Weaponizing cmd.exe – Ping Sweep

This is part of my tribute to PenTesting Ninjitsu. Here is a nice quick way to perform a ping sweep from the windows command line.

See the official post on the new blog!

Ping Sweep

for \L %i in (1,1,255) do @ping -n 1 x.x.x.%i | find "Reply"

how it works

This command is built in the following way:

create a loop using a variable called %i

for \L %i

The loop should iterate %i by first initializing it by one, then iterating it by 1 until it hits 255

%i in (1,1,255)

The action performed will be to send 1 ping request to the ip address, where the last octet is equal to the value of %i (@ makes sure it doesnt echo the command back)

do @ping -n 1 x.x.x.%i

I only want to find the results that contain a reply message, indicating open an active host (Cast sensitive)

| find "Reply"

The results will show you the lines of a ping command containing the IP of hosts on the subnet. I.E



Reply from 192.168.1.2: bytes=32 time<1ms TTL=128

Reply from 192.168.1.15: bytes=32 time<1ms TTL=128

Reply from 192.168.1.117: bytes=32 time<1ms TTL=128

Enjoy!

Like this:

Be the first to like this post.

This entry was posted on August 24, 2010 at 8:15 am and is filed under Fu (a.k.a Tips) . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Security Reliks