Category: Category: Enumeration and Recon
Protected: Bug Bounty Recon – Notes
There is no excerpt because this is a protected post.
Read More →Decrypting SSL/TLS Traffic with SSLSESSIONKEY and Wireshark
Decrypting SSL/TLS traffic from browser (Firefox / Chrome) is possible by using a SSL Session Key, that gets written […]
Read More →Port scanning – alternative
Alternative port scanning tools. Portscan with netcat Scans specific IP between tcp port 20 – 65000.
1 2 |
for i in $(seq 20 65000); do nc -zv 10.xx.xx.xx $i 2>&1;done | grep open |
Check open […]
Read More →SMB Enumeration
SMB Enumeration and recon notes. SMB null sessions are unauthenticated sessions against smb shares, and anonymous access to hidden […]
Read More →Monitor bandwidth consumption with iptables
A method to measure how much bandwidth is consumed for e.g. a nmap scan against a specific host can […]
Read More →SNMP Enumeration
Scan for SNMP and filter out IP addresses that runs SNMP:
1 2 |
nmap -sU --open -p 161 10.10.10.1-254 -oG -| awk '/Up$/{print $2}' |
or generate IP hosts with following […]
Read More →Port knocking
Port knocking is a method of obscuring the services that you have running on your machine. It allows your […]
Read More →Linux Enum
Useful tools and methods to do Linux Enumeration. LinEnum.sh Collect Linux info – exploit suggest and priv escalation https://github.com/rebootuser/LinEnum.git […]
Read More →Vulnerability Scanning – OpenVAS
This post covers setting up OpenVAS9 Greenbone Security Assistant. The Dashboard: OpenVAS (Open Vulnerability Assessment System) is an opensource […]
Read More →XXE/XML Attack
Malicious DTD Following snippet can be used to get Local File Inclusion or Remote Command Execution on vulnerable XML. […]
Read More →