Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

OSCP > Ch6 > Flashcards

Ch6 Flashcards

1
Q

whois command

A

whois nino.com -h [who-is-server-ip]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Netcraft 是干什么的

A

https://www.netcraft.com/
可以看到所用的tech,whois info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Opensource search

A

Google -
gitleaks - 找寻aws keys - https://github.com/zricethezav/gitleaks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security Headers & SSL

A

https://securityheaders.com/
https://www.ssllabs.com/ssltest/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DNS Enumeration

A

host nino.com
host -t mx nino.com

nslookup -type=TXT nino.com 192.168.1.40

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DNS Enumeration Automation

A

dnsrecon -d nino.com -t std

dnsenum nino.com

自带字典:
dnsenum -f dns.txt nino.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

netcat

A

-n: no DNS
nc -nv -z -w 1 192.168.1.123 3388-3900

-u: UDP
nc -nv -u -z -w 1 192.168.50.149 120-123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

nmap 最快的scan 方式

A

SYN scan

-sS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

nmap 的scan方式

A

-sT
-sS
-sU
-sn: host discovery. 发送ICMP, 再发SYN到443, ACK到80
-O: OS fingerprint, 后加–osscan-guess,会强制让nmap猜OS version
-sV: version scan
-A: 大包围

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

nmap NSE的位置
script 的帮助

A

/usr/share/nmap/scripts

搜索script - ls -1 /usr/share/nmap/scripts/smb*
nmap –script-help http-title

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

nmap 扫面文件的IP

A

nmap -sS -iL /path/to/file.txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

nmap 扫 whois server

A

whois server port是443
nmap -sS -p 443 -iL ip.txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

nc connect to a port

A

nc -v 192.168.1.123 8080

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

当nmap没有结果,尝试使用

A

-Pn, -T4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SMTP VRFY command

A
  1. 先用nc 连过去
    nc -v 192.168.1.123 25
  2. 发送 VRFY root
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SNMP - TCP or UDP? Port?

A

UDP, port 161

17
Q

Query snmp tool?

A

snmpwalk

snmpwalk -c public -v1 -t 10 192.168.1.123

18
Q

Bruteforce snmp tool?

A

onesixtyone - 161

echo public&raquo_space; community
onesixtyone -c community -i ips

19
Q

SMB port

A

Port 137 is for providing name services over TCP or UDP for SMB over NetBIOS.

Port 139 is for providing session services over TCP or UDP for SMB over NetBIOS.

Port 445 is for directly-hosted SMB over TCP or UDP without the need of NetBIOS.

20
Q

SMB scanning tool - Linux

A

sudo nbtscan -r 192.168.50.1-254
-r表示 port 137

nmap -v -p 139,445 –script smb-os-discovery 192.168.50.152

21
Q

SMP scanning tool windows

A

net view \dc01 /all

OSCP (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions