Home Pentesting - Essentials
Post
Cancel

Pentesting - Essentials

Information about the Network

There are commands that are used to display the network configuration information of a computer. This commands provide details such as the IP address, subnet mask, default gateway, and other network-related settings for each active network adapter on the system.

Command for Windows systems:

1
ipconfig

Command for Linux systems:

1
ifconfig

Other option (with iproute2):

1
ip address

Discovering Hosts in the Network

Netdiscover is a command that is used to discover the internal IP address and MAC address of live hosts in the network.

Syntax:

1
netdiscover -r <range>

Example:

1
netdiscover -r 192.168.1.0/24

Other option, with fping:

1
fping -asgq <range>

Port Scan, Service Enumeration and Vulnerability Detection

nmap is a tool to scan ports, services and vulnerabilities on a specific IP or range of network.

Syntax:

1
nmap <scanType> <options> <IP> --script <scriptNames>

Example:

1
nmap -sS -sV -p- 192.168.1.34 --script auth,vuln,default

Other example:

1
nmap -sS -sV -sC -p- 192.168.1.34

In Nmap, the parameter “-sC” is used to enable the default NSE (Nmap Scripting Engine) scripts. NSE scripts are a powerful feature of Nmap that allows users to perform various tasks beyond simple port scanning. These scripts can be used for vulnerability detection, service enumeration, and more.

Basic commands

Command used to obtain the current user’s name interacting with the operating system.

Linux and Windows:

1
whoami

Command is used to display the current user’s identity and group membership on a Unix-like operating system.

Linux:

1
id

Windows:

1
whoami

Command used to displays the list of commands that the current user is allowed to run with superuser privileges (root) as configured in the sudoers file and the privileges that the current user has:

Linux:

1
sudo -l

Windows:

1
whoami /priv

Command used to list the files and directories in the current directory

Linux:

1
ls -lisa

Windows:

1
dir

Command used to display the contents of a text file

Linux

1
cat <name-file.txt>

Windows

1
type <name-file.txt>

Command to find a text, for example, to find a flag

Command examples:

1
find . -name "*flag.txt"
1
grep -r "HTB"

Command to list of previously executed commands

Linux:

1
history

Windows:

1
PS > Get-History

The banner of a service is a brief description or information provided by the service when a client connects to it. This information is displayed in the initial header of the communication protocol and can reveal important details about the running service.

It can be useful to know versions of services or check which service is being executed on that port.

It can be known with an NMAP Script:

1
nmap -sV --script=banner <IP>

Syntax with Netcat:

1
nc -nv <IP> <port>

Syntax with Telnet:

1
telnet <IP> <port>

Interesting Websites

OSCP-notes

Hacktricks

GTFObins

PayloadsAllTheThings

AidenPearce-OSCP-notes

OSCP-playbook

ippsec-rocks

Learning-notes

https://wadcoms.github.io/

This post is licensed under CC BY 4.0 by the author.