output with all format
- -T4 : Fast scan
bash$ nmap -p 1-65535 -sV -sS -T4 -oA output target_IP
Intensive Scan (Note recommended):
bash$ nmap -p 1-65535 -Pn -A -oA output target_IP
Scan with enumeration of the running services version :
- -sC : default scripts Equivalent to –script=default
- -sV : Get the service version
bash$ nmap -sC -sV -oA output target