STEPS :
- Enumeration :
- NMAP with option -O to get Os Version
- If SMB Shares are discovered - launch metasploit use smb_version
1.1) Active Directory Scanning/Waiting : 1 - Run a responder to capture the hash (cat /usr/share/responder/Responder.conf to make sure that SMB, HTTP, HTTPS are off) | Run responder with responder -I eth1 FOOTHOLD :
- Gather Flags
- Gather Passwords and other informations (User ids etc..)
Nmap scanning results Domain Name : SIGEN.net Forst name sigen.net