Information Gathering: Nmap Network Port Scanning
Both The Basics of Hacking and Penetration Testing and Metasploit: The Penetration Tester’s Guide introduce us early on to the port scanner Nmap. Nmap Network Scanning describe the tool thus: Nmap...
View ArticleMetasploit Server Message Block Scanner: smb_version module
Metasploit has an inbuilt ‘targeted’ scanner designed specifically to attempt to identify Microsoft Windows versions on networks, called smb_version module. SMB stands for Server Message Block and Wiki...
View ArticleMy First Metasploit Exploit
I shall attempt my first exploit and target the Windows portion of my Virtual Hacking Lab. I’m following instructions given in Chapter 5 (The Joy of Exploitation) of Metasploit: The Penetration...
View ArticleMetasploit The Penetration Tester’s Guide – Ubuntu 9.04 Heap-Based Samba Exploit
Just a quick post to identify a frustrating problem in Metasploit: The Penetration Tester’s Guide. Chapter five – The Joy of Exploitation – “Exploiting an Ubuntu Machine” simply doesn’t work. The book...
View ArticleClik here to view.
Identifying an Nessus Scan with Wireshark
As I’m playing around with Wireshark I thought I’d run an Nessus scan on the Windows portion of my Virtual Hacking Lab to see if I could spot traces of the scan. Well, as soon as I started the scan...
View ArticleMetasploit: Exploiting MS SQL Server: Fast-Track, mssql_ping, mssql_login,...
I’m targeting the MS MSQL Server on the Windows portion of my Virtual Hacking Lab and following instructions given in Chapter 6 (Meterpreter) of Metasploit: The Penetration Tester’s Guide. The...
View ArticleLearning Nmap Security Network Port Scanner: http://scanme.nmap.org/
I’ve decided to make notes on my progress through Nmap Network Scanning to mix things up a little. The first thing of course is to find a legitimate target to scan so as I won’t land in a heap of...
View ArticleLearning Nmap Security Network Port Scanner: Host Discovery Controls – List...
This is the second post detailing my notes on Nmap Network Scanning. List Scan (-sL) <– This simply discovers and lists each host on a network without sending any packets. This is very stealthy....
View ArticleLearning Nmap Security Network Port Scanner: -p0- -v -A -T4
This is the fifth post detailing my notes on Nmap Network Scanning. Following the basic scan this one has a few more flags: -p0- Scan all TCP ports -v Verbose output -A Aggressive including...
View ArticleLearning Nmap Security Network Port Scanner: TCP SYN Stealth Scan -sS –...
This is the sixth post detailing my notes on Nmap Network Scanning. The SYN Scan is stealthy as it never completes the three-way handshake and so is also known as “half-open scanning”. This is a...
View ArticleLearning Nmap Security Network Port Scanner: TCP Connect Scan (-sT)
This is the seventh post detailing my notes on Nmap Network Scanning. The TCP connect scan is fundamentally different to the previous SYN Scan and should only be used when the SYN scan option is...
View ArticleLearning Nmap Security Network Port Scanner: UDP Scan -sU
This is the eighth post detailing my notes on Nmap Network Scanning. UDP scan is activated with -sU and works by sending empty UDP headers: :~# nmap -sU scanme.nmap.org Starting Nmap 6.25 (...
View ArticleLearning Nmap Security Network Port Scanner: TCP FIN, NULL and Xmas Tree Scans
This is the ninth post detailing my notes on Nmap Network Scanning. The TCP FIN, NULL and Xmas Tree Scans exploit a loophole in TCP RFC: The TCP RFC says that if a closed port receives a packet that...
View ArticleLearning Nmap Security Network Port Scanner: Custom Scan Types with – -scanflags
This is the tenth post detailing my notes on Nmap Network Scanning. We can design our own scans using arbitrary TCP flags which may help in evading intrusion detection. The options are: URG, ACK, PSH,...
View ArticleLearning Nmap Security Network Port Scanner: TCP ACK Scan (-sA)
This is the eleventh post detailing my notes on Nmap Network Scanning. This scan does not determine if ports are open/closed, it’s designed to map firewall rules and discover if they are stateful or...
View ArticleLearning Nmap Security Network Port Scanner: TCP Window Scan (-sW)
This is the twelfth post detailing my notes on Nmap Network Scanning. This scan is identical to the TCP ACK Scan (-sA) except instead of reporting “unfiltered” for returned RST packets, it examines the...
View ArticleLearning Nmap Security Network Port Scanner: TCP Idle Zombie Scan (-sI)
This is the thirteenth post detailing my notes on Nmap Network Scanning. This fairly lengthy section on the Idle Scan can be read in full here. This is the stealthiest of all scans as is achieved...
View ArticleLearning Nmap Security Network Port Scanner: IP Protocol Scan -sO
This is the fourteenth post detailing my notes on Nmap Network Scanning. This scan allows for the identification of IP Protocols and works by watching for protocol unreachable messages. Protocol scans...
View ArticleLearning Nmap Security Network Port Scanner: TCP FTP Bounce Scan -b
This is the fifteenth post detailing my notes on Nmap Network Scanning. The premise of this scan is to exploit a feature in FTP Protocol 959 which allows a connection to an FTP server with a view for...
View ArticleLearning Nmap Security Network Port Scanner: Service and Application Version...
This is the fifteenth post detailing my notes on Nmap Network Scanning. In this scan all open and open|filtered TCP and/or UDP ports are passed to the service scanning module (nmap-services-probes)...
View Article