SCANNING

  • Scanning for snmp: -
    • create a list of ip addresses: - for i in `seq 1 255`;do echo 192.168.1.$i;done >ips.txt
    • find vulnerable servers: - onesixtyone -i ips.txt public
  • Netbios info: - nmap -p139 --script nbstat.nse 192.168.1.* |grep user
  • Finding open egress ports: nmap open.zorinaq.com or telnet  open.zorinaq.com <port>