SHOW:
|
|
- or go back to the newest paste.
| 1 | Ping a subnet: | |
| 2 | nmap -n -sP 172.16.0.0/16 -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> 172.16.txt | |
| 3 | ||
| 4 | From a target list: | |
| 5 | nmap -n -sP -iL HQWorkstations.txt -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> HQWork.txt | |
| 6 | ||
| 7 | For a specific port or ports: | |
| 8 | nmap -p445 -Pn 192.168.1.1/24 -oG - | grep 445/open | cut -d' ' -f2 >> smb.txt | |
| 9 | ||
| 10 | Get a number of live systems when using -Pn | |
| 11 | cat FileName.gnmap | grep "Status: Up" | cut -d' ' -f2 | wc -l | |
| 12 | - | cat FileName.gnmap | grep "Status: Up" | cut -d' ' -f2 | wc -l |
| 12 | + | |
| 13 | nmap -p445 -Pn 192.168.1.1/24 -oG - | grep 445/open | cut -d' ' -f2 >> smb.txt | |
| 14 | ||
| 15 | nmap -n -sT -p445 --script=smb-enum-shares.nse -script-args=smbuser=USER,smbhash=e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c,smbtype=v1,smbdomain=DOMAIN -oN SMB-User.txt 10.110.10.1/24 --open -vv | |
| 16 | ||
| 17 | To test using the local user password hashes, use "smbdomain=." |
