dreadnaught 0xdreadnaught
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Command | Question | |
|---|---|---|
| enum4linux <target-ip> | Any share, user, domain info? | |
| enum4linux -a <target-ip> | Any share, user, domain info?, Password policy? | |
| smbmap -H <target-ip> | Any share info?, What are the permissions? | |
| smbmap -H <target-ip> -R | Able to list files?, Any files of interest? | |
| smbmap -H <target-ip> -d <domain> -u <username> -p <passwqord> | Any new rights? | |
| smbmap -H <target-ip> -R -d <domain> -u <username> -p <password> | Any new files? | |
| smbclient -L //<target-ip> | Any share, user, domain info? | |
| nmap --script smb-enum-shares -p 139,445 <target-ip> | Any share info? | |
| nmap --script *smb*vuln* <target-ip> | Any positive vuln results? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Command | Question | |
|---|---|---|
| rpcclient -U "" <target-ip> | What commands can I run? | |
| rpcclient -U "" -command=srvinfo <target-ip> | Server versions: https://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions | |
| rpcclient -U "" -command=enumdomusers -N <target-ip> | What can I do with these accounts? | |
| rpcclient -U "" -command=enumprivs -N <target-ip> | Can I list privs? What can I do with them? | |
| rpcclient -U "" -command=netshareenum -N <target-ip> | Any network shares available? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Command | Question | |
|---|---|---|
| showmount -e <target> | Do I have mount access to any shares? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Command | Question | |
|---|---|---|
| ldapsearch -h <target> -p <port> -x -s base | Server information disclosed? User information disclosed? | |
| ldapsearch -H ldap://<target>:<port> -x -b"<base-here>" | Server information disclosed? User information disclosed? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Command | Question | |
|---|---|---|
| ftp <target> <port> | Server information disclosed? Anonymous login possible? Am I able to acces directory listings? Can I Put/Get files?e What commands do I have access to? | |
| nc <target> <port> | Server information disclosed? What commands do I have access to? | |
| telnet <target> <port> | Server information disclosed? What commands do I have access to? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Command | Question | |
|---|---|---|
| nikto -h http://<target>:<port>/ | Any files or vulns? | |
| curl -v http://<target>/ | Any server information in the headers? | |
| dirbuster/gobuster/dirb | Any hidden webapps or files? | |
| nmap -sV -A -p<server port> <target> | Server version disclosed? | |
| Page Source | Able to identify webapp via info in page source? | |
| Burp | Any interesting data being passed? |