Eumeration

1. Enumerate material found on the machine.

2. Use pre-installed tools on the machine

3. Use statically compiled tools

4. Use scripting techniques

5. Use local tools through a proxy (last resort ; very slow)

Check arp cache, static mappings, local DNS servers and interfaces (Linux)

arp -a
cat /etc/hosts
cat /etc/resolv.conf
ip a

Check arp cache, static mappings and interfaces (Windows)

arp -a
type C:\Windows\System32\drivers\etc\hosts
ipconfig /all

Living Off the Land (LotL)

Start off with uploading nmap and scanning the network from the compromised server

./nmap -sn 10.200.72.0/24 -oN hosts

Bash one-liner ping sweep

Bash one-liner port scan

Windows ping sweep tools

• https://github.com/MuirlandOracle/C-Sharp-Port-Scan

• https://github.com/MuirlandOracle/CPP-Port-Scanner