This guide is for enumeration process you should always do when appoarch pentesting a CTF box
Step to approach
- These are the steps you should use when approach the enumeration process
A word before you continue
- I want to make it clear that i don't own everything here, most of them was copy/paste from other websites that i found helpfull in the quest of knowledge.
- Some of the information here were took from these :
1. Host Discovery
- You will need to find your target that you would do pentest or CTF on.
1.1. Discovery hosts from the outside
- In the situation where you only have some scope of IPs (maybe even several ranges) and you just need to find which IPs are responding from the Internet.
1.1.1. ICMP
- This is the easiest and fastest way to discover if a host is up or not.
ping -c 1 192.168.10.10 # 1 echo request to a host
fping -g 192.168.10.0/24 # Send echo requests to ranges
nmap -PEPM -sP -n 192.168.10.0/24 #Send echo, timestamp requests and subnet mask requests
1.1.2. TCP Port Discovery
- It is very common to find all kind of ICM packets are being filtered, most likely because of ACL, in this situation you will need something faster like masscan
#Using masscan to scan top20ports of nmap in a /24 range (less than 5min)
masscan -p20,21-23,25,53,80,110,111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 192.168.10.0/24