yllus
Elite Member & Lifer
This is for a university security course. The situation is this: I am allowed to SSH into a private network and use the one machine I have access to as my base of attack (no DoS, for the purpose of discovering security flaws). From there, I somehow need to scan the network for victim machines to work on.
On my own direction, I've cluelessly come up with the following steps:
1. Use netstat -nr to look at the local routing table. (May be unneccessary.)
2. Pick an IP from the routing table (the one corresponding to eth0, for instance) and run some network machine discovery command. I am instructed to be as unnoticable as possible, so please take that into account in answer if possible. 🙂
3. Do a portscan on any discovered machine and work from there. Again, I am to be as stealthy as possible.
Any tips?
On my own direction, I've cluelessly come up with the following steps:
1. Use netstat -nr to look at the local routing table. (May be unneccessary.)
2. Pick an IP from the routing table (the one corresponding to eth0, for instance) and run some network machine discovery command. I am instructed to be as unnoticable as possible, so please take that into account in answer if possible. 🙂
3. Do a portscan on any discovered machine and work from there. Again, I am to be as stealthy as possible.
Any tips?
