14 Jan 2015
13 Jan 2015
Ping Enumeration
Brilliant Command I came across today while preparing for one secret exam which I do not want to disclose yet ! (I might fail who knows)
If you are testing a live system and want to scan your whole class C network via ICMP what you do , Ping each ip address one by one , or go for ping scanner .
Try this old school by typing in your computers command prompt :
\for /L %V in (1 1 254) do PING -n 1 192.168.0.%V | FIND /I “Reply”
I am assuming your local subnet is 192.168.0.x /24
The output is:
C:\Users\Boss>PING -n 1 192.168.0.1 | FIND /I "Reply"
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
C:\Users\Boss>PING -n 1 192.168.0.2 | FIND /I "Reply"
Reply from 192.168.0.2: bytes=32 time=509ms TTL=64
C:\Users\Boss>PING -n 1 192.168.0.3 | FIND /I "Reply"
C:\Users\Boss>PING -n 1 192.168.0.4 | FIND /I "Reply"
C:\Users\Boss>PING -n 1 192.168.0.5 | FIND /I "Reply"
C:\Users\Boss>PING -n 1 192.168.0.6 | FIND /I "Reply"
Reply from 192.168.0.8: Destination host unreachable.
C:\Users\Boss>PING -n 1 192.168.0.7 | FIND /I "Reply"
Reply from 192.168.0.8: Destination host unreachable.
C:\Users\Boss>PING -n 1 192.168.0.8 | FIND /I "Reply"
So what does this command do , Hear is the breakdown.
1) FOR /L %variable IN (start,step,end)
The set (in parenthesis) is a sequence of numbers from start to end, by step amount.
So (1 1 254) would generate the sequence 1 2 3 4 5 through 254 IP addresses in a /24 and (254,-1,1) would generate the sequence (5 4 3 2 1) in reverse.
So (1 1 254) would generate the sequence 1 2 3 4 5 through 254 IP addresses in a /24 and (254,-1,1) would generate the sequence (5 4 3 2 1) in reverse.
2) PING -n 1 The count “Number” of echo requests to send. In this case its 1.
3) 10.10.10.%V
This is the network (/24) I am pinging. The %V variable is the for /L %V count 1, 2, 3, 4, 5, 6->254 as described in #1 above. Its pings 10.10.10.1, 10.10.10.2, 10.10.10.3, 10.10.10.4, etc., all the way to 10.10.10.254.
4) | FIND /I “Reply”
This pipes “|” the output of the ping command to FIND, the /I tells find.exe to ignore case and “Reply” is the string you are searching for. This gives you the “Reply from” string to determine if the IP is in use for unreachable.
If you run it without pipe sign find you will not see tidyup results.
Resource slice dot com
5 Jan 2015
Subscribe to:
Posts (Atom)