cheatsheet
  • Introduction
  • Internal Pentest
    • Active Directory
      • Reconnaissance
        • Find Domain Name
        • Find Domain Controllers
        • Enumerating Machines
        • Enumerating Services
        • DNS Enumeration
      • Exploitation
        • Exploit Without Account
          • SMB Relay
        • Exploit With Account
          • Kerberoast Attack
      • Post-Exploitation
        • Extracting Credentials
          • Retrieve Windows passwords
          • Retrieve Windows hashes
        • Maintening Access
          • Adding Local Administrator
        • Lateral Movement
          • SMB protocol
Powered by GitBook
On this page
  1. Internal Pentest
  2. Active Directory
  3. Reconnaissance

Enumerating Machines

It is important during an internal penetration test to enumerate alive machines in order to properly cartography the perimeter.

Enumerate Alive Machines

To enumerate alive machines, you can ping the RFC1918 with zmap:

sudo zmap -i <iface> -P 2 --probe-module=icmp_echoscan -B 1M --max-targets=10000000 -o targets_rfc1918.txt 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
PreviousFind Domain ControllersNextEnumerating Services

Last updated 5 years ago