Tuesday, 12 November 2019

Active information gathering and port scanning by Raj Gupta

Metasploitable :- Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox.

https://information.rapid7.com/metasploit-framework.html


username:   msfadmin
password:   msfadmin


--------------------------------------------------------------------------------------------------------------------------



Nmap: -

root@kali:~# nmap

  nmap -v -A scanme.nmap.org
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -Pn -p 80


nmap -p 1-65535 192.168.8.2
nmap -Pn 192.168.1.9
nmap -sT 192.168.1.9
nmap -sS 192.168.1.9       By using this less chance to catch by other 
nmap -sU 192.168.1.9        UDP scan

If request is blocked then to send the acknowledgement  to scan the other machine use below

root@kali:~# nmap -sA 172.31.86.179
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-12 08:21 UTC
Nmap scan report for ip-172-31-86-179.ec2.internal (172.31.86.179)
Host is up (0.0014s latency).
All 1000 scanned ports on ip-172-31-86-179.ec2.internal (172.31.86.179) are unfiltered
MAC Address: 12:74:AD:24:21:51 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 0.70 seconds


If only a particular port are open for to accept request then use below

root@kali:~# nmap --source-port 80 172.31.86.179
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-12 08:25 UTC
Nmap scan report for ip-172-31-86-179.ec2.internal (172.31.86.179)
Host is up (0.0011s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
111/tcp open  rpcbind
MAC Address: 12:74:AD:24:21:51 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
root@kali:~#


nmap --data-length 50 172.31.86.179       To set packet size

nmap --spoof-mac 22:33:44:55:66:77 172.31.86.179    To hide our mac address 


-----------------------------------------------------------------------------------------------------------------------

Zenmap it is graphical interface of Nmap

we can do same thing in GUI mode


--------------------------------------------------------------------------------------------------------------------

Using Nmap scripts:-

root@kali:~# cd /usr/share/nmap/
root@kali:/usr/share/nmap# ls
nmap.dtd  nmap-mac-prefixes  nmap-os-db  nmap-payloads  nmap-protocols  nmap-rpc  nmap-service-probes  nmap-services  nmap.xsl  nselib  nse_main.lua  scripts
root@kali:/usr/share/nmap# cd scripts/
root@kali:/usr/share/nmap/scripts# ls
root@kali:/usr/share/nmap/scripts# ls | grep ssh

root@kali:/usr/share/nmap/scripts# nmap --script=ssh-brute.nse 172.31.86.179


root@kali:/usr/share/nmap/scripts# nmap --script=ssh-hostkey.nse 172.31.86.179


-------------------------------------------------------------------------------------

root@kali:~# git clone https://github.com/scipag/vulscan.git


root@kali:~# git clone https://github.com/vulnersCom/nmap-vulners.git


root@kali:~# ls
Desktop  Documents  Downloads  Music  nmap-vulners  Pictures  Public  Templates  Videos  vulscan
root@kali:~# mkdir nmapscripts
root@kali:~# ls
Desktop  Documents  Downloads  Music  nmapscripts  nmap-vulners  Pictures  Public  Templates  Videos  vulscan
root@kali:~# mv vulscan/ nmapscripts/
root@kali:~# mv nmap-vulners/ nmapscripts/
root@kali:~# ls
Desktop  Documents  Downloads  Music  nmapscripts  Pictures  Public  Templates  Videos
root@kali:~#
root@kali:~# ls
Desktop  Documents  Downloads  Music  nmapscripts  Pictures  Public  Templates  Videos
root@kali:~# cd nmapscripts/
root@kali:~/nmapscripts# ls
nmap-vulners  vulscan
root@kali:~/nmapscripts# ls
nmap-vulners  vulscan
root@kali:~/nmapscripts# nmap --script vulscan,nmap-vulners -sV 172.31.86.179

-------------------------------------------------------------------------------------------------------------------

amap:- This is same as nmap tool


1 comment:

  1. Excellent blog I visit this blog it's really awesome. The important thing is that in this blog content written clearly and understandable. The content of information is very informative.We are also providing the best services click on below links to visit our website.
    Oracle Fusion HCM Training
    Workday Training
    Okta Training
    Palo Alto Training
    Adobe Analytics Training

    ReplyDelete