Women at work

I have a PhD in electrical engineering and have been teaching and doing programming and IT for ... too many years. (specializing in networks and security) I am not going to disclose my age! I am one of very few women of my age who STAYED in the field, since it is super competitive macho field. But here I am! I use my engineering skills for everything I do. In this blog, I will share anything from technical to social comments on technology.

Tuesday, May 30, 2017

Got scaning?



SCANNING
Continuing with the previous discussions about security tools and their ethical use, let us assume that you have signed and will honor some version of White Hat agreement. At this point you are ready to start scanning.
There are many free tools at: http://www.isecom.org/research/security-tools.html
Scaning tools include: nmap and Unicornscan, etc.  Enumeration tools include: Nessus and Integrit (for host-based scanning)

PART 1: NMAP


Install Nmap. http://nmap.org   http://insecure.org
On CentOS:
yum install nmap

If you are not lucky, go the rpm route:
To see if it is already installed on Unix:
                                prompt> rpm –q nmap
To install it, first try installing it remotely:
                                         prompt> rpm -vhU http://nmap.org/dist/nmap-XXXX.rpm

If that doesn’t work, download the rmp file and install it:
                                prompt> rpm  –i   nmapxxxx.rpm  

OR:
Download and install GNU make first (do this only once):
                                prompt> tar xzvf  make-x.xx.tar.gz
                                prompt> cd  make-x.xx
                                prompt> ./config
                                prompt> sh build.sh                                       
                                prompt> make install
Download .tar.gz file and uncompress it and extract files:
                                prompt> tar xzvf  dir.tar.gz
                                prompt> cd  dir
                                prompt> ./config
                                prompt> make                                 
                                prompt> make install



“Posted on 28 January 2011.Nmap is a free and open source utility for network exploration or security auditing.A primary focus of the 5.50 release is the Nmap Scripting Engine, which has allowed Nmap to expand up the protocol stack and take network discovery to the next level. Nmap can now query all sorts of application protocols, including web servers, databases, DNS servers, FTP, and now even Gopher servers! These capabilities are in self-contained libraries and scripts to avoid bloating Nmap's core engine.Since Nmap 5.21, the number of NSE scripts has more than doubled to 177 and NSE libraries jumped from 30 to 54.The actual NSE engine became more powerful as well. Newtargets support allows scripts like dns-zone-xfer and dns-service-discovery to add discovered hosts to Nmap's scan queue. The developers also added a brute forcing engine, network broadcast script support, and two new script scanning phases known as prerule and postrule.636 OS fingerprints and 1,037 version detection signatures were added to Nmap since 5.21, bringing the totals to 2,982 and 7,319, respectively. No other tool comes close”. http://www.governmentsecurity.org/latest-security-news/nmap-550-released.html

Install tcpdump on Unix. If you have Snort installed, and just type “snort” you will be running tcpdump.
Install Wireshark on a computer that has GUI display.
Instructions: make it  interesting, relevant and useful -
1. don't just say that you ran a command, e.g. nmap -s. Provide the output and also some comments. Try to figure out what the whole thing means - what are you trying to assess? what does the response mean? how can you use it?
2. Don't just watch Wireshark mindlessly. Try to find the packets you are looking for.
Submit Wireshark output and circle what you found.  Some ideas as to what you are looking for are at the start of this file.

*You are trying to get a picture of the target.*

Open tcpdump, then repeat with opened Wireshark:
1.       Check out Nmap  help menu.
2.       Run a ping scan on computers on your network. Please do not terrorize your roommates and friends. Be nice. Which IP addresses are active?
3.       Find out which ports are open on those computers:
a.       run connect scan
b.       run NULL scan
4.       Repeat on the DNS and any other servers you found.

5.       Send a SYN packet to a computer on your network.
6.       Send some more SYN packets to different computers on your network.
7.       Do SYN scan on all computers on your network.
8.       Find out which computers run SMTP and HTTP (i.e. scan for those ports).

9.       Run FIN scan.
10.   Run XMAS scan.
11.   Run ACK scan. 
12.   Can you determine the type of OS?
13.   Run the following commands. What do they mean?
nmap –sT –F IPaddress
nmap –sS –F IPaddress
nmap –sU –F IPaddress
nmap –sF –F IPaddress
nmap –O –F IPaddress
nmap –p22 -O IPaddress
nmap –p 1-30,40-65535 IPaddress
nmap –A –P0 IPaddress
nmap –sS 10.10.10.*


What did you find? Interpret your results and nicely “organize” them so that you have a map of the network.


PART 2: fping and hping

Install fping and hping, http://fping.com and http://hping.org They are command-line tools.
Have tcpdump or Wireshark opened while you run the tools.

Run a ping sweep with fping and hping tools. 
1.       fping –g start-of-rangeIP end-of-rangeIP
2.       hping –S IPaddress

PART 3: Unicornscan

Install it and run it.
Unicornscan is a Unix tool. Unfortunately, I can’t find the proper libraries to install it on CentOS 6.

posted by HumanRemodeling @ 7:39 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home