From the course: Ethical Hacking: Enumeration

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Remote enumeration using PowerShell

Remote enumeration using PowerShell

From the course: Ethical Hacking: Enumeration

Start my 1-month free trial Buy for my team

Remote enumeration using PowerShell

- [Instructor] When testing a target network, you may gain access to a Windows target inside the network. At this point, you'll likely want to scan the internal network. To do this, we can use the target's own PowerShell capability to scan for additional hosts or to do port scanning. This way, we don't need to increase the risk of detection by loading additional tools. Let's see how we do this. I'm at the PowerShell prompt and can use ipconfig as we normally would to get our IP address. Okay, we can see our IP address is 10.0.2.14. Let's scan the sub-net. To do this, I'll use the PowerShell for loop checking IP addresses ending with 0.1 to 0.254, checking whether the ping succeeds. Inside the for loop, we use the system net function for ping and send a ping request with 100 milliseconds timeout for each host. The variable hosty is output if a ping is a success. And we're scanning the sub-net now. Okay, that's it, and we…

Contents