Monday, September 4, 2017

OSCP Recon

+ Use datasploit as a Recon framework

https://github.com/DataSploit/datasploit

+ Run web scanners

dirb http{s}://<ip_address>:<port> /usr/share/wordlist/dirb/{common/small/vulns}.txt
 
gobuster -u http://10.11.1.71/ -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e
gobuster -u http://10.11.1.71/ -w /usr/share/seclists/Discovery/Web_Content/cgis.txt -s '200,204,301,302,307,403,500' -e
gobuster -u http://10.11.1.71/ -w /usr/share/seclists/Discovery/Web_Content/cgis.txt -s '200,204,403,500' -e
 
nikto -port {web ports} -host <ip_address> -o <output file.txt>

Use /usr/share/seclists/Discovery for some good word lists

+ Check for SMB vulnerabilities
We don't want to run smb-brute or smb-flood because they might lock out accounts or cause a DoS to the services

nmap -p139,445 -T4 -oN smb_vulns.txt -Pn --script not brute and not dos and smb-* -vv -d 10.11.1.1-254

Crack code2

Monday, September 4, 2017

OSCP Recon

0 comments:

Post a Comment

Search This Blog

Blog Archive

Report Abuse

About Me

Monday, September 4, 2017

OSCP Recon

Socialize Us

0 comments:

Post a Comment

Search This Blog

Blog Archive

Report Abuse

About Me