enumeration – Page 2 – WindowsTechs.com

How to pass a list of extensions as a file to enumerate files/directories based on extension using gobuster? [closed]

Posted on December 20, 2022 by NVANU

I tried the below command using gobuster with the option ‘-x’ and tried to pass a list of extensions in a file:
gobuster dir -u TARGET_URI -w /usr/[…]/dirb/common.txt -x /usr/share/[…]/raft-small-extensions.txt

When I tried the above … Continue reading How to pass a list of extensions as a file to enumerate files/directories based on extension using gobuster? [closed]→

Is it possible to enumerate registered eepsite (I2P) subdomains?

Posted on November 5, 2022 by forest

Eepsites are similar to Tor’s hidden services, but based on the I2P anonymity network.
Named eepsites use central registrars like stats.i2p and no.i2p. Each eepsite also has a b32 domain which is a base32-encoded string that is used to con… Continue reading Is it possible to enumerate registered eepsite (I2P) subdomains?→

Exploitation Risks and Considerations specific to running internal DNS servers

Posted on November 5, 2022 by Rivesticles

I have heard of larger companies are utilizing their own internal DNS servers to route through internal resources. And was wondering if there is any specific exploitation risks and considerations for these, especially related to loss of av… Continue reading Exploitation Risks and Considerations specific to running internal DNS servers→

Is Reading Windows Reserved Filenames Through a URL Valid for OS Enumeration?

Posted on July 25, 2022 by burninator

I’m aware that writing a file with a reserved name such as CON.txt or CON.mp3, aux.txt, lpt1.html, etc. is not allowed by Windows and can be leveraged for enumeration.
However, what about reading a file with a reserved name?
For example, i… Continue reading Is Reading Windows Reserved Filenames Through a URL Valid for OS Enumeration?→

Easy to run DSquery’s for pentesting and etc [closed]

Posted on July 15, 2022 by Stigmatas

I’m having an issue trying to find decent queries that system admins and penetration testers use.
I’ve tried googling and i’ve even taken a class to try to understand it better.
Here are some of the queries I’ve used and I hope you want to… Continue reading Easy to run DSquery’s for pentesting and etc [closed]→

DNS reverse lookup not finding domain name during enumeration

Posted on July 5, 2022 by cppstudy

While enumerating a DNS server for a HTB machine, I’ve tried finding a domain name for 127.0.0.1:
┌──(kali㉿kali)-[~]
└─$ dig -x 127.0.0.1 @10.10.11.166

; <<>> DiG 9.18.1-1-Debian <<>> -x 127.0.0.1 @10.10.11.166
;;… Continue reading DNS reverse lookup not finding domain name during enumeration→

How to get the list of computers a user can RDP into using BloodHound?

Posted on June 1, 2022 by John

Using bloodhound I would like to find the list of all computers a user I.e "domain\ajohn" can RDP into.
I looked at:
match p=(g:Group)-[:CanRDP]->(c:Computer) where g.objectid ENDS WITH ‘-513’ AND NOT c.operatingsystem CONTAI… Continue reading How to get the list of computers a user can RDP into using BloodHound?→

DNS Enumeration by IP Address

Posted on May 5, 2022 by Mr John

I know all baseline steps to do DNS enumeration over a domain. But my questions is: how can I enumerate a server when I do not know which domain it is managing and I only have its IP address?
My scenario: I discovered 2 DNS servers running… Continue reading DNS Enumeration by IP Address→

Mail gateway allowing telnet connections

Posted on March 4, 2022 by Mailadmin

Our organization is currently being tested by a IT security firm who have stated that while our internet facing mail gateway is not an open relay, they can connect to it on port 25 using telnet and check if an internal address is valid or… Continue reading Mail gateway allowing telnet connections→

What does a probe packet look like and how does it interact with a server to determine services [closed]

Posted on November 27, 2021 by Brakke Baviaan

I have recently begun studying NMap. It offers a variety of options, each having clear advantages and disadvantages as to what information is disclosed and chance of being detected by possible layers of defense.
One of the options seems ra… Continue reading What does a probe packet look like and how does it interact with a server to determine services [closed]→