Skip to content

Post exploitation

uname -a && hostname && whoami && id && ifconfig

Network Scanning

nmap -sn 10.0.0.0/24
nmap -A -oA nmap $targetip
nmap -v -p- -sT $targetip

Web Scanning

nikto -host $targetip -port $targetport
./dirsearch.py -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u $targetip -e php

SMB

locate *.nse | grep smb
nmap -p 139,445 --script=$scriptname $targetip
nmap -p 139,445 --script=smb-vuln* $targetip

enum4linux -a $targetip
smbclient \\\\$ip\\$share

FTP

ftp $targetip
Username: anonymous
Password: anything
nc $targetip $port

Find Exploit

searchsploit -u
searchsploit $multiple $search $terms

msfconsole> search $searchterm