# Bilgi Toplama ## DNS Enumeration <https://securitytrails.com/#search> DNS Records Historical Data Subdomains <https://www.ripe.net/> <https://wq.apnic.net/static/search.html> IP aralığı vs **dig** IP: `dig <host> +short` MX: `dig <host> -t mx +short` NS: `dig <host> -t ns +short` AXFR: `dig axfr <host> <ns>` **host** IP: `host <host>` MX: `host -t mx <host>` NS: `host -t ns <host>` AXFR: `host -t axfr <host> <ns>` AXFR: `host -l <host> <ns>` ALL: `dnsenum -o output.xml --dnsserver <ns> <host> -p 10 -s 50` SUBDOMAIN: `python sublist3r.py -d <host> -o <output>` SUBDOMAIN: `nmap -T4 -p 53 --script dns-brute <host>` ALL: `dnsrecon -g -d <host>` SERVICE: `nmap -T4 -sSVC -o <output> <dns>` DNSSEC: <https://dnssec-analyzer.verisignlabs.com/host> ## TCPDump - `tcpdump -n -i eth0 (only ip)` - `tcpdump -i eth0 tcp` - `tcpdump -i eth0 port 22` - `tcpdump -XX -i eth0 (print header)` - `tcpdump -r file.pcap` ## SMB - `smbmap -u USER -p PASS -d WORKGROUP --host-file 445s` - `smbclient -L IP` - `smbclient -H //10.10.10.134/Backups -U root` ## MASSScan - `masscan -p22,80,445 10.0.0.0/8 -oX mass` - `grep "portid=\"80" mass | cut -d"\"" -f4 > 80s` ## NMAP **sunucu-client-up** - `nmap -sn 192.168.1.0/24 -oA up_sunucu` - `grep -n1 "up" up_sunucu.xml | grep "addr" | cut -d'"' -f2 > up_list` **http-https-up** - `nmap -p 80,443 -iL up_sunucu -oA https` - `grep -n4 open https.xml | grep ipv4 | cut -d'"' -f2 > up_https` ## EYEWITNESS - `eyewitness --web -f /root/Desktop/olibaba/80s -d /root/Desktop/olibaba/http_ss` ## REDIS - `redis-cli -h <ip> -p <port>` - `INFO` ## NBTScan - `nbtscan -r 10.12.103.1/8` - `cut -d" " -f1 nbtscancıktısı.txt >> dosya.txt` ## Anonymous FTP - `nmap --script ftp-brute -p 21 <host>` - `nmap -sV -sC -p21 192.168.0.1` - `nmap --script=ftp-anon -p21 -oA ftp_anon` - `cat ftp_anon.xml | grep -n4 "open" | grep 'addr' | cut -d'"' -f2 > ftp_list` - `nmap -sV -p21 -iL ftp_list -oA ftp_list` ## Default Parola ### Yazıcılar admin: boşparola ### Data Domain System Manager sysadmin:abc123 ### ILO admin:password Liebert:Liebert ### DDEM - `system show serial` - `priv set se` - `password: serial_no` - `uname` - `fi st` - `df` - `Ctrl-C three times` - `shell-escape` ### CIMC admin:Cisco1234