264
◾
Ethical Hacking and Penetration Testing Guide
Finding Network Information
Our first step would be to take a note of things such as the IP address and the default gateway
of the target. We can do that with the
ipconfig
command
in Windows and the
ifconfig
command in Linux.
Since here we have compromised a Windows machine on the network, we will use the
ipconfig
command to display the information about the network interface card.
We can also use the “
route print
” command to view information about the routing table.
The same command works for Linux too.
Postexploitation
◾
265
So in this case we come to know that the subnet mask of the victim is 255.255.255.0 and the
default gateway is 172.16.222.2. This information would be useful when we proceed to the next steps.
Identifying Further Targets
Now we need to identify further targets on the network. We can use
a meterpreter script called
“ARP_Scanner,” which will perform the ARP scan to determine other hosts on that network. The
scanner works by sending ARP requests on the network to see who sends an ARP reply.
To launch it, select the “ARP Scan” from the meterpreter menu.
The ARP Scanner has automatically suggested that we scan the whole range 172.16.222.0–255.
You can define your own ranges or choose a different subnet mask, if your target has a different one.
266
◾
Ethical Hacking and Penetration Testing Guide
In some time the ARP scan will finish and detect all the other hosts upon the same network.
We will now try exploiting other targets to penetrate the network further.
Dostları ilə paylaş: 
