# Ping Sweep (identify hosts on the network) nmap -sP <host_ip_range> sl -n <host_ip_range> # Enumerate a Windows Domain net view /domain net view /domain:<domain_name> # Enumerate a Domain Controller nltest /dsgetdc:<domain_name> /pdc nltest /bdc_query:<domain_name> # Zone Transfer (retrieve information about a DNS domain from a DNS server) nslookup > server <ip_address> > set type=any > ls -d <target.com> # Enumerate NetBIOS name table nbtstat -a <host_name> nbtstat -A <host_ip_address> # Create a NULL Session net use \\<target>\IPC$ "" /u:"" # Connecting to a Share net use * \\<target>\<share_name> <password> /u:<domain>\<username> # Disconnect all Shares and Null Sessions net use * /d /y # Enumerate local Administrators local administrators \\<target> # Enumerate group members global "domain admins" \\<target> # Enumerate NIC information getmac \\<target> # Enumerate internal IP information epdump <target> # Enumerate Trust Relationships nltest /server:<target> /trusted_domains # Enumerate User and Group details run DumpSec (select Report->Select Computer and then Report->Dump Users, select option) # Enumerate Account Lock Out information and other details enum -Pc <target>
Browsing Posts in general
So, I have been planning on starting a blog for sometime now. Actually, I have attempted blogs in the past but I have never been able to keep them up. I attribute the fall of all of my previous blogs to disinterest on my part, believing I have nothing useful to say, and not wanting to share what I do know. Yes I am a bit paranoid.
I plan on posting:
- security news that I find of interest
- new tool/script written by me
- security tool, script, or application reviews
- interesting 1-liners (or short/simple scripts) that I find
Hope you all enjoy.
