Scanning
The scanning process can be divided into three steps:
- Determining if a system is active.
- Port scanning the system.
- Scanning the system for vulnerabilities.
Ports provide a way or location for software and networks to communicate with hardware like a computer. A port is a data connection that allows a computer to exchange information with other computers, software, or devices.
Common Ports and their Service
Port Number Service
20 FTP data transfer
21 FTP control
22 SSH
23 Telnet
25 SMTP (e-mail)
53 DNS
80 HTTP
443 HTTPS
20 FTP data transfer
21 FTP control
22 SSH
23 Telnet
25 SMTP (e-mail)
53 DNS
80 HTTP
443 HTTPS
Pings and Ping Sweeps
A ping is a special type of network packet called an ICMP packet. Pings work by sending specific types of network traffic, called ICMP Echo Request packets, to a specific interface on a computer or network device. If the device (and the attached network card) that received the ping packet is turned on and not restricted from responding, the receiving machine will respond back to the originating machine with an Echo Reply packet. Aside from telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return.
Pings also report traffic loss that can be used to gauge the reliability of a network
connection.
Pings also report traffic loss that can be used to gauge the reliability of a network
connection.
Ping google.com with the count argument -c 4 to ping 4 times.
The simplest way to run a ping sweep is with a tool called FPing. FPing is built into Backtrack and is run from the terminal. The easiest way to run FPing is to open terminal window and type the following:
fping –a –g 172.16.45.1 172.16.45.254>hosts.txt
The “–a” argument is used to show only the live hosts in the output. This makes our final report much cleaner and easier to read. The “–g” is used to specify the range of IP addresses we want to sweep. You need to enter both the beginning and the ending IP addresses. In this example, we scanned all the IPs from 172.16.45.1 to 172.16.45.254. The “>” character is used to pipe the output to a file, and the hosts.txt is used to specify the name of the file our results will be saved to.
Port Scanning
There are a total of 65,536 (0–65,535) ports on every computer. Ports can be
either TCP or UDP depending on the service using the port. We scan computers to see what ports are in use or “open”. This gives us a better picture of the purpose of the machine, which gives us a better idea about how to attack the box.
either TCP or UDP depending on the service using the port. We scan computers to see what ports are in use or “open”. This gives us a better picture of the purpose of the machine, which gives us a better idea about how to attack the box.
TCP 3-Way Handshake
Before we go on, we first have to know how computers on a network communicate with each other. When two computers want to communicate, they go through a processes known as the 3-way handshake. The first computer A will send a synchronize packet to the other computer B. Then, if computer B is listening (has its port open), it will respond back to A with a synchronize-acknowledgement packet. Finally, computer A will send an acknowledgement packet to computer B, and the two computers will communicate as usual.
Using Nmap
Nmap was written by Gordon Lyon and is available for free from www.insecure.org and is built into today’s Backtrack Linux 5.
Recommended Reading: Nmap Network Scanning
It is the official guide to using the nmap scanner. What more can I say? This book will cover nmap much more in depth than this site.
When we conduct a port scan, Nmap will create a packet and send it to each designated port on the computer just like the 3-way handshake. The goal is to determine what kind of a response we get from the target ports.
To use Nmap, open up the terminal and type:
nmap -p- 192.168.56.101
Here I scan a Windows XP machine on my network.
The “-p-” tells nmap to scan all ports on a target machine. The 10.0.2.15 is the local ip of the target machine.
Vulnerability Scanning
To scan systems for vulnerabilities, we will use a vulnerability scanner. There are several good scanners available, but we will be focusing on Nessus. To install Nessus type:
root@bt:~# apt-get install nessus
Then, to access Nessus via the GUI go to:
Applications -> Backtrack -> Vulnerability Assessment -> Vulnerability Scanner -> Nessus -> Nessus Start.
Applications -> Backtrack -> Vulnerability Assessment -> Vulnerability Scanner -> Nessus -> Nessus Start.
Dis is the best blog i have ever seen
ReplyDeleteall kind of tutorials in one place
thnx a lot Mr.....
Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.
Delete**Price for One SSN lead 2$**
All SSN's are Tested & Verified. Fresh spammed data.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
->Bulk order negotiable
->Hope for the long term business
->You can asked for specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
well thnx for that @anonymous
ReplyDeleteDoes your website have a contact page? I'm having problems locating it
ReplyDeletebut, I'd like to shoot you an email. I've got some suggestions for
your blog you might be interested in hearing.
Either way, great blog and I look forward to seeing it expand over time.
my web-site: Max Shred
Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.
ReplyDelete**Price for One SSN lead 2$**
All SSN's are Tested & Verified. Fresh spammed data.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
->Bulk order negotiable
->Hope for the long term business
->You can asked for specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
**SELLING SSN+DOB FULLZ**
ReplyDeleteCONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
>>1$ each without DL/ID number
>>2$ each with DL
>>5$ each for premium (also included relative info)
*Will reduce price if buying in bulk
*Hope for a long term business
FORMAT OF LEADS/FULLZ/PROS
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->COMPLETE ADDRESS
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYMENT DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS
>Fresh Leads for tax returns & w-2 form filling
>Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY
''OTHER GADGETS PROVIDING''
>SSN+DOB Fullz
>CC with CVV
>Photo ID's
>Dead Fullz
>Spamming Tutorials
>Carding Tutorials
>Hacking Tutorials
>SMTP Linux Root
>DUMPS with pins track 1 and 2
>Sock Tools
>Server I.P's
>HQ Emails with passwords
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
THANK YOU
التخلص من ذباب الحمام
ReplyDeleteكشف تسربات المياه عماله فلبينيه
شركة المياه الدمام
حي النخيل الشرقي بالرياض
اوامر تنظيف الويندوز 10
جهاز فحص اسلاك الشبكة
شركة تنظيف الصرف الصحي
شركة تنظيف خزانات بالخرج
خطوات عزل الخزان الارضي
تصميم بيارة الصرف الصحي