One you’ve found a target and it’s time to dig in a little more to find a way in, start with scanning.
Try to Follow these steps:
- Determine if the system alive
- Try using ping sweeps, nmap offers this with the -sP option
- ICMP Queries offer a wide range of information about a target
- Determine which services are running/listening
- Sending packets to TCP / UDP ports to see what is listening
- There are a variety of tools, nmap, netcat, and strobe are examples
- Determine the Operating System
- Get content info from FTP, HTTP, or others. I’ll discuss that in a later blog
- Google Active Stack Fingerprinting, it’s basically a way to statistically guess the operating system info.
The information you collect is critical to finding an attack that will actually work, so be sure you find out everything you can.
The links in the steps above will help you learn about each part more specifically, they’re links to external articles.