Thursday, 3 November 2016
Saturday, 2 July 2016
Thursday, 30 June 2016
Wednesday, 22 June 2016
Thursday, 28 April 2016
Friday, 8 April 2016
Wednesday, 6 April 2016
Wednesday, 16 March 2016
Saturday, 16 January 2016
TCP connect scan:
TCP connect is a three-way handshake between the client and the server.
If the three-way handshake takes place, then communication has been
established.
A client trying to connect to a server on port 80 initializes the connection by sending a TCP packet with the SYN flag set and the port to which it wants to connect (in this case port 80). If the port is open on the server and is accepting connections, it responds with a TCP packet with the SYN and ACK flags set. The connection is established by the client sending an acknowled- gement ACK and RST flag in the final handshake. If this three-way handsha- ke is completed, then the port on the server is open.
The client sends the first handshake using the SYN flag and port to connect to the server in a TCP packet. If the server responds with a RST instead of a SYN-ACK, then that particular port is closed on the server.
A client trying to connect to a server on port 80 initializes the connection by sending a TCP packet with the SYN flag set and the port to which it wants to connect (in this case port 80). If the port is open on the server and is accepting connections, it responds with a TCP packet with the SYN and ACK flags set. The connection is established by the client sending an acknowled- gement ACK and RST flag in the final handshake. If this three-way handsha- ke is completed, then the port on the server is open.
The client sends the first handshake using the SYN flag and port to connect to the server in a TCP packet. If the server responds with a RST instead of a SYN-ACK, then that particular port is closed on the server.
#! /usr/bin/python
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
dst_ip = "10.0.0.1"
src_port = RandShort()
dst_port=80
resp = sr1(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="S"), timeout=10)
if(str(type(resp))=="<type 'NoneType'>"):
print "Closed"
elif(resp.haslayer(TCP)):
if(resp.getlayer(TCP).flags == 0x12):
send_rst = sr(IP(dst=dst_ip)/TCP(sport=src_port, dport=dst_port, flags= "AR"), timeout=10)
print "Open"
elif (resp.getlayer(TCP).flags == 0x14):
print "Closed"
Active Information Gathering
In active information gathering, we interact directly with a system to learn more about it. We might, for example, conduct port scans for open ports on the target or conduct scans to determine what services are running. Each system or running service that we discover gives us another opportunity for exploitation. But beware: If you get careless while active information gathering, you might be nabbed by an IDS or intrusion prevention system (IPS)—not a good outcome for the covert penetration tester.
Port Scanning with Nmap:
Nmap is, by far, the most popular port scanning tool.Nmap lets you scan hosts to identify the services running on each, any of which might offer a way in.One of our preferred nmap options is -sS . This runs a stealth TCP scan that determines whether a specific TCP-based port is open. Another preferre option is -Pn , which tells nmap not to use ping to determine whether a system is running; instead, it considers all hosts “alive.” If you’re performing Internet - based penetration tests, you should use this flag, because most networks don’t allow Internet Control Message Protocol (ICMP), which is the protocol that ping uses. If you’re performing this scan internally, you can probably ignore this flag.
nmap -sS -Pn 192.168.1.1
Port Scanning with Metasploit:
Metasploit has several port scanners built into its auxiliary modules that directly integrate with most aspects of the Framework. We’ll use these port scanners to leverage compromised systems to access and attack.
To see the list of port scanning tools that the Framework offers, enter the following.
Server Message Block Scanning:
Metasploit can attempt to identify versions of Microsoft Windows using its smb_version module.so we use smb_version. And set RHOSTS, and begin scanning.
#msf > use scanner/smb/smb_version
Port Scanning with Nmap:
Nmap is, by far, the most popular port scanning tool.Nmap lets you scan hosts to identify the services running on each, any of which might offer a way in.One of our preferred nmap options is -sS . This runs a stealth TCP scan that determines whether a specific TCP-based port is open. Another preferre option is -Pn , which tells nmap not to use ping to determine whether a system is running; instead, it considers all hosts “alive.” If you’re performing Internet - based penetration tests, you should use this flag, because most networks don’t allow Internet Control Message Protocol (ICMP), which is the protocol that ping uses. If you’re performing this scan internally, you can probably ignore this flag.
nmap -sS -Pn 192.168.1.1
Port Scanning with Metasploit:
Metasploit has several port scanners built into its auxiliary modules that directly integrate with most aspects of the Framework. We’ll use these port scanners to leverage compromised systems to access and attack.
To see the list of port scanning tools that the Framework offers, enter the following.
#msf> search portscan
#msf> use scanner/portscan/syn
Metasploit can attempt to identify versions of Microsoft Windows using its smb_version module.so we use smb_version. And set RHOSTS, and begin scanning.
#msf > use scanner/smb/smb_version
#msf auxiliary(smb_version)> hosts
Subscribe to:
Posts (Atom)