search

Services

hashtag
NMAP Scan

hashtag
Quick Scan

nmap 10.129.42.253

hashtag
Long Scan (scan all ports)

nmap -p- 10.129.42.253

hashtag
Enumerate versions

nmap -sV 10.129.42.253

hashtag
Run Default Scripts

nmap -sC 10.129.42.253

hashtag
Using netcat

nc -nv 10.129.42.253 21

hashtag
Using NMAP

hashtag
Tools to Interact with Common Services

SMB

FTP

Email

Databases

smbclientarrow-up-right

ftparrow-up-right

Thunderbirdarrow-up-right

mssql-cliarrow-up-right

CrackMapExecarrow-up-right

lftparrow-up-right

Clawsarrow-up-right

mycliarrow-up-right

SMBMaparrow-up-right

ncftparrow-up-right

Gearyarrow-up-right

mssqlclient.pyarrow-up-right

Impacketarrow-up-right

filezillaarrow-up-right

MailSpringarrow-up-right

dbeaverarrow-up-right

psexec.pyarrow-up-right

crossftparrow-up-right

muttarrow-up-right

MySQL Workbencharrow-up-right

smbexec.pyarrow-up-right

mailutilsarrow-up-right

SQL Server Management Studio or SSMSarrow-up-right

sendEmailarrow-up-right

swaksarrow-up-right

sendmailarrow-up-right

hashtag
Service Misconfigurations

  • Authentication

    • Anonymous Authentication

    • Misconfigured Access Rights

  • Unnecessary Defaults

hashtag
Preventing Misconfigurations

  • Admin interfaces should be disabled.

  • Debugging is turned off.

  • Disable the use of default usernames and passwords.

  • Set up the server to prevent unauthorized access, directory listing, and other issues.

  • Run scans and audits regularly to help discover future misconfigurations or missing fixes.

hashtag
Finding Sensitive Information

Sensitive information may include, but is not limited to:

  • Usernames.

  • Email Addresses.

  • Passwords.

  • DNS records.

  • IP Addresses.

  • Source code.

  • Configuration files.

  • PII.

PreviousScriptsNextHTTP (80)

Last updated