Mapping the Internal Network

264
◾ 
Ethical Hacking and Penetration Testing Guide
Finding Network Information
Our first step would be to take a note of things such as the IP address and the default gateway 
of the target. We can do that with the 
ipconfig
command in Windows and the 
ifconfig
command in Linux.
Since here we have compromised a Windows machine on the network, we will use the 
ipconfig
command to display the information about the network interface card.
We can also use the “
route print
” command to view information about the routing table. 
The same command works for Linux too.

Postexploitation
◾ 
265
So in this case we come to know that the subnet mask of the victim is 255.255.255.0 and the 
default gateway is 172.16.222.2. This information would be useful when we proceed to the next steps.
Identifying Further Targets
Now we need to identify further targets on the network. We can use a meterpreter script called 
“ARP_Scanner,” which will perform the ARP scan to determine other hosts on that network. The 
scanner works by sending ARP requests on the network to see who sends an ARP reply.
To launch it, select the “ARP Scan” from the meterpreter menu.
The ARP Scanner has automatically suggested that we scan the whole range 172.16.222.0–255. 
You can define your own ranges or choose a different subnet mask, if your target has a different one.

266
◾ 
Ethical Hacking and Penetration Testing Guide
In some time the ARP scan will finish and detect all the other hosts upon the same network. 
We will now try exploiting other targets to penetrate the network further.

Yüklə 22,44 Mb.

Dostları ilə paylaş: