vault backup: 2024-12-01 23:50:59

Penetration Testing/Week 11/Lecture 11 - Enumeration.md

@@ -0,0 +1,46 @@
+Collection of detailed information about a target system, ex OS, infra
+After compromising, attackers perform enumeration to learn more about host, ex. location on lan, functionality (hostname, interfaces, routes, services.).
+Gathering info ex. usernames, machine names, share names, directory names, os details, network infra, printer names, webserver details, etc.
+Key component of ethical hacking and pentesting.
+
+# Enumerating Windows System
+
+- ipconfig - list interfaces, gateways, if mac addresses, ip addresses
+	- /all - list additional info about if
+	- /displaydns - show dns cache
+- arp -a - display arp cache
+- netstat -ano - list all connections on a specified port
+- route print - display routing table
+- net start / net stop - start / stop running service
+- netsh - firewall rules
+- netsh firewall set opmode disable - turn off firewall
+- tasklist - enumerate all services running on host
+
+# Enumerating Linux System
+
+- ifconfig - similar to ipconfig, more explanatory
+- pwd - print working directory
+- ls - list items in directory
+- find - find items
+- who/last - displays currently logged in users
+- whoami - displays information about current user
+- uname - display kernel info
+- touch - create empty file
+- cat /etc/passwd - enumerate local users
+- cat /etc/host - show hosts file
+- cat /etc/group - enumerate all local groups
+- cat /etc/resolv.conf - locate name servers on local machine
+
+# Enumerating with Meterpreter
+
+- sysinfo - gets info such as OS and name
+- route - view / modify routing table
+- ps - list processes
+- getuid - get current uid
+- getpid - get current process id
+- cd - change directory
+- cat - read and stdout contents of file
+- ls - list items in directory
+- enumdesktops - list all accessible desktops
+- screenshot - grab screenshot of meterpreter desktop
+- idletime - checks how long target has been idle