1. Introduction
What should I do to discover as much as I can about a host connected the network.2. Tips
2.1. Scanning host with nmap
# nmap Options:
# -sT: TCP connect Scan
# -sU: UDP scan
# -sR: RPC scan
# -O: Enable SO detection
# -sV: SO version detection
# -p: port range
# -v: Verbose mode
# -P0: No ping
# -A: Agressive scan option
#
$ nmap -sS -O 10.10.10.176 -p 139
$ nmap -sTUR -O -v -p 1-65535 -P0 10.10.10.176
$ nmap -sA 10.10.10.176
$ nmap -sS -O 10.10.10.176 -p 139
# -sT: TCP connect Scan
# -sU: UDP scan
# -sR: RPC scan
# -O: Enable SO detection
# -sV: SO version detection
# -p: port range
# -v: Verbose mode
# -P0: No ping
# -A: Agressive scan option
#
$ nmap -sS -O 10.10.10.176 -p 139
$ nmap -sTUR -O -v -p 1-65535 -P0 10.10.10.176
$ nmap -sA 10.10.10.176
$ nmap -sS -O 10.10.10.176 -p 139
2.2. Finding out something MORE with NetBIOS Lookup over TCP/IP and SmbClient
$ nmblookup -A 10.10.10.176
Looking up status of 10.10.10.176
LP0054 <00> - M <ACTIVE>
WORKGROUP <00> - <GROUP> M <ACTIVE>
LP0054 <20> - M <ACTIVE>
WORKGROUP <1e> - <GROUP> M <ACTIVE>
MAC Address = 00-1A-73-21-74-64
$ #
$ #
$ smbclient -L\\LP0054 -I 10.10.10.176
Password:
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows Vista (TM) Business 6001 Service Pack 1] Server=[Windows Vista (TM) Business 6.0]
Sharename Type Comment
--------- ---- -------
cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine LP0054. Error was NT_STATUS_ACCESS_DENIED
Error returning browse list: NT_STATUS_ACCESS_DENIED
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows Vista (TM) Business 6001 Service Pack 1] Server=[Windows Vista (TM) Business 6.0]
Server Comment
--------- -------
Workgroup Master
--------- -------
2.3. Anoying host - please use only if you're sysadm
- On Linux
- On Windows
C:\> shutdown /?
C:\> shutdown –m \\computername –r –f –c “The computer will restart, please save all work.” –t 15
2.2. Lookup Vendor by MAC ADDRESS
$ arping 10.10.10.176
3. References
- http://www.vivaolinux.com.br/dica/Nmap-Combinacoes-para-um-bom-scan/
- http://www.coffer.com/mac_find/
- http://www.macvendorlookup.com/
- https://db.uga.edu/network/public/vendorcode.cgi
- http://www.madirish.net/node/77
- http://maximumpcguides.com/windows-vista/use-the-remote-shutdown-tool-to-shutdown-restart-or-logoff-a-local-or-networked-computer/
- http://www.online-tech-tips.com/computer-tips/remote-shutdown-command/
Nenhum comentário:
Postar um comentário