🖊️ Author: Nairuz Abulhul

🌐 Blog: R3dbuck3t

Table of Contents

Linux Environment

Tools

• WireShark
• TCPDump
• Responder
• Fping
• Nmap

We will start from our Linux attack host without domain user credentials. It's a common thing to start a pentest off in this manner. We can use Wireshark and TCPDump to see what hosts and types of network traffic we can capture.

<aside> 💡

Connect to the Linux attack host using xfreerdp and fire up Wireshark.

Also, if we are on a host without a GUI (which is typical), we can use tcpdump, or net-creds to perform the same functions. We can also use tcpdump to save a capture to a .pcap file, transfer it to another host, and open it in Wireshark.

</aside>

WireShark

$sudo -E wireshark

• Export IPs > Click Statistics > Endpoints or Conversation
• Export Hosts (resolved hosts) > Click on Statistics < Resolved Hosts

TCPDump

Run tcpdumpwith the option -i to specify the interface