Hacking 3

	T H E G O A L	T H E S Y N T A X
1	Discover windows hosts	sl -bph host(s)
2	Enumerate domains on network	net view /domain
3	Enumerate hosts in each domain	net view /domain:domain
4	Enumerate domain controllers	nltest /dsgetdc:domain_name /pdc nltest /bdc_query:domain_name
5	Determine IP of hosts	ping hostname
6	Enumerate host's role in domain (NT 4.0)	netdom query \\hostname
7	Enumerate NetBIOS table	nbtstat -A x.x.x.x
8	Establish a null session	net use \\x.x.x.x\ipc$ "" /u:""
9	Enumerate local administrators	local administrators \\x.x.x.x
10	Enumerate Group Members	global "group_name" \\x.x.x.x
11	Enumerate NIC information	getmac \\x.x.x.x
12	Enumerate internal IP information	epdump x.x.x.x
13	Enumerate trust relationships	nltest /server:x.x.x.x /trusted_domains
14	Enumerate non-hidden shares	net view \\x.x.x.x
15	Enumerate all shares	DUMPSEC (GUI)
16	Enumerate password policy	enum -Pc
17	All-in-one enumeration tools	DUMPSEC (GUI) enum -UMNSPGLc nete /0 (it's a zero)
18	SNMP MIB walk	IP Network Browser (GUI)
19	Query Active Directory (AD) via LDAP	ldp (GUI)

	T H E G O A L	T H E S Y N T A X
1	Discover Unix hosts	nmap -P0 -sT host(s) nmap -P0 -sU -p port(s) host(s)
2	Enumerate service banners	(refer to "Scanning", step 3)
3	Fingerprint target's IP stack	nmap -O host(s) nmap -O -p port(s) host(s)
4	Identify logged on users	finger -l @x.x.x.x rusers -l x.x.x.x
5	Enumerate additional users via SMTP	#telnet x.x.x.x 25 vrfy user expn user/group
6	Enumerate additional users via TFTP	#tftp x.x.x.x tftp> get /etc/passwd /tmp/passwd.x tftp> quit
7	Enumerate RPC programs	rpcinfo -p x.x.x.x
8	Enumerate exported NFS file system(s)	showmount -e x.x.x.x
9	Explore the exported NFS filesystem(s)	mount -t nfs x.x.x.x:mount_point /mnt
10	SNMP MIB walk	snmpwalk x.x.x.x community_string \| more