Pivoting
Once you have owned your victim's machine, it is time to pivot to other hosts and enumerate their open ports. In this section, you will find some techniques to perform such tasks.
The easiest way to find hosts on a network can be achieved by sending ICMP requests to each host and waiting for their reply.
Windows:
for /l %i in (1,1,254) do @ping -n 1 -w 100 X.X.X.%i | find "Reply"
Linux:
for i in {1..254} ;do (ping -c 1 X.X.X.$i | grep "bytes from" &) ;done
Here are some "One-liners" that you can use to perform port scanning against your victim's system.
PowerShell:
1..65536 | % {echo ((new-object Net.Sockets.TcpClient).Connect(“X.X.X.X”,$_)) “Port $_ is open!”} 2>$null
Bash:
#!/bin/bash
temp=$(mktemp -t PortScan_XXXXXX)
for port in $(seq 1 65535); do
timeout 2 bash -c "2>/dev/null echo '' > /dev/tcp/$1/$port " && echo "[*] Port $port - OPEN" | tee -a $temp &
done; wait
echo "Results stored at $temp"
Python:
#!/usr/bin/python3
import socket
import sys
for port in range(65536):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((sys.argv[1],port))
print("Port ", port, " is open")
except:
pass
#print("Port ", port, " is closed")
Here you have better tools to perform port scanning and ping sweep.
Last modified 8mo ago