NMAP : NETWORK MAPPER
- nmap -sV -A -O <IP> (this is used for scan simply the open ports, services,OS)
- nmap <IP> -vvv (no of open ports)
- nmap -sV --script vuln <IP> (nmap will scan for vulnerabilities in the open port services.)
- nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse <IP> (nmap will scan for the smb shared services)
Directory search
- dirb <IP>
- gobuster dir -u <IP> -w wordlist.txt -x php,txt,html
- gobuster dir -u http://<ip>:3333 -w <word list location>
- wfuzz -c -z file,/usr/share/wordlists/dirb/big.txt IP:PORT/FUZZ/note.txt
Samba
Samba is the standard Windows interoperability suite of programs for Linux and Unix. It allows end users to access and use files, printers and other commonly shared resources on a companies intranet or internet. Its often referred to as a network file system.
Samba is based on the common client/server protocol of Server Message Block (SMB). SMB is developed only for Windows, without Samba, other computer platforms would be isolated from Windows machines, even if they were part of the same network.
Using nmap we can enumerate a machine for SMB shares.
Nmap has the ability to run to automate a wide variety of networking tasks. There is a script to enumerate shares!
nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse <IP>
smbclient -L \\\\IP\\
SMB has two ports, 445 and 139.
smbclient //<ip>/SHARE_NAME
You can recursively download the SMB share too. Submit the username and password as nothing.
smbget -R smb://<ip>/SHARE_NAME
Pro Ftp
ProFtpd is a free and open-source FTP server, compatible with Unix and Windows systems. Its also been vulnerable in the past software versions.
Lets get the version of ProFtpd. Use netcat to connect to the machine on the FTP port
nc machines_ip 21