Enumeration (정보 수집 및 열거)
All you need to know about basic host-based enumeration for OSCP
Last updated
All you need to know about basic host-based enumeration for OSCP
Last updated
-sV (Version detection)
-sT (TCP connect scan)
-sC (Performs a script scan using the default set of scripts)
-T5 (Insane mode)
-v (Increase verbosity level)
-A (OS Detection)
For example, the below command will find smb scripts.
For example, below command will find any smb scripts running on port 139 & 445.
All smb scripts:
SMB share paths enumeration:
Using Metasploit portscan
You can also use the common web_content list.
For cgi-bin,
Or for faster scan
You can create a username list with awk.
You can download file by smbmap directly from the victim host
smbclient to list out share paths with sambaNTPasswrod
Useful SMB commands
get $file to extract file to your host.
put $file to inject file to the victim.
Then use the below commands for more information
srvinfo
enumdomusers
getdompwinfo
querydominfo
netshareenum
netshareenumall
or using nmap
ERROR 1130 (HY000): Host '192.168.0.101' is not allowed to connect to this MySQL server means only localhost can log in as root.
You can check the web server configuration php file if it contains any credentials.
RDP to Windows
Ruby winrm package from
Bruteforce RDP
Information Gathering using nc
The target OS is "Ubuntu", using "OpenSSH v6.6" (and package is 2ubuntu2)
Login with SSH key
ssh-gen
Bruteforce SSH Credential with hydra
To check if snmp port is opened
Bruteforce the username list with nmap script.
Command Injection using nmap
To update to latest Exploit-DB
To find a exploit
To copy the file to your current directory.
To find item wihtout DOS attack
Simple test if the target is vulnerable to LFI
Simple test if you can run a local script against the target
ffuf Github link:
FTP Commands List:
MYSQL Commands List :