Enumerating network services and protocols using Bash
I perform a network packet capture on every internal network pentest. I’m looking for the default Hot Standby Router Protocol (HSRP) default password of 'cisco', DHCPv6 discovering broadcasts without a corresponding offer, and broadcast or multicast protocols such as LLMNR, NBT-NS, and MDNS, which can yield password hashes or be relayed to crack into other systems.
The following code can be found on this chapter’s GitHub page as packetcap.sh:
#!/usr/bin/env bash if [ "$#" -ne 1 ]; then echo "You must specify a network adapter as an argument." echo "Usage: $0 [network adapter]" exit 1 fi
The first block of code is the familiar shebang, followed by an if statement that prints usage information and exits if exactly one argument is not provided.
echo "[+] Please wait; capturing network traffic on $1 for 2.5 minutes." sudo timeout...
