# Grab a given HTTP/HTTPS page from a target website
perl -e 'print "GET / HTTP/1.0\r\n\r\n"' | nc <SYSTEM IP> 80
perl -e 'print "GET / HTTP/1.0\r\n\r\n"' | openssl s_client -connect <SYSTEM IP>:443 -quiet
# Grab SNMP "system" data from target
snmpwalk -v 2c -c public <SYSTEM IP> .1.3.6.1.2.1.1
# List all rpc services offered by target
rpcinfo -p <SYSTEM IP>
# NetBIOS name table for one target
nmblookup -A <SYSTEM IP>
# NetBIOS name table for an entire range of targets
nbtscan <NETWORK>/<CIDR>
# Display Shares and other information for target
smbclient -N -L <SYSTEM IP>
smbclient -A creds.txt -L <SYSTEM IP>
creds.txt:
username = <USER NAME>
password = <USER PASSWORD>
domain = <DOMAIN>
# Show NFS mount information
showmount -e <SYSTEM IP>
showmount -a <SYSTEM IP>
# Play with open X11 sessions
xlsclients -display <SYSTEM IP>:0.0 -l
xwininfo -display <SYSTEM IP>:0.0 -root
xwininfo -display <SYSTEM IP>:0.0 -id <WINDOW ID>
xwd -display <SYSTEM IP>:0.0 -root -silent - | convert - <SYSTEM IP>.png
xwd -display <SYSTEM IP>:0.0 -id <WINDOW ID> -silent - | convert - <SYSTEM IP>.png
Comments are closed.
Comments