CTF_CheatSheet

Stage 1 - Lay of the Land

Scans

Nmap

nmap -sn -n --disable-arp-ping IP | grep -v "host down"

-sn : Disable port scanning. Host discovery only. -n : Never do DNS resolution

sudo nmap -sSV -p- IP -oA nmap/initial -T4
sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv

• the flag -sSV defines the type of packet to send to the server and tells Nmap to try and determine any service on open ports • the -p- tells Nmap to check all 65,535 ports (by default it will only check the most popular 1,000) • -oA OUTPUTFILE tells Nmap to output the findings in its three major formats at once using the filename "OUTPUTFILE" • -iL INPUTFILE tells Nmap to use the provided file as inputs

This configuration is enough to do a basic check for a CTF VM

nmap -sV -sC -oA nmap/initial IP

-sV : Probe open ports to determine service/version info -sC : to enable the script -oA : to save the results

After this quick command you can add "-p-" to run a full scan while you work with the previous result

Aggressive NMAP

nmap -A -T4 scanme.nmap.org
• -A: Enable OS detection, version detection, script scanning, and traceroute
• -T4: Defines the timing for the task (options are 0-5 and higher is faster)

Masscan

masscan IP -p 1-65535 --rate 100 -oX masscan.xml