Hacking of Computer Networks. Dr. Hidaia Mahmood Alassouli
Читать онлайн.| Название | Hacking of Computer Networks |
|---|---|
| Автор произведения | Dr. Hidaia Mahmood Alassouli |
| Жанр | Математика |
| Серия | |
| Издательство | Математика |
| Год выпуска | 0 |
| isbn | 9783969443545 |
#nmap –sn 192.168.28.0 /24
Use hping
Use in windows angry tools
Use the nmap to know the open ports in a host
#nmap –sT 192.168.152.130 -p 80
Use the nmap to make scan on all ports
#nmap 192.168.152.130
Use the metasploit for same purpose
#msfconsole
Msf> search scanner/portscan
Msf> Use auxiliary/scanner/tcp
Msf> Info
Msf> Set RHOSTS 192.168.28.139
Msf> Set PORTS 1-1000
Msf> run
The problem if there is firewall we will not get results. In stealth scan or half open scan
# nmap –sS 192.168.28.13 -p 80
Use the metasploit for same purpose
#msfconsole
Msf> search scanner/portscan
Use auxiliary/scanner/syn
Info
Set RHOSTS 192.168.28.139
Set PORTS 1-1000
Run
We can use the ACK to know the unfiltered ports on firewall
# nmap –sA 192.168.28.138 -p138
It will tell you it is unfiltered port in the firewall
Use the metasploit for same purpose
#msfconsole
Msf> search scanner/portscan
Use auxiliary/scanner/ack
Info
Set RHOSTS 192.168.28.139
Set PORTS 3380-3390
Run
It will tell you the unfiltered ports
The FIN scan is another way of scan. The computer sends FIN packet and if the host answered it, it is open port otherwise it is closed port
# nmap –sF 192.168.28.138 -p1-1000
The XMAS scan is another way of scan. The source machine sends FIN and URG and PUSH and if the destination did not answer, then the port open and if it did answer with RST then the port close.
# nmap –sX 192.168.28.138 -p80
Here the source machine sends TCP packet with NO flag set. If the destination did not answer, then the port open and if it did answer with RST then the port close.
# nmap –sN 192.168.28.138 -p80
The Idel scan is another way of scan. We want when we make scan, the destination does not register that I made the scan, but the IDS registers the Zombie that made the scan. The destination must be Idle. This technique used with the printer networks. The hacker sends SYN/ACK to zombie and it responses with RST signal. We write the packet ID. We will make packet spoofing IP. We will send the packet SYN to the target and so the target will answer to the Zombie with SYN ACK and the Zombie will answer with RST if the port is open. We will send SYN ACK again to the Zombie and we will take the packet ID. If the packet ID increased with two numbers, the port is open. If the packet ID increased with one number, the port is close.
In UDP scan, the hacker sends UDP probe to the destination. If the destination did not answer, then the port open otherwise it is close.
# nmap –sU 192.168.28.138 –p- (all ports)
It will show all open UDP ports.
Firewalking: It is the combination of portscanning and tracerouting technique.
# hping3 --scan 1-1024 -S - t 5 scanme.nmap.org
d) Understanding the Port Scan Decoys:
The scan decoys is hiding process.
To slow down scans write
# nmap –T1 192.168.28.138 -p445
To bypass firewalls so it will not detect the nmap
# nmap –n –PN -g53 192.168.28.138 -p445
e) Understanding operating system fingerprinting
To do fingerprinting, we have many tools: NetworkMiner, P0f, Satori
In backtrack there is tool called p0f
#p0f –i eth0
Active fingerprinting
#nmap –O -v 192.168.28.135
i. Banner grapping
You can get the type of operating system by writing
# telnet 192.168.1.20 80
GET/HTTP/1.1
In my computer, It will shows the operating system is linux. Besides it told the web server apache and the web application php
ii. Network Scan Tools
You can use the superscan windows tool
You can use the advanced IP scanner
In backtrack you can do scan using nmap
# nmap -sV 192.168.28.139
You