Network Scanning 201

Bengal Black Diamond - Gray Hat Hacker's Community September 20, 2024

 

Network Scanning 201

Discover Credentials through network scanning !!

Find the Coordinate of the Web server

Step 01: Setup the tool Billcipher [ https://www.geeksforgeeks.org/billcipher-an-information-gathering-tool-in-kali-linux/ ]

Step 02: Try with Website or IP

Identify the website allows DNS zone transfer

Run the Command

#dig www.example.com axfr
Identify the number of live machine in 192.168.0.0/24 subnet

Run the Command

#nmap -sn -T4 192.168.0.0/24
Find the IP address of the machine which has 21 port is open. Target Network 192.168.0.0/24

Run the Command

#nmap -T4 192.168.0.0/24
Find the IP Address of the Domain Controller Machine in 192.168.0.0/24

Run the Command

#nmap -p 53 -T4 192.168.0.0/24
Perform a Host discovery scanning and identify the NetBIOS name of the host at 192.168.0.1

Run the Command

#nmap -T4 -A 192.168.0.1
Findout the FQDN of the Machine in the Network.

Run the Command

#nmap -T4 -A 192.168.0.1
What is the DNS Computer name of the Domain Controller

Run the Command

#nmap -T4 -A 192.168.0.1
Identify the Version of the OpenSSH running on the machine where target network 192.168.0.0/24

Run the Command

#nmap -sV -T4 -A 192.168.0.1
Determine the Machine OS that Hosted the Database.

Run the Command

#nmap -sV -T4 -A 192.168.0.1
Perform LDAP Enumeration on the Target Network and find out how many user accounts associated with the domain.

Run the Command

#ldapsearch -x -h 192.168.0.7 -b “DC=CEHORG,DC=com” “objectclass=user” enum
Perform an LDAP search on the Domain controller machine and find out the latest version of the LDAP Protocol.

Run the Command

#ldapsearch -x -h 192.168.0.7 -b “DC=CEHORG,DC=com” “objectclass=user” enum
What is the IP Address of the machine that has NFS service enabled where target network 192.168.0.7/24

Run the Command

#nmap -sV -T4 192.168.0.7/24
Perform a DNS enumeration on bytecapsuleit.com and find out the name servers used by the domain. [ that means name servers ]

Run the Command

#dnsenum bytecapsuleit.com
Find the IP address of the machine running SMTP service on the 192.168.0.0/24 network.

Run the Command

#nmap -sV -T4 192.168.0.0/24

Post a Comment

0 Comments

Emoji
(y)
:)
:(
hihi
:-)
:D
=D
:-d
;(
;-(
@-)
:P
:o
:>)
(o)
:p
(p)
:-s
(m)
8-)
:-t
:-b
b-(
:-#
=p~
x-)
(k)