Weaponizing cmd.exe – Ping Sweep

This is part of my tribute to PenTesting Ninjitsu. Here is a nice quick way to perform a ping sweep from the windows command line.
See the official post on the new blog!
Ping Sweep
for \L %i in (1,1,255) do @ping -n 1 x.x.x.%i | find "Reply"

how it works

This command is built in the following way:
  • create a loop using a variable called %i
for \L %i
  • The loop should iterate %i by first initializing it by one, then iterating it by 1 until it hits 255
%i in (1,1,255)
  • The action performed will be to send 1 ping request to the ip address, where the last octet is equal to the value of %i (@ makes sure it doesnt echo the command back)
do @ping -n 1 x.x.x.%i
  • I only want to find the results that contain a reply message, indicating open an active host (Cast sensitive)
| find "Reply"

The results will show you the lines of a ping command containing the IP of hosts on the subnet. I.E

Reply from 192.168.1.2: bytes=32 time<1ms TTL=128 Reply from 192.168.1.15: bytes=32 time<1ms TTL=128 Reply from 192.168.1.117: bytes=32 time<1ms TTL=128

Enjoy!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: