Wireless Pen Testing Miscellaneous Notes and Commands

By | August 30, 2015


Below are notes and commands that can come in handy for a Pen Tester or System Administrator. The list is set up to help remember a command of file structure quickly.
 
I will add to this list as needed.
 
UPDATING KALI
apt-get update
apt-get upgrade
 

COMMON PORTS
21 FTP
22 SSH
23 Telnet
25 SMTP
49 TACACS
53 DNS
69 TFTP (UDP)
80 HTTP
88 Kerberos
110 POP3
111 RPC
123 NTP (UDP)
135 Windows RPC
138 NetBIOS
139 SMB
143 IMAP
161 SNHP (UDP)
201 AppleTalk
389 LDAP
443 HTTPS
445 SMB
500 ISAKMP (UDP)
514 Syslog
520 RIP
546 DHCPv6
902 VMware
1080 Socks Proxy
1194 VPN
1433/4 MS-SQL
1521 Oracle
1629 DameWare
204 9 NFS
3128 Squid Proxy
3306 MySQL
3389 RDP
5060 SIP
5222 Jabber
13- NetBIOS
5900 VNC
6000 X11
9001 Tor
9001 HSQL
9090/1 Open fire
UDP) 9100 Jet Direct
 
IP class Ranges
A 0.0.0.0 – 127.255.255.255
B 128.0.0.0 – 191.255.255.255
C 192.0.0.0 – 223.255.255.255
D 224.0.0.0- 239.255.255.255
E 240.0.0.0 – 255.255.255.255
 

Google Search Commands
site: [URL]…..Search only one URL
date: [ #]….. search within past [#] months
link: [url]….. find pages that link to [url]
related: [url]….. find pages related to [url]
intitle: [string]….. find pages with [string] in title
inurl: [string]….. find pages with [string] in url
filetype: [xls]….. find files that are xls
phonebook: [name]….. find phone book listings of [name]
 

Nmap scan types
sP….. ping scan
ss….. syn scan
sT…. connect scan
sU…..udp scan
s0…..protocol scan
 

Frequency Chart
RFID
120-150 kHz (LF)
13.56 MHz (HF)
433 MHz (lJHF)
 

Keyless Entry
315 MHz (N. America)
433.92 MHz (Europe, Asia)
 

Cellular United States
698-894 MHz
1710-1755 MHz
1850-1910 MHz
2110-2155 MHz
 

GPS
1227.60-1575.42 MHz

 
L Band
1-2 GHz
 

802.15.4 (ZigBee)
868 MHz (Europe)
915 MHz (United States, Australia)
2.4 GHz (worldwide)
 

802.15.1 (Bluetooth)
2.4-2.483.5 GHz
 
802 .11b/g
2.4 GHz
 

802.11a
5.0 GHz
 

802 .11n
2.4 and 5.0 GHZ
 

C Band
4-8 GHz

 
Ku Band
12-18 GHz
 

K Band
18-26.5 GHz

 
Ka Band
26.5-40 GHz

 

LINUX FILE SYSTEM STRUCTURE
/bin…..User binaries
/boot…..Boot up files
/dev…..Interface for system devices
/etc…..System configuration files
/horne…..Directory for user files
/lib…..Software libraries
/opt….Third party software
/proc…..System and programs
/root…..Home directory of root user
/sbin…..System administrator binaries
/temp…..Temporary files
/usr…..Non critical files
/var…..Variable System files
 
LINUX NETWORK COMMANDS
watch ss -tp
netstat -ant
netstat -tulpn
lsof -i
smb:// ip /share
share user x.x.x.x c$
smbclient -0 user\\\\ ip \\ share
ifconfig eth# ip I cidr
ifconfig ethO:l ip I cidr
route add default gw gw lp
ifconfig eth# mtu [size]
export l1AC=xx: XX: XX: XX: XX: XX
ifconfig int hw ether t~AC
macchanger -m l1AC int
iwlist int scan
dig -x ip
host ip
host -t SRV service tcp.url.com
dig @ ip domain -t AXrR
host -1 domain namesvr
ip xfrm state list
ip addr add ip I cidr aev ethO
/var/log/messages I grep DHCP
tcpkill host ip and port port
echo “1” /proc/sys/net/ipv4/ip forward
echo ”nameserver x.x.x.x” /etc7resolv.conf
 
WINDOWS NETWORK COMMANDS
ipconfig /all….. IP configuration
ipconfig /displaydns….. Local DNS cache
netstat -ana….. Open connections
netstat -anop tcp 1….. Netstat loop
netstat -ani findstr LISTENING….. LISTENING ports
route print….. Routing table
arp -a….. Known l1ACs (ARP table I)
tftp -I ip GET remotefile….. TFTP file transfer
netsh wlan show profiles…. Saved wireless profiles
netsh firewall set opmode disable….. Disable firewall (‘Old)
netsh wlan export profile folder=. key=clear….. Export wifi plaintext pwd
netsh interface ip show interfaces….. List interface IDs/MTUs
netsh interface ip set dns local static ip….. Set DNS server
netsh interface ip set address local dhcp….. Set interface to use DHCP

 
LINUX SYSTEM INFO

id
w
who -a
last -a
ps -ef
df -h
uname -a
mount
getent passwd
PATH~$PATH:/home/mypath
kill pid
cat /etc/issue
cat /etc/’release’
cat /proc/version
rpm –querJ -all
rpm -ivh ) .rpm
dpkg -get-selections
dpkg -I ‘.deb
pkginfo
which tscsh/csh/ksh/bash
chmod -so tcsh/csh/ksh
nbtstst -A ip

 

One thought on “Wireless Pen Testing Miscellaneous Notes and Commands

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.