Me: so, ifconfig, what is my gateway?

ifconfig: [ip address]

Me: nmap, what is this IP address?

nmap: it's a network switch with an open telnet port.

Me: what happens if I connect to it?

switch: WHAT IS THE PASSWORD?!?!

Me: is it blank?

switch: correct. what do you want to do?

Me: can I look at all the IP and MAC addresses on the network?

switch: WHAT IS THE ADMIN PASSWORD?!?!

Me: is it... admin?

switch: correct. Here's everyone that's connected to the network: [400+ IPs and MACs]

Me: ok python, would you filter through these and tell me what manufacturer each one belongs to?

python: sure.
[~50 manufacturer lookups later]
python: there's a bunch of apple product, a bunch of miscellaneous laptop and printer manufacturers, and some raspberry pis.

Me: raspberry pis?

python: yep. about 20 of them.

Me: What happens if I connect to one?

rpi: WHAT IS THE PASSWORD?!?!

Me: raspberry?

rpi: correct. what do you want to do?

Me: can I make you do my bidding in the background when you aren't being used?

rpi: sure, sounds fine.

I love ignorant sysadmins.

Never in my life I was scared as today.
I recently left a big company to work for a small one as the first internal developer.
Had a small issue in the production server. The fix was easy, just remove a single table entry. And... *drum roll*... I forgot to add a where clause. All orders were lost.
No idea if we had backups or anything, I quickly called the one other IT dude in the company.
He had no clue where are the backups and how to find them.
Having some experience with Nmap, I quickly scanned our network and found a Nas device.
There was a backup, whole VHD backup. 300GB of it, the download speed is around 512kb/s. No way I can fix it before management finds out, but then an idea came to mind. Old glorious 7zip. Managed to extract only the database files, sent them to the server and quickly swapped them. Everything was fine... The manager connected 5 minutes later. Scariest 45 minutes of my life...

This is from my days of running a rather large (for its time) Minecraft server. A few of our best admins were given access to the server console. For extra security, we also had a second login stage in-game using a command (in case their accounts were compromised). We even had a fairly strict password strength policy.
But all of that was defeated by a slightly too stiff SHIFT key. See, in-game commands were typed in chat, prefixed with a slash -- SHIFT+7 on German-ish keyboards. And so, when logging in, one of our head admins didn't realize his SHIFT key didn't register and proudly broadcast to the server "[Admin] username: 7login hisPasswordHere".
This was immediately noticed by the owner of a 'rival' server who was trying to copy some cool thing that we had. He jumped onto the console that he found in an nmap scan a week prior (a scan that I detected and he denied), promoted himself to admin and proceeded to wreak havoc.
I got a call, 10-ish minutes later, that "everything was literally on fire". I immediately rolled everything back (half-hourly backups ftw) and killed the console just in case.
The best part was the Skype call with that admin that followed. I wasn't too angry, but I did want him to suffer a little, so I didn't immediately tell him that we had good backups. He thought he'd brought the downfall of our server. I'm pretty sure he cried.

😎 Lockdown

Yes I believe you’re Google and I will click that link.
I don’t care that IP from that you sent it to me is from some company in India.
Probably Google outsourced it’s email service there.

But wait why is this link pointing to Chinese website?
Ouch you provided some ip under A dns record so let me nmap it...
So there’s bunch of services you have there.
ftp, ssh, msrpc, netbios-ssn, snpp, microsoft-ds, sun-answerbook ...wait what ?
Let me curl that 8888 port.
Oh you have login / password form and it’s pagoda linux panel.
Wait a second I will read about it maybe some default login / password will work...

Ok so maybe I just make a script to brute force it as you wanted to brute force my computer motherfucker.

Okay, help :(

Trying to get my dns server in php to work from the outside (it's on a vm on one of my dedi's) but it's not working.

- Port forwarding works well: confirmed.
- Connection type: UDP; confirmed.
- I *can* dig from the host (dedicated server) to the vm.
- nmap scans show an open port.

The exact same happens on my local network.

I'm lost.

Attempting to access my colleague's NFS directory on his VM, don't know the VM's IP address, hostname or password:

- 2 minutes with nmap to narrow the possible IPs down to ~30

- Ping each and look for the one with a Dell MAC prefix as the rest of us have been upgraded to Lenovo. Find 2 of these, one for the host and one for the virtual machine.

- Try to SSH to each, the one accepting a connection is the Linux VM

- Attempt login as root with the default password, no dice. Decide it's a lost cause.

- Go to get a cup of tea, walk past his desk.

- PostIt note with his root password 😶

FYI this was all allowed by my manager as he had unpushed critical changes that we needed for the release that day.

TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

It's 03:43 bst here and the dicks across the hall are still playing ridiculously loud music, and despite me asking them to shut up since I'm in work at 7 they refused. A quick nmap and I have the mac of the desktop playing the music....

I will never stop being impressed by how detailed this scene in The Matrix Reloaded was.

Trinity is trying to hack into the terminal and shut down the power grid.

nmap (network map) is a linux tool for network discovery.

It is absolutely believable that in a post apocalyptic future where computers rule the earth, the entire power grid would be on a network that you can scan for like this and shut down.

Its a such a minor detail, but I'm really happy that the writers consulted with actual programmers.

Nmap.

Got my first Linux magazine with real worth tips for noobs with advanced stuff (like mounting a web mail server using Nmap, create personalized distros ssh, terminology and stuff , you don't see that in most noob magazines).
First point... Comes with a CD with 4 distros (OK... I perfer to download the latest for my VMs) and 200 euros worth of.. Linux software?
And I ripped this beautiful cover before even reading it... Killing a wasp. So, worth the 10 euros even before opening it

Does changing default SSH port really make server more secure? Most of scan apps (eg. Nmap) will find it anyway, won't they?

This evening for curiosity i executed a nmap over my android phone expecting (like everyday) all port closed.
But i see
9080/tcp open glrpc
Wtf??
Let me check something....
--adb shell
$cat /etc/net/tcp

And the first line provied me the UID of the app that was running on 9080 port (2378 in hex)
So let me check which app is that
$dumpsys package | grep -A1 "userId=*UID*"

And the answer is com.netflix.mediaclient

Wtf??
Why netflix is running a http server on 9080/tcp on and android phone??

yep, vacations--

Watching The Matrix: Reloaded,
suddenly this happens

to;dr: school, raspi, spoofing, public status screen, funny pictured.

So. At school we had these huge ass 2/3 TVs displaying some information such as which teacher is ill, which lessons won't take place and some school related news. Standard stuff.

They worked using a raspberry pi attached to the TV fetching a website over http every now and then.

Using nmap I discovered that these pi's were in the same network as the pupils devices: Sweeeet.

After trying some standard passwords at the ssh port and not succeeding I came up with something different: A spoofing attack.

I would relay all traffic from those pi's through my device, would replace all images with a trollface picture (I know I know) and flip all text upside down.

Chaos, annoyed faces and laughter.
It was beautiful.

Gotta love the IoT.

They set up a new surveillance camera in the company, that can stream live footage over the network and that little shit picked the IP adress of a coworker one day AFTER being set up.
Hurray for static routing. Hurray to the person who didn't disable DHCP on the router (Should probably configure my PC to use a static IP as well lel)

Anyways, this happened outta nowhere when I, the only guy who knows shit about IT and is usually present at yhe office, wasn't there and could not connect remotely.

The other, remote programmer, who set up the network, could guide the coworker to get a new IP but, he was worried that we got ourselves an intruder.

Since nobody told me yet that we (should) have static routing, I thought there was a mastermind at work who could get into a network without a wifi-access point and spoof the coworker in order to access the some documents.

The adrenaline rush was real 😨

Scanning the network with nmap solved the mystery rather quickly but thought me that I need to set up a secure way to get remote access on the network.

I would appreciate some input on the set up I thought of:
A raspberry Pi connected to a vpn that runs ssh with pw auth disabled and the ssh port moved.
Would set up the vpn in a similar fashion.

got first assignment on my first meet on Network Security. it require to pentest one unsecured specified website. yet they don't tell me shit about anything just try it.
i need to :
1. Footprint
2. Scanning
3. Enumeration
4. Gaining Access (previledges raising?) (bonus)

suppose : <target-website> is x
i've done this:
1. whois x
2. got the ipaddress via :
host x
3. nmap -F ip.of.x

my head is already spinning, i need to know what BASICLY each of what i've done. i only get that 'whois' get the information about that domain, 'host' is used to know the target ip address and nmap to find what are the open ports. i don't know what else should i do. need help :(

I planned to make some tutorial videos on NMAP, Metasploit or similar tools.

Which platform should I prefer? YouTube or udemy?

Note: I am not planning for monetize

Netstat says that that windows is listening on port 445, but nmap (run from another machine on the same network) says that it's closed. Also the firewall is completely disabled. It's very annoying that I can't use network shares and I don't know how to fix it. Can anyone help?

Rate my high tech setup, i spent alot of time putting it together.

. //// 🔎 wwwwwww
(OO)/
/[ ]
[][]

{Nmap
Openvas
Recon-ng
Harvester
Nikto
Google
?}

What else do you use for a perfect recon?

Any penetration testers here? Looking for some (career) advices and tips :)

When I first, at school, set up a program to check how many devices there were on the network using nmap. Then I graphed it over a day and it made me feel real awesome checking out a network and getting info on it, however primitive my methods were

tmux new -d -s 'fuck putin'
for i in 80 443; do tmux new-window -t 'fuck putin' -n $i "while :; do nmap mil.ru -p $i & done"; done
while :; do killall -9 nmap; sleep 2; done

So just a normal rant here. .. it was one of those moments you find in yourself in sometimes. You get so caught up in thinking you know everything that you can't implement occams razor into your everyday work routine anymore. You've worked with so many complex workarounds that when you are faced with a simple problem with a simple answer you can't see the blinking neon light shouting at you anymore , and you can't here the bells sound anymore. ..
My rant is about Me vs the infamous mikrotik router. Something I had to set up. Something I had to login to setup. Something I've done so many times before but this time , my inflated ego and overbearing sense of grandeur just could not figure out.
Class how do we login into a router? Well find your gateway and type that sucker into a browser and you will be on your way ... well that's the answer right there. But since I thought that my router was connected to three dummy switches that it would affect anything or the paranoia I had that my isp somehow disabled any connections to the router at all or that I and to open a new port to connect to it or use winbox to connect to it using only the mac address or ssh into it ..would work ...I didn't try using the tried and tested way of doing it.
I wanted it to be an adventure. I wanted it to be a problem to solve so I shoved the ordinary answer out of the way and used other methods to try and connect to it...
All I had to do was used Nmap to scan the gateway for open ports and realise to view it in the Browser on port 8080 instead and finish my journey ...
I was looking for a dragon to slay , a maze to conquer, glory at the end of my mission ... when all I felt was a sheer sense of idiocy.
--Rant Completed--

There is this local cloud service provider I used to like, since the promise was "it's from Africa" woi, they don't know shit. We tell then to open port 8888 ssh and 8899 since firewall is configured on their side, they close all ports then you can't ssh into the server. They take another 2 hours to fix that. Later on we change our ports and then tell them to change some ports, they open and close all ports (we discovered again because we were locked out again and had to d an nmap to see what was happening). Apparently the staff we we're talking to didn't know much about configuring servers only the senior management knew (I think to cut down costs), then we tell then to terminate services but they decide to bill us for another month (bullying) and gave us a warning letter from their lawyer for not paying for that month and since we are a small startup, we can't afford a court case which will drain us cash so we had to pay for shitty service and some month arr angry

why can't i nmap this in termux
nmap - sS 192.168.0.105/24
?