In active information gathering, we interact directly with a system to learn more about it. We might, for example, conduct port scans for open ports on the target or conduct scans to determine what services are running. Each system or running service that we discover gives us another opportunity for exploitation. But beware: If you get careless while active information gathering, you might be nabbed by an IDS or intrusion prevention system (IPS)—not a good outcome for the covert penetration tester.
Port Scanning with Nmap:
Nmap is, by far, the most popular port scanning tool.Nmap lets you scan hosts to identify the services running on each, any of which might offer a way in.One of our preferred nmap options is -sS . This runs a stealth TCP scan that determines whether a specific TCP-based port is open. Another preferre option is -Pn , which tells nmap not to use ping to determine whether a system is running; instead, it considers all hosts “alive.” If you’re performing Internet - based penetration tests, you should use this flag, because most networks don’t allow Internet Control Message Protocol (ICMP), which is the protocol that ping uses. If you’re performing this scan internally, you can probably ignore this flag.
nmap -sS -Pn 192.168.1.1
Port Scanning with Metasploit:
Metasploit has several port scanners built into its auxiliary modules that directly integrate with most aspects of the Framework. We’ll use these port scanners to leverage compromised systems to access and attack.
To see the list of port scanning tools that the Framework offers, enter the following.
Server Message Block Scanning:
Metasploit can attempt to identify versions of Microsoft Windows using its smb_version module.so we use smb_version. And set RHOSTS, and begin scanning.
#msf > use scanner/smb/smb_version
Port Scanning with Nmap:
Nmap is, by far, the most popular port scanning tool.Nmap lets you scan hosts to identify the services running on each, any of which might offer a way in.One of our preferred nmap options is -sS . This runs a stealth TCP scan that determines whether a specific TCP-based port is open. Another preferre option is -Pn , which tells nmap not to use ping to determine whether a system is running; instead, it considers all hosts “alive.” If you’re performing Internet - based penetration tests, you should use this flag, because most networks don’t allow Internet Control Message Protocol (ICMP), which is the protocol that ping uses. If you’re performing this scan internally, you can probably ignore this flag.
nmap -sS -Pn 192.168.1.1
Port Scanning with Metasploit:
Metasploit has several port scanners built into its auxiliary modules that directly integrate with most aspects of the Framework. We’ll use these port scanners to leverage compromised systems to access and attack.
To see the list of port scanning tools that the Framework offers, enter the following.
#msf> search portscan
#msf> use scanner/portscan/syn
Metasploit can attempt to identify versions of Microsoft Windows using its smb_version module.so we use smb_version. And set RHOSTS, and begin scanning.
#msf > use scanner/smb/smb_version
#msf auxiliary(smb_version)> hosts
No comments:
Post a Comment