Service Scanning

Basic nmap Scan

• Description: Perform a basic nmap scan on a specified IP.

• Command:

  nmap 10.129.42.253

Nmap Default Script-Scan

• Description: Run an nmap scan that includes version detection (-sV), the default set of scripts (-sC), and scans all ports (-p-).

• Command:

  nmap -sV -sC -p- 10.129.42.253

List Available nmap Scripts

• Description: Locate available nmap scripts related to Citrix.

• Command:

  locate scripts/citrix

Run an nmap Script on an IP

• Execute the smb-os-discovery.nse nmap script on an IP, targeting port 445.

Command:

nmap --script smb-os-discovery.nse -p445 10.10.10.40

Banner Grabbing using Netcat (nc)

• Description: Use netcat to grab the banner from an open port (in this case, port 22).

• Command:

  netcat 10.10.10.10 22

List SMB Actions

• Description: Use smbclient to list SMB actions available on the target IP.

• Command:

  smbclient -N -L \\10.129.42.253

Connect to an SMB Share

• Description: Connect to a specific SMB share (named users) on the target IP.

• Command:

  smbclient \\10.129.42.253\users

Scan SNMP on an IP

• Description: Use snmpwalk to scan SNMP on the target IP for a specific OID (1.3.6.1.2.1.1.5.0), which typically returns the system name.

• Command:

  snmpwalk -v 2c -c public 10.129.42.253 1.3.6.1.2.1.1.5.0

Brute-force SNMP Secret String

• Description: Attempt to brute-force the SNMP community string using onesixtyone with a provided dictionary file (dict.txt).

• Command:

  onesixtyone -c dict.txt 10.129.42.254