stefan
/
husk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
husk/build/enumeration/docs/nmap.html

337 lines
40 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en">
<center>
<head>
<script src="https://cdn.jsdelivr.net/npm/fuse.js/dist/fuse.js"></script>
<script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script type="text/javascript" src="/static/js/auto-complete.js"></script>
<script type="text/javascript" src="/static/js/lunr.min.js"></script>
<script type="text/javascript" src="/static/js/search.js"></script>
<link rel="stylesheet" href="/static/stylesheet.css">
<link rel="stylesheet" href="/static/auto-complete.css">
<br>
<title>The Real Hugo</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<!-- topmenu -->
<div class="menu">
<a href="/" style="text-decoration:none">Husk</a>
</div>
<div class="search-container">
<label for="search-by"><i class="fas fa-search"></i></label>
<input data-search-input="" id="search-by" type="search" placeholder="Search..." autocomplete="off">
<!--button type="submit"><i class="search"></i>&#128269;</button>-->
<span data-search-clear=""><i class="fas fa-times"></i></span>
</div>
</div>
<div class="menu">
</div>
<!--br><br-->
</center>
<p></p>
<div class="columns">
<!-- Sidebar -->
<div class="column column-1">
<ul><details id=enumeration ontoggle="linkClick(this); return false;" ><summary>Enumeration</summary><ul><details id=containers ontoggle="linkClick(this); return false;" ><summary>Containers</summary><ul></ul></details><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/enumeration/docs/aws.html">aws</a></li><li><a href="/enumeration/docs/cewl.html">cewl</a></li><li><a href="/enumeration/docs/dns.html">dns</a></li><li><a href="/enumeration/docs/docker_enumeration.html">docker_enumeration</a></li><li><a href="/enumeration/docs/ffuf.html">ffuf</a></li><li><a href="/enumeration/docs/gobuster.html">gobuster</a></li><li><a href="/enumeration/docs/kerberoast.html">kerberoast</a></li><li><a href="/enumeration/docs/kubectl.html">kubectl</a></li><li><a href="/enumeration/docs/ldap.html">ldap</a></li><li><a href="/enumeration/docs/linux_basics.html">linux_basics</a></li><li><a href="/enumeration/docs/microk8s.html">microk8s</a></li><li><a href="/enumeration/docs/nfs.html">nfs</a></li><li><a href="/enumeration/docs/nikto.html">nikto</a></li><li><a href="/enumeration/docs/nmap.html">nmap</a></li><li><a href="/enumeration/docs/port_knocking.html">port_knocking</a></li><li><a href="/enumeration/docs/rpcclient.html">rpcclient</a></li><li><a href="/enumeration/docs/rsync.html">rsync</a></li><li><a href="/enumeration/docs/rustscan.html">rustscan</a></li><li><a href="/enumeration/docs/shodan.html">shodan</a></li><details id=snmp ontoggle="linkClick(this); return false;" ><summary>Snmp</summary><ul><li><a href="/enumeration/docs/snmp/onesixtyone.html">onesixtyone</a></li><li><a href="/enumeration/docs/snmp/snmpcheck.html">snmpcheck</a></li></ul></details><li><a href="/enumeration/docs/websites.html">websites</a></li><li><a href="/enumeration/docs/wfuzz.html">wfuzz</a></li><li><a href="/enumeration/docs/wpscan.html">wpscan</a></li></ul></details><details id=network_scanners ontoggle="linkClick(this); return false;" ><summary>Network_scanners</summary><ul></ul></details><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><li><a href="/enumeration/windows/bloodhound.html">bloodhound</a></li><li><a href="/enumeration/windows/event_log.html">event_log</a></li><li><a href="/enumeration/windows/manual_enum.html">manual_enum</a></li><li><a href="/enumeration/windows/powershell.html">powershell</a></li><li><a href="/enumeration/windows/rpcclient.html">rpcclient</a></li><li><a href="/enumeration/windows/sysinternals.html">sysinternals</a></li><li><a href="/enumeration/windows/sysmon.html">sysmon</a></li><li><a href="/enumeration/windows/vss.html">vss</a></li></ul></details></ul></details><details id=exploit ontoggle="linkClick(this); return false;" ><summary>Exploit</summary><ul><details id=CPUs ontoggle="linkClick(this); return false;" ><summary>CPUs</summary><ul><li><a href="/exploit/CPUs/meltdown.html">meltdown</a></li></ul></details><details id=binaries ontoggle="linkClick(this); return false;" ><summary>Binaries</summary><ul><li><a href="/exploit/binaries/Shellcode.html">Shellcode</a></li><li><a href="/exploit/binaries/aslr.html">aslr</a></li><details id=buffer_overflow ontoggle="linkClick(this); return false;" ><summary>Buffer_overflow</summary><ul><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/exploit/binaries/buffer_overflow/docs/amd64.html">amd64</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/amd64_instructions.html">amd64_instructions</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/buffer_overflow.html">buffer_overflow</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/cut_stack_in_half.html">cut_stack_in_half</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/pwntools_specifics.html">pwntools_specifics</a></li><li><a href="/exploit/binaries/buffer_overflow/docs/ret_address_reuse.html">ret_address_reuse</a></li></ul></details><li><a href="/exploit/binaries/buffer_overflow/ropping.html">ropping</a></li></ul></details><details id=canary_bypass ontoggle="linkClick(this); return false;" ><summary>Canary_bypass</summary><ul><li><a href="/exploit/binaries/canary_bypass/canary_bypass.html">canary_bypass</a></li></ul></details><details id=format_string ontoggle="linkClick(this); return false;" ><summary>Format_string</summary><ul><li><a href="/exploit/binaries/format_string/format_string.html">format_string</a></li></ul></details><details id=integral_promotion ontoggle="linkClick(this); return false;" ><summary>Integral_promotion</summary><ul><li><a href="/exploit/binaries/integral_promotion/integral_promotion.html">integral_promotion</a></li></ul></details><li><a href="/exploit/binaries/plt_got.html">plt_got</a></li><li><a href="/exploit/binaries/r2.html">r2</a></li><li><a href="/exploit/binaries/ret2libc.html">ret2libc</a></li></ul></details><details id=dns ontoggle="linkClick(this); return false;" ><summary>Dns</summary><ul><li><a href="/exploit/dns/zone_transfer.html">zone_transfer</a></li></ul></details><details id=hashes ontoggle="linkClick(this); return false;" ><summary>Hashes</summary><ul><li><a href="/exploit/hashes/collision.html">collision</a></li></ul></details><details id=imagemagick ontoggle="linkClick(this); return false;" ><summary>Imagemagick</summary><ul><li><a href="/exploit/imagemagick/imagetragick.html">imagetragick</a></li></ul></details><details id=java ontoggle="linkClick(this); return false;" ><summary>Java</summary><ul><details id=OGNL ontoggle="linkClick(this); return false;" ><summary>OGNL</summary><ul><li><a href="/exploit/java/OGNL/cve_2022_26134.html">cve_2022_26134</a></li></ul></details><li><a href="/exploit/java/ghidra_debug.html">ghidra_debug</a></li><li><a href="/exploit/java/ghostcat.html">ghostcat</a></li><li><a href="/exploit/java/log4shell.html">log4shell</a></li><li><a href="/exploit/java/spring4shell.html">spring4shell</a></li></ul></details><details id=level3_hypervisor ontoggle="linkClick(this); return false;" ><summary>Level3_hypervisor</summary><ul><details id=docker_sec ontoggle="linkClick(this); return false;" ><summary>Docker_sec</summary><ul><li><a href="/exploit/level3_hypervisor/docker_sec/docker.html">docker</a></li></ul></details><li><a href="/exploit/level3_hypervisor/kubernetes.html">kubernetes</a></li><li><a href="/exploit/level3_hypervisor/lxc.html">lxc</a></li><li><a href="/exploit/level3_hypervisor/microk8s.html">microk8s</a></li></ul></details><details id=linux ontoggle="linkClick(this); return false;" ><summary>Linux</summary><ul><li><a href="/exploit/linux/capabilities.html">capabilities</a></li><details id=dirty_pipe ontoggle="linkClick(this); return false;" ><summary>Dirty_pipe</summary><ul><li><a href="/exploit/linux/dirty_pipe/dirty_pipe.html">dirty_pipe</a></li></ul></details><li><a href="/exploit/linux/exiftool.html">exiftool</a></li><li><a href="/exploit/linux/groups.html">groups</a></li><li><a href="/exploit/linux/ld_preload.html">ld_preload</a></li><li><a href="/exploit/linux/nfs_rootsquash.html">nfs_rootsquash</a></li><li><a href="/exploit/linux/overlayfs.html">overlayfs</a></li><details id=pkexec ontoggle="linkClick(this); return false;" ><summary>Pkexec</summary><ul><li><a href="/exploit/linux/pkexec/CVE_2021_4034.html">CVE_2021_4034</a></li></ul></details><li><a href="/exploit/linux/polkit.html">polkit</a></li><li><a href="/exploit/linux/racing_conditions.html">racing_conditions</a></li><li><a href="/exploit/linux/setcap.html">setcap</a></li><li><a href="/exploit/linux/shared_object_injection.html">shared_object_injection</a></li><li><a href="/exploit/linux/shell_shock.html">shell_shock</a></li><details id=sudo ontoggle="linkClick(this); return false;" ><summary>Sudo</summary><ul><li><a href="/exploit/linux/sudo/CVE_2019_14287.html">CVE_2019_14287</a></li><li><a href="/exploit/linux/sudo/CVE_2019_18634.html">CVE_2019_18634</a></li><li><a href="/exploit/linux/sudo/baron_samedit.html">baron_samedit</a></li><li><a href="/exploit/linux/sudo/tokens.html">tokens</a></li></ul></details><li><a href="/exploit/linux/wildard_exploitation.html">wildard_exploitation</a></li></ul></details><details id=macOS ontoggle="linkClick(this); return false;" ><summary>MacOS</summary><ul></ul></details><details id=network ontoggle="linkClick(this); return false;" ><summary>Network</summary><ul><li><a href="/exploit/network/mac_spoofing.html">mac_spoofing</a></li></ul></details><details id=padding ontoggle="linkClick(this); return false;" ><summary>Padding</summary><ul><li><a href="/exploit/padding/padbuster.html">padbuster</a></li></ul></details><details id=python ontoggle="linkClick(this); return false;" ><summary>Python</summary><ul><li><a href="/exploit/python/code_injection.html">code_injection</a></li><li><a href="/exploit/python/jail_escape.html">jail_escape</a></li><li><a href="/exploit/python/lib_hijack.html">lib_hijack</a></li><li><a href="/exploit/python/pickle.html">pickle</a></li><li><a href="/exploit/python/pwntools.html">pwntools</a></li><li><a href="/exploit/python/pyc.html">pyc</a></li><li><a href="/exploit/python/scapy.html">scapy</a></li></ul></details><details id=samba ontoggle="linkClick(this); return false;" ><summary>Samba</summary><ul><li><a href="/exploit/samba/smbmap.html">smbmap</a></li></ul></details><details id=sqli ontoggle="linkClick(this); return false;" ><summary>Sqli</summary><ul><li><a href="/exploit/sqli/mssql.html">mssql</a></li><li><a href="/exploit/sqli/no_sqli.html">no_sqli</a></li><li><a href="/exploit/sqli/sqli.html">sqli</a></li><li><a href="/exploit/sqli/sqlmap.html">sqlmap</a></li></ul></details><details id=ssl_tls ontoggle="linkClick(this); return false;" ><summary>Ssl_tls</summary><ul><li><a href="/exploit/ssl_tls/heartbleed.html">heartbleed</a></li></ul></details><details id=web ontoggle="linkClick(this); return false;" ><summary>Web</summary><ul><details id=bypass_rate_limiting ontoggle="linkClick(this); return false;" ><summary>Bypass_rate_limiting</summary><ul><li><a href="/exploit/web/bypass_rate_limiting/bypass_rate_limiting.html">bypass_rate_limiting</a></li></ul></details><li><a href="/exploit/web/command_injection.html">command_injection</a></li><details id=content_security_policy ontoggle="linkClick(this); return false;" ><summary>Content_security_policy</summary><ul><li><a href="/exploit/web/content_security_policy/content_security_policy.html">content_security_policy</a></li></ul></details><li><a href="/exploit/web/cookie_tampering.html">cookie_tampering</a></li><li><a href="/exploit/web/csrf.html">csrf</a></li><details id=forced_browsing ontoggle="linkClick(this); return false;" ><summary>Forced_browsing</summary><ul><li><a href="/exploit/web/forced_browsing/forced_browsing.html">forced_browsing</a></li></ul></details><li><a href="/exploit/web/http_header_injection.html">http_header_injection</a></li><details id=idor ontoggle="linkClick(this); return false;" ><summary>Idor</summary><ul><li><a href="/exploit/web/idor/idor.html">idor</a></li></ul></details><details id=javascript ontoggle="linkClick(this); return false;" ><summary>Javascript</summary><ul><li><a href="/exploit/web/javascript/bypass_filters.html">bypass_filters</a></li><li><a href="/exploit/web/javascript/prototype_pollution.html">prototype_pollution</a></li></ul></details><details id=jwt ontoggle="linkClick(this); return false;" ><summary>Jwt</summary><ul><li><a href="/exploit/web/jwt/jwt.html">jwt</a></li></ul></details><li><a href="/exploit/web/local_file_inclusion.html">local_file_inclusion</a></li><li><a href="/exploit/web/methodology.html">methodology</a></li><details id=nodejs ontoggle="linkClick(this); return false;" ><summary>Nodejs</summary><ul><li><a href="/exploit/web/nodejs/deserialization.html">deserialization</a></li></ul></details><details id=php ontoggle="linkClick(this); return false;" ><summary>Php</summary><ul><li><a href="/exploit/web/php/command_injection.html">command_injection</a></li><li><a href="/exploit/web/php/password_reset.html">password_reset</a></li><li><a href="/exploit/web/php/php_base64_filter.html">php_base64_filter</a></li><li><a href="/exploit/web/php/php_image_exif.html">php_image_exif</a></li><li><a href="/exploit/web/php/php_user_agent_rce.html">php_user_agent_rce</a></li><li><a href="/exploit/web/php/preload_lib.html">preload_lib</a></li><li><a href="/exploit/web/php/unserialize.html">unserialize</a></li></ul></details><li><a href="/exploit/web/re_registration.html">re_registration</a></li><li><a href="/exploit/web/remote_file_inclusion.html">remote_file_inclusion</a></li><details id=ssrf ontoggle="linkClick(this); return false;" ><summary>Ssrf</summary><ul><li><a href="/exploit/web/ssrf/iframe.html">iframe</a></li><li><a href="/exploit/web/ssrf/ssrf.html">ssrf</a></li></ul></details><details id=ssti ontoggle="linkClick(this); return false;" ><summary>Ssti</summary><ul><li><a href="/exploit/web/ssti/ssti.html">ssti</a></li></ul></details><li><a href="/exploit/web/url_forgery.html">url_forgery</a></li><li><a href="/exploit/web/wordpress.html">wordpress</a></li><li><a href="/exploit/web/xpath.html">xpath</a></li><li><a href="/exploit/web/xss.html">xss</a></li><details id=xxe ontoggle="linkClick(this); return false;" ><summary>Xxe</summary><ul><li><a href="/exploit/web/xxe/wp_xxe_.html">wp_xxe_</a></li><li><a href="/exploit/web/xxe/xml_external_entity.html">xml_external_entity</a></li></ul></details></ul></details><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><details id=Portable Executables ontoggle="linkClick(this); return false;" ><summary>Portable Executables</summary><ul><li><a href="/exploit/windows/Portable Executables/Shellcode.html">Shellcode</a></li></ul></details><details id=dll_hijacking ontoggle="linkClick(this); return false;" ><summary>Dll_hijacking</summary><ul><li><a href="/exploit/windows/dll_hijacking/dll_hijacking.html">dll_hijacking</a></li></ul></details><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/exploit/windows/docs/always_installed_elevated.html">always_installed_elevated</a></li><li><a href="/exploit/windows/docs/crackmapexec.html">crackmapexec</a></li><li><a href="/exploit/windows/docs/dpapi.html">dpapi</a></li><li><a href="/exploit/windows/docs/impacket.html">impacket</a></li><li><a href="/exploit/windows/docs/llmnr.html">llmnr</a></li><li><a href="/exploit/windows/docs/lnk_exploit.html">lnk_exploit</a></li><li><a href="/exploit/windows/docs/pass_the_hash.html">pass_the_hash</a></li><li><a href="/exploit/windows/docs/password_in_registry.html">password_in_registry</a></li><li><a href="/exploit/windows/docs/potatoes.html">potatoes</a></li><li><a href="/exploit/windows/docs/printnightmare.html">printnightmare</a></li><li><a href="/exploit/windows/docs/responder.html">responder</a></li><li><a href="/exploit/windows/docs/unquoted_path.html">unquoted_path</a></li></ul></details><details id=macros ontoggle="linkClick(this); return false;" ><summary>Macros</summary><ul><li><a href="/exploit/windows/macros/macros.html">macros</a></li></ul></details><details id=payloads ontoggle="linkClick(this); return false;" ><summary>Payloads</summary><ul><li><a href="/exploit/windows/payloads/windows_scripting_host.html">windows_scripting_host</a></li></ul></details><details id=print_nightmare ontoggle="linkClick(this); return false;" ><summary>Print_nightmare</summary><ul><details id=CVE-2021-1675 ontoggle="linkClick(this); return false;" ><summary>CVE-2021-1675</summary><ul><details id=nightmare-dll ontoggle="linkClick(this); return false;" ><summary>Nightmare-dll</summary><ul></ul></details></ul></details><li><a href="/exploit/windows/print_nightmare/print_nightmare.html">print_nightmare</a></li></ul></details><details id=process_injection ontoggle="linkClick(this); return false;" ><summary>Process_injection</summary><ul><li><a href="/exploit/windows/process_injection/dll_injection.html">dll_injection</a></li><li><a href="/exploit/windows/process_injection/process_hollowing.html">process_hollowing</a></li><li><a href="/exploit/windows/process_injection/shellcode_injection.html">shellcode_injection</a></li><li><a href="/exploit/windows/process_injection/thread_hijacking.html">thread_hijacking</a></li></ul></details><details id=service_escalation ontoggle="linkClick(this); return false;" ><summary>Service_escalation</summary><ul><li><a href="/exploit/windows/service_escalation/service_escalation.html">service_escalation</a></li></ul></details><details id=zero_logon ontoggle="linkClick(this); return false;" ><summary>Zero_logon</summary><ul><li><a href="/exploit/windows/zero_logon/zero_logon.html">zero_logon</a></li></ul></details></ul></details><details id=yaml ontoggle="linkClick(this); return false;" ><summary>Yaml</summary><ul><li><a href="/exploit/yaml/deserialization.html">deserialization</a></li></ul></details></ul></details><details id=forensics ontoggle="linkClick(this); return false;" ><summary>Forensics</summary><ul><li><a href="/forensics/ios.html">ios</a></li><li><a href="/forensics/kape.html">kape</a></li><li><a href="/forensics/ntfs.html">ntfs</a></li><li><a href="/forensics/oletools.html">oletools</a></li><li><a href="/forensics/volatility.html">volatility</a></li><li><a href="/forensics/windows_registry.html">windows_registry</a></li></ul></details><details id=hashes ontoggle="linkClick(this); return false;" ><summary>Hashes</summary><ul><details id=bruteforce ontoggle="linkClick(this); return false;" ><summary>Bruteforce</summary><ul><li><a href="/hashes/bruteforce/patator.html">patator</a></li></ul></details><li><a href="/hashes/generate_wordlists.html">generate_wordlists</a></li><li><a href="/hashes/haiti.html">haiti</a></li><li><a href="/hashes/hashcat_utils.html">hashcat_utils</a></li><details id=password_cracking ontoggle="linkClick(this); return false;" ><summary>Password_cracking</summary><ul><li><a href="/hashes/password_cracking/hydra.html">hydra</a></li><li><a href="/hashes/password_cracking/john.html">john</a></li><li><a href="/hashes/password_cracking/smb_challenge.html">smb_challenge</a></li><li><a href="/hashes/password_cracking/sucrack.html">sucrack</a></li><li><a href="/hashes/password_cracking/vnc.html">vnc</a></li></ul></details><details id=password_guessing ontoggle="linkClick(this); return false;" ><summary>Password_guessing</summary><ul><li><a href="/hashes/password_guessing/standard_passwords.html">standard_passwords</a></li></ul></details></ul></details><details id=persistence ontoggle="linkClick(this); return false;" ><summary>Persistence</summary><ul><li><a href="/persistence/bashrc.html">bashrc</a></li><li><a href="/persistence/crontab.html">crontab</a></li><li><a href="/persistence/meterpreter.html">meterpreter</a></li><li><a href="/persistence/persistence.html">persistence</a></li><li><a href="/persistence/wmi.html">wmi</a></li></ul></details><details id=post exploitation ontoggle="linkClick(this); return false;" ><summary>Post exploitation</summary><ul><details id=Seatbelt ontoggle="linkClick(this); return false;" ><summary>Seatbelt</summary><ul><details id=.github ontoggle="linkClick(this); return false;" ><summary>.github</summary><ul><details id=ISSUE_TEMPLATE ontoggle="linkClick(this); return false;" ><summary>ISSUE_TEMPLATE</summary><ul><li><a href="/post exploitation/Seatbelt/.github/ISSUE_TEMPLATE/bug_report.html">bug_report</a></li><li><a href="/post exploitation/Seatbelt/.github/ISSUE_TEMPLATE/feature_request.html">feature_request</a></li></ul></details></ul></details><li><a href="/post exploitation/Seatbelt/CHANGELOG.html">CHANGELOG</a></li><details id=Seatbelt ontoggle="linkClick(this); return false;" ><summary>Seatbelt</summary><ul><details id=Commands ontoggle="linkClick(this); return false;" ><summary>Commands</summary><ul><details id=Windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><details id=EventLogs ontoggle="linkClick(this); return false;" ><summary>EventLogs</summary><ul></ul></details></ul></details></ul></details><details id=Output ontoggle="linkClick(this); return false;" ><summary>Output</summary><ul></ul></details></ul></details></ul></details><details id=bc_security ontoggle="linkClick(this); return false;" ><summary>Bc_security</summary><ul></ul></details><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/post exploitation/docs/c2.html">c2</a></li><li><a href="/post exploitation/docs/crackmapexec.html">crackmapexec</a></li><li><a href="/post exploitation/docs/empire.html">empire</a></li><li><a href="/post exploitation/docs/ids_ips_evation.html">ids_ips_evation</a></li><li><a href="/post exploitation/docs/linux.html">linux</a></li><li><a href="/post exploitation/docs/metasploit.html">metasploit</a></li><li><a href="/post exploitation/docs/mimikatz.html">mimikatz</a></li><li><a href="/post exploitation/docs/mitm.html">mitm</a></li><li><a href="/post exploitation/docs/nfs_root_squash.html">nfs_root_squash</a></li><li><a href="/post exploitation/docs/powershell.html">powershell</a></li><li><a href="/post exploitation/docs/secretsdump.html">secretsdump</a></li><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><li><a href="/post exploitation/docs/windows/Signature-Evasion.html">Signature-Evasion</a></li><li><a href="/post exploitation/docs/windows/antivirus_evasion.html">antivirus_evasion</a></li><li><a href="/post exploitation/docs/windows/applocker.html">applocker</a></li><li><a href="/post exploitation/docs/windows/evade_event_tracing.html">evade_event_tracing</a></li><li><a href="/post exploitation/docs/windows/living_off_the_land.html">living_off_the_land</a></li><li><a href="/post exploitation/docs/windows/pass_the_hash.html">pass_the_hash</a></li><li><a href="/post exploitation/docs/windows/powershell_logs.html">powershell_logs</a></li><li><a href="/post exploitation/docs/windows/registry.html">registry</a></li><li><a href="/post exploitation/docs/windows/sebackupprivilege.html">sebackupprivilege</a></li><li><a href="/post exploitation/docs/windows/user_account_control.html">user_account_control</a></li></ul></details></ul></details><li><a href="/post exploitation/pivoting.html">pivoting</a></li><details id=priv_esc ontoggle="linkClick(this); return false;" ><summary>Priv_esc</summary><ul><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/post exploitation/priv_esc/docs/linux_priv_esc.html">linux_priv_esc</a></li><li><a href="/post exploitation/priv_esc/docs/pspy.html">pspy</a></li><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><li><a href="/post exploitation/priv_esc/docs/windows/add_user.html">add_user</a></li><li><a href="/post exploitation/priv_esc/docs/windows/windows_priv_esc.html">windows_priv_esc</a></li></ul></details></ul></details><details id=kernel-exploits ontoggle="linkClick(this); return false;" ><summary>Kernel-exploits</summary><ul></ul></details><details id=privesc-scripts ontoggle="linkClick(this); return false;" ><summary>Privesc-scripts</summary><ul><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/post exploitation/priv_esc/privesc-scripts/docs/get_script_onto_target.html">get_script_onto_target</a></li></ul></details></ul></details><details id=suid ontoggle="linkClick(this); return false;" ><summary>Suid</summary><ul></ul></details></ul></details></ul></details><details id=reverse engineering ontoggle="linkClick(this); return false;" ><summary>Reverse engineering</summary><ul><details id=android ontoggle="linkClick(this); return false;" ><summary>Android</summary><ul><li><a href="/reverse engineering/android/misc.html">misc</a></li></ul></details><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/reverse engineering/docs/deobfuscation.html">deobfuscation</a></li><li><a href="/reverse engineering/docs/dll_reversing.html">dll_reversing</a></li><li><a href="/reverse engineering/docs/firmware.html">firmware</a></li><li><a href="/reverse engineering/docs/function_mangling.html">function_mangling</a></li><li><a href="/reverse engineering/docs/scada.html">scada</a></li></ul></details><details id=java ontoggle="linkClick(this); return false;" ><summary>Java</summary><ul><li><a href="/reverse engineering/java/krakatau.html">krakatau</a></li></ul></details><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul><li><a href="/reverse engineering/windows/portable-executable.html">portable-executable</a></li></ul></details></ul></details><details id=reverse shells ontoggle="linkClick(this); return false;" ><summary>Reverse shells</summary><ul><details id=docs ontoggle="linkClick(this); return false;" ><summary>Docs</summary><ul><li><a href="/reverse shells/docs/evil-winrm.html">evil-winrm</a></li><li><a href="/reverse shells/docs/msfconsole.html">msfconsole</a></li><li><a href="/reverse shells/docs/msfvenom.html">msfvenom</a></li><li><a href="/reverse shells/docs/netcat.html">netcat</a></li><li><a href="/reverse shells/docs/powershell.html">powershell</a></li><li><a href="/reverse shells/docs/shell_upgrade.html">shell_upgrade</a></li><li><a href="/reverse shells/docs/socat.html">socat</a></li><li><a href="/reverse shells/docs/webshell.html">webshell</a></li></ul></details><li><a href="/reverse shells/firewalls.html">firewalls</a></li><details id=windows ontoggle="linkClick(this); return false;" ><summary>Windows</summary><ul></ul></details></ul></details>
</ul>
</div>
<div class="column column-2">
<span class="body">
<style>pre { line-height: 125%; }
td.linenos .normal { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos { color: #37474F; background-color: #263238; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #607A86; background-color: #263238; padding-left: 5px; padding-right: 5px; }
.codehilite .hll { background-color: #2C3B41 }
.codehilite .c { color: #546E7A; font-style: italic } /* Comment */
.codehilite .err { color: #FF5370 } /* Error */
.codehilite .esc { color: #89DDFF } /* Escape */
.codehilite .g { color: #EEFFFF } /* Generic */
.codehilite .k { color: #BB80B3 } /* Keyword */
.codehilite .l { color: #C3E88D } /* Literal */
.codehilite .n { color: #EEFFFF } /* Name */
.codehilite .o { color: #89DDFF } /* Operator */
.codehilite .p { color: #89DDFF } /* Punctuation */
.codehilite .ch { color: #546E7A; font-style: italic } /* Comment.Hashbang */
.codehilite .cm { color: #546E7A; font-style: italic } /* Comment.Multiline */
.codehilite .cp { color: #546E7A; font-style: italic } /* Comment.Preproc */
.codehilite .cpf { color: #546E7A; font-style: italic } /* Comment.PreprocFile */
.codehilite .c1 { color: #546E7A; font-style: italic } /* Comment.Single */
.codehilite .cs { color: #546E7A; font-style: italic } /* Comment.Special */
.codehilite .gd { color: #FF5370 } /* Generic.Deleted */
.codehilite .ge { color: #89DDFF } /* Generic.Emph */
.codehilite .gr { color: #FF5370 } /* Generic.Error */
.codehilite .gh { color: #C3E88D } /* Generic.Heading */
.codehilite .gi { color: #C3E88D } /* Generic.Inserted */
.codehilite .go { color: #546E7A } /* Generic.Output */
.codehilite .gp { color: #FFCB6B } /* Generic.Prompt */
.codehilite .gs { color: #FF5370 } /* Generic.Strong */
.codehilite .gu { color: #89DDFF } /* Generic.Subheading */
.codehilite .gt { color: #FF5370 } /* Generic.Traceback */
.codehilite .kc { color: #89DDFF } /* Keyword.Constant */
.codehilite .kd { color: #BB80B3 } /* Keyword.Declaration */
.codehilite .kn { color: #89DDFF; font-style: italic } /* Keyword.Namespace */
.codehilite .kp { color: #89DDFF } /* Keyword.Pseudo */
.codehilite .kr { color: #BB80B3 } /* Keyword.Reserved */
.codehilite .kt { color: #BB80B3 } /* Keyword.Type */
.codehilite .ld { color: #C3E88D } /* Literal.Date */
.codehilite .m { color: #F78C6C } /* Literal.Number */
.codehilite .s { color: #C3E88D } /* Literal.String */
.codehilite .na { color: #BB80B3 } /* Name.Attribute */
.codehilite .nb { color: #82AAFF } /* Name.Builtin */
.codehilite .nc { color: #FFCB6B } /* Name.Class */
.codehilite .no { color: #EEFFFF } /* Name.Constant */
.codehilite .nd { color: #82AAFF } /* Name.Decorator */
.codehilite .ni { color: #89DDFF } /* Name.Entity */
.codehilite .ne { color: #FFCB6B } /* Name.Exception */
.codehilite .nf { color: #82AAFF } /* Name.Function */
.codehilite .nl { color: #82AAFF } /* Name.Label */
.codehilite .nn { color: #FFCB6B } /* Name.Namespace */
.codehilite .nx { color: #EEFFFF } /* Name.Other */
.codehilite .py { color: #FFCB6B } /* Name.Property */
.codehilite .nt { color: #FF5370 } /* Name.Tag */
.codehilite .nv { color: #89DDFF } /* Name.Variable */
.codehilite .ow { color: #89DDFF; font-style: italic } /* Operator.Word */
.codehilite .w { color: #EEFFFF } /* Text.Whitespace */
.codehilite .mb { color: #F78C6C } /* Literal.Number.Bin */
.codehilite .mf { color: #F78C6C } /* Literal.Number.Float */
.codehilite .mh { color: #F78C6C } /* Literal.Number.Hex */
.codehilite .mi { color: #F78C6C } /* Literal.Number.Integer */
.codehilite .mo { color: #F78C6C } /* Literal.Number.Oct */
.codehilite .sa { color: #BB80B3 } /* Literal.String.Affix */
.codehilite .sb { color: #C3E88D } /* Literal.String.Backtick */
.codehilite .sc { color: #C3E88D } /* Literal.String.Char */
.codehilite .dl { color: #EEFFFF } /* Literal.String.Delimiter */
.codehilite .sd { color: #546E7A; font-style: italic } /* Literal.String.Doc */
.codehilite .s2 { color: #C3E88D } /* Literal.String.Double */
.codehilite .se { color: #EEFFFF } /* Literal.String.Escape */
.codehilite .sh { color: #C3E88D } /* Literal.String.Heredoc */
.codehilite .si { color: #89DDFF } /* Literal.String.Interpol */
.codehilite .sx { color: #C3E88D } /* Literal.String.Other */
.codehilite .sr { color: #89DDFF } /* Literal.String.Regex */
.codehilite .s1 { color: #C3E88D } /* Literal.String.Single */
.codehilite .ss { color: #89DDFF } /* Literal.String.Symbol */
.codehilite .bp { color: #89DDFF } /* Name.Builtin.Pseudo */
.codehilite .fm { color: #82AAFF } /* Name.Function.Magic */
.codehilite .vc { color: #89DDFF } /* Name.Variable.Class */
.codehilite .vg { color: #89DDFF } /* Name.Variable.Global */
.codehilite .vi { color: #89DDFF } /* Name.Variable.Instance */
.codehilite .vm { color: #82AAFF } /* Name.Variable.Magic */
.codehilite .il { color: #F78C6C } /* Literal.Number.Integer.Long */</style>
<div class="column column-3">
<ul>
<li><a href="#nmap">nmap</a><ul>
<li><a href="#scan-types">Scan Types</a></li>
<li><a href="#port-states">Port States</a></li>
<li><a href="#usage">Usage</a><ul>
<li><a href="#combo-with-searchsploit">combo with searchsploit</a></li>
<li><a href="#wordpress-enumeration">Wordpress Enumeration</a></li>
<li><a href="#use-list-of-hosts">Use List of Hosts</a></li>
<li><a href="#arp-scan-local-network">ARP Scan Local Network</a></li>
<li><a href="#icmp-scans">ICMP Scans</a></li>
<li><a href="#tcp-scans">TCP Scans</a><ul>
<li><a href="#tcp-scan-types">TCP Scan Types</a></li>
</ul>
</li>
<li><a href="#udp-scans">UDP SCans</a></li>
<li><a href="#dns-scan">DNS Scan</a></li>
<li><a href="#spoofing">Spoofing</a></li>
<li><a href="#service-detection">Service Detection</a></li>
</ul>
</li>
<li><a href="#scripts">Scripts</a></li>
<li><a href="#tips-tricks">Tips &amp; Tricks</a></li>
</ul>
</li>
</ul>
</div>
<h1 id="nmap">nmap</h1>
<h2 id="scan-types">Scan Types</h2>
<ul>
<li>ARP</li>
<li>ICMP</li>
<li>TCP</li>
<li>UDP</li>
</ul>
<h2 id="port-states">Port States</h2>
<ol>
<li>Open</li>
<li>Closed</li>
<li>Filtered</li>
<li>Unfiltered</li>
<li>Open|Filtered</li>
<li>Close|Filtered</li>
</ol>
<h2 id="usage">Usage</h2>
<div class="codehilite"><pre><span></span><code>nmap -oA nmap-full -Pn -sS -T4 -p- --defeat-rst-ratelimit &lt;IP&gt;
</code></pre></div>
<div class="codehilite"><pre><span></span><code>nmap -oA nmap-vuln -Pn -script vuln -p &lt;Port,Port,Port,...&gt; &lt;IP&gt;
</code></pre></div>
<h3 id="combo-with-searchsploit">combo with searchsploit</h3>
<ul>
<li>nmap-full scan</li>
</ul>
<div class="codehilite"><pre><span></span><code>sudo nmap -oA --nmap-full -sS -sC -sV -p- --defeat-rst-ratelimit &lt;target-IP&gt;
searchsploit --nmap ./nmap-full.xml --verbose
</code></pre></div>
<h3 id="wordpress-enumeration">Wordpress Enumeration</h3>
<div class="codehilite"><pre><span></span><code>nmap --script http-wordpress-enum --scripts-args check-latest<span class="o">=</span>true,search-limit<span class="o">=</span><span class="m">1500</span> -p <span class="m">80</span> test.com
</code></pre></div>
<h3 id="use-list-of-hosts">Use List of Hosts</h3>
<div class="codehilite"><pre><span></span><code>nmap -iL &lt;ListofHosts&gt;
</code></pre></div>
<ul>
<li>Show hosts, dns resolution included</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -sL -n <span class="m">10</span>.10.0.0/16
</code></pre></div>
<h3 id="arp-scan-local-network">ARP Scan Local Network</h3>
<div class="codehilite"><pre><span></span><code>nmap -PR -sn <span class="m">192</span>.168.0.0/24
</code></pre></div>
<h3 id="icmp-scans">ICMP Scans</h3>
<ul>
<li><strong>Type 8</strong> (Ping Request)</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -PE -sn <span class="m">10</span>.10.0.0/16
</code></pre></div>
<ul>
<li><strong>Type 13</strong> (Timestamp Request)</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -PP -sn <span class="m">10</span>.10.0.0/16
</code></pre></div>
<ul>
<li><strong>Type 17</strong> (Address Mask Queries)</li>
</ul>
<div class="codehilite"><pre><span></span><code>nmap -PM -sn <span class="m">10</span>.10.0.0/16
</code></pre></div>
<h3 id="tcp-scans">TCP Scans</h3>
<ul>
<li><code>-PS23</code> Syn on port 23</li>
<li><code>-PA80-8080</code> ACK on port range 80-8080</li>
</ul>
<h4 id="tcp-scan-types">TCP Scan Types</h4>
<ul>
<li><strong>Null Scan</strong> <code>-sN</code>, port is open when there is no response. Otherwise the response is <code>RST/ACK</code></li>
<li><strong>FIN Scan</strong> <code>-sF</code> , same procedure as null scan.</li>
<li><strong>Xmas Scan</strong> <code>-sX</code>, <code>FIN/PSH/URG</code> is sent. <code>RST/ACK</code> when port is closed.</li>
<li><strong>Maimon Scan</strong> <code>-sM</code>, sends <code>FIN/ACK</code>. Packet is dropped when port is open. Only viable on old BSD networks.</li>
<li><strong>ACK Scan</strong> <code>-sA</code>, sends <code>ACK</code>. Receives <code>RST</code> regardless of the state of the port. May be used to explore firewall rules.</li>
<li><strong>Window Scan</strong> <code>-sW</code>, sends <code>ACK</code>, and receives <code>RST</code> as well. Inspects the window part of the response. Used to expose firewall rules.</li>
<li><strong>Custom Scan</strong> <code>--scanflags RSTACKFIN</code>, set flags randomly.</li>
</ul>
<h3 id="udp-scans">UDP SCans</h3>
<ul>
<li><code>-PU</code> </li>
<li>May be answered by ICMP Type 3 if the port is not reachable</li>
</ul>
<h3 id="dns-scan">DNS Scan</h3>
<ul>
<li>No lookup <code>-n</code></li>
<li>Reverse lookup for every host <code>-R</code> </li>
<li>Host discovery only <code>-sn</code></li>
</ul>
<h3 id="spoofing">Spoofing</h3>
<ul>
<li>IP <code>-S &lt;spoofed-IP&gt;</code></li>
<li>MAC <code>--spoof-mac &lt;spoofed-MAC&gt;</code></li>
<li>Disable ping scan <code>-Pn</code></li>
<li>Decoy addresses <code>-D &lt;decoy-IP&gt;,&lt;decoy-IP&gt;,&lt;decoy-IP&gt;,RND,RND,ME</code></li>
</ul>
<h3 id="service-detection">Service Detection</h3>
<ul>
<li><code>-sV</code></li>
<li><code>--version-intensity &lt;level 0-9&gt;</code></li>
<li>Intensity 2 <code>--version-light</code></li>
<li>Intensity 9 <code>--version-all</code></li>
</ul>
<h2 id="scripts">Scripts</h2>
<p>Installed at <code>/usr/share/nmap/scripts</code>
* <strong>auth</strong> Authentication related scripts
* <strong>broadcast</strong> Discover hosts by sending broadcast messages
* <strong>brute</strong> Performs brute-force password auditing against logins
* <strong>default</strong> Default scripts, same as -sC
* <strong>discovery</strong> Retrieve accessible information, such as database tables and DNS names
* <strong>dos Detects</strong> servers vulnerable to Denial of Service (DoS)
* <strong>exploit</strong> Attempts to exploit various vulnerable services
* <strong>external</strong> Checks using a third-party service, such as Geoplugin and Virustotal
* <strong>fuzzer</strong> Launch fuzzing attacks
* <strong>intrusive</strong> Intrusive scripts such as brute-force attacks and exploitation
* <strong>malware</strong> Scans for backdoors
* <strong>safe</strong> Safe scripts that wont crash the target
* <strong>version</strong> Retrieve service versions
* <strong>vuln</strong> Checks for vulnerabilities or exploit vulnerable services</p>
<h2 id="tips-tricks">Tips &amp; Tricks</h2>
<ul>
<li>Scan the 100 most interesting ports via <code>-F</code></li>
<li><code>--top-ports 100</code> </li>
<li>One probe every 5 minutes via <code>-T0</code></li>
<li>A closed port responds with <code>RST/ACK</code> to a initial <code>SYN</code></li>
<li>Scan ports iteratively by using <code>-r</code>, not random</li>
<li>Closed Port </li>
<li>Control packet rate via <code>--min-rate</code> and <code>--max-rate</code></li>
<li>Control parallel probes via <code>--min-parallelism</code> and <code>--max-parallelism</code></li>
<li>Fragment packets <code>-f</code> 8 bytes, <code>-ff</code> 16 bytes or <code>--mtu</code></li>
<li>Zombie Scan <code>-sI &lt;pwnd-device-IP&gt;</code> via pwnd host inside the targets network</li>
<li><code>--reason</code>, <code>-d</code>, <code>-vv</code></li>
<li><code>--traceroute</code></li>
</ul>
</span>
</div>
</div>
<div id="footer">
<p></p>
<center>
&copy; Stefan Friese
</center>
</div>
<script>
function linkClick(obj) {
if (obj.open) {
//console.log('open');
if (sessionStorage.getItem(obj.id) && !(sessionStorage.getItem(obj.id) === "open")) {
sessionStorage.removeItem(obj.id);
}
sessionStorage.setItem(obj.id,"open");
console.log(obj.id);
} else {
//console.log('closed');
sessionStorage.removeItem(obj.id);
}
}
let _keys = Object.keys(sessionStorage);
if (_keys) {
for ( let i = 0; i < _keys.length; i++ ) {
document.getElementById(_keys[i])['open'] = 'open';
}
}
</script>
<script async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML" type="text/javascript"></script>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({
config: ["MMLorHTML.js"],
jax: ["input/TeX", "output/HTML-CSS", "output/NativeMML"],
extensions: ["MathMenu.js", "MathZoom.js"]
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink