SlideShare une entreprise Scribd logo

Nmap and metasploitable

Télécharger en tant que PPTX, PDF
M
Mohammed Akbar Shariff

This was presented in Null Open Security community july meetup, Session was on Nmap and metasploitable

Logiciels
1  sur  28
NMAP and Metasploitable-II
About Me Mohammed Akbar Shariff Cyber Sec Intern – WICS Graduating M.tech www.linkedin.com/in/mohammed-akbar-shariff @akbarshariffak
Agenda • Basics of Network • Metasploitable II • Introduction to NMAP • Port Status • Scan Types • Host Discovery • OS Fingerprinting • Nmap Scripting Engine
Basics of Netwoks TCP Header
Three way Handshake…???
TCP Three way handshake
Metasploitable II The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
What is NMAP? • Network Mapper - Utility used to identify assets and map them in a network. • https://github.com/nmap/nmap (Current release is 7.50, 20 year old project and active)
Why NMAP..?? • Perhaps I can ping sweep? • How to know which IP’s are alive? • There are only • 65535(PORTS) *2 (TCP &UDP)*24 ( if class C)
Nmap Port Status • OPEN • CLOSED • FILTERED • OPEN|FILTERED
NMAP port “Status” - Open •Open - SYN reached the end system, victim responded with SYN+ACK and Completes the handshake. Nmap -n -sT -p 80 192.168.56.104
NMAP port “Status” - Closed • Closed - SYN reached the end system, responded with RST+ACK. System is accessible and service is still not open on victim. Nmap -n -sT -p 22 192.168.56.104
NMAP port “Status” - Filtered • Filtered – Observed when a port does not respond on repeated tries. Nmap -n -sT -p 445 192.168.56.105
Scan Types nmap <options><scan type> <target>
NMAP Options -iL <filename>: Pass a list of hosts. -iR <number of Hosts>: Choose random targets. Ex: nmap -Pn -sS -p 80 -iR 0 --open -p <port ranges> : Port scanning, Only scan specified ports…. -p- Host Discovery -sL (List Scan): Simply lists each host of the network(s) specified. -sn : No port scan and only ping scan -Pn : Skip ping scan and treat all host to be live -PS <portlist> : TCP SYN Ping -n : No DNS resolution -R : DNS resolution for all targets -PE; -PP; -PM : ICMP Ping Types. -PA <port list> : TCP ACK ping -PU <port list> : UDP Ping
Nmap Scan Types • -sP (Ping Sweep) – Performs ARP ping and ICMP echo request to determine system is alive. • -sS (TCP SYN Scan) – Determines a system/port being alive by sending only SYN and waiting for SYN-ACK • -sU (UDP Scan) – Probes UDP detects system/port is alive when there is a UDP response + ICMP packet Destination unreachable. • -sT (TCP Connect Scan): Performs connection establishment using system call “connect” • -sN (Null scan): Does not set any bits (TCP flag header is 0). • -sF (FIN Scan): Sets just the TCP FIN bit. • -sX (Xmas scan): Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
OS Fingerprinting • Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. • Nmap compares the results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the OS details if there is a match. -O (Enable OS detection)
Nmap – service Version and Enumeration! • Nmap-services database is constantly updated with services, finger printing and banners to identify remote ports and operating systems. • -sV - runs about ~30 Nmap Script Engine (.nse files) to identify and enumerate the service that has been detected earlier. • -sC – runs “default” ~200 Nmap Script Engine (.nse files) to identify and enumerate the services and provide vulnerabilities identified. Optionally can use - -script option.
Nmap service Enumeration! • The Difference between the two in Action TCP scan with Version -sT + -sV = -sTV Regular TCP scan
Nmap Scripting Engine(NSE) –What and Why? • Nmap Script Engine, written in Lua. • Sophisticated Version detection and OS detection. • Example: smb-os-discovery.nse , http-cisco-anyconnect.nse … • Vulnerability detection. • Example: tls-ticketbleed.nse, sslv2-drown.nse,.. • Malware detection. • Example: http-google-malware.nse.. • Vulnerability Exploitation. • Example: smb-psexec.nse,..
NSE – what? where? • -sC and --script uses NSE. There is a default set launched when no option is given. https://nmap.org/nsedoc/categories/default.html
Nmap Enumeration technique Notice how the service is not shell Even though Banner shows Shell
Nmap Enumeration technique So you need to use –sTV along for Version grab
Nmap Output Formatting Greppable Regular Text XML
References • https://www.nmap.org • https://null.co.in/ • http://insecure.org/
QUESTIONS??
THANK YOU

Recommandé

Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
NMap
NMapNMap
NMapPritesh Raka
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Nmap
NmapNmap
NmapSreekanth Narendran
 

Recommandé

Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
NMap
NMapNMap
NMapPritesh Raka
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Zen map
Zen mapZen map
Zen mapharisnaved
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Nmap
NmapNmap
NmapMegha Sahu
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basicsamiable_indian
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framworkDeepanshu Gajbhiye
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Snort
SnortSnort
SnortFadwa Gmiden
 
Metasploit
MetasploitMetasploit
MetasploitInstitute of Information Security (IIS)
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meetvinoth kumar
 
Bit squatting
Bit squattingBit squatting
Bit squattingAvradeep Bhattacharya
 

Contenu connexe

Tendances

Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)shwetha mk
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 

Tendances (20)

NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorial
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Zen map
Zen mapZen map
Zen map
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Nmap
NmapNmap
Nmap
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
 
N map presentation
N map presentationN map presentation
N map presentation
 
Nmap
NmapNmap
Nmap
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Port scanning
Port scanningPort scanning
Port scanning
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Metasploit framwork
Metasploit framworkMetasploit framwork
Metasploit framwork
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
Snort
SnortSnort
Snort
 
Metasploit
MetasploitMetasploit
Metasploit
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 

En vedette

API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meetvinoth kumar
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)Deepam Kanjani
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bountyvinoth kumar
 
Basics of Cryptography
Basics of CryptographyBasics of Cryptography
Basics of CryptographySunil Kumar
 
Networking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiNetworking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiAvkash Kathiriya
 

En vedette (6)

API Security - Null meet
API Security - Null meetAPI Security - Null meet
API Security - Null meet
 
Bit squatting
Bit squattingBit squatting
Bit squatting
 
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)A Strategic Path from Secure Code Reviews to Threat Modeling (101)
A Strategic Path from Secure Code Reviews to Threat Modeling (101)
 
Yet another talk on bug bounty
Yet another talk on bug bountyYet another talk on bug bounty
Yet another talk on bug bounty
 
Basics of Cryptography
Basics of CryptographyBasics of Cryptography
Basics of Cryptography
 
Networking basics by rahul at Null Mumbai
Networking basics by rahul at Null MumbaiNetworking basics by rahul at Null Mumbai
Networking basics by rahul at Null Mumbai
 

Similaire à Nmap and metasploitable

Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academycyberforgeacademy
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.pptVarunBehere1
 
Christchurch ISIG 27 oct2015
Christchurch ISIG 27 oct2015Christchurch ISIG 27 oct2015
Christchurch ISIG 27 oct2015Kevin Alcock
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
 

Similaire à Nmap and metasploitable (20)

NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academy
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information Gathering
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.ppt
 
Namp
Namp Namp
Namp
 
Christchurch ISIG 27 oct2015
Christchurch ISIG 27 oct2015Christchurch ISIG 27 oct2015
Christchurch ISIG 27 oct2015
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis course
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis Tools
 
Contents namp
Contents nampContents namp
Contents namp
 
Contents namp
Contents nampContents namp
Contents namp
 
Network for amin
Network for aminNetwork for amin
Network for amin
 

Dernier

Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Dernier (20)

Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 

Nmap and metasploitable

  • 2. About Me Mohammed Akbar Shariff Cyber Sec Intern – WICS Graduating M.tech www.linkedin.com/in/mohammed-akbar-shariff @akbarshariffak
  • 3. Agenda • Basics of Network • Metasploitable II • Introduction to NMAP • Port Status • Scan Types • Host Discovery • OS Fingerprinting • Nmap Scripting Engine
  • 6.
  • 7. TCP Three way handshake
  • 8. Metasploitable II The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
  • 9. What is NMAP? • Network Mapper - Utility used to identify assets and map them in a network. • https://github.com/nmap/nmap (Current release is 7.50, 20 year old project and active)
  • 10. Why NMAP..?? • Perhaps I can ping sweep? • How to know which IP’s are alive? • There are only • 65535(PORTS) *2 (TCP &UDP)*24 ( if class C)
  • 11. Nmap Port Status • OPEN • CLOSED • FILTERED • OPEN|FILTERED
  • 12. NMAP port “Status” - Open •Open - SYN reached the end system, victim responded with SYN+ACK and Completes the handshake. Nmap -n -sT -p 80 192.168.56.104
  • 13. NMAP port “Status” - Closed • Closed - SYN reached the end system, responded with RST+ACK. System is accessible and service is still not open on victim. Nmap -n -sT -p 22 192.168.56.104
  • 14. NMAP port “Status” - Filtered • Filtered – Observed when a port does not respond on repeated tries. Nmap -n -sT -p 445 192.168.56.105
  • 16. NMAP Options -iL <filename>: Pass a list of hosts. -iR <number of Hosts>: Choose random targets. Ex: nmap -Pn -sS -p 80 -iR 0 --open -p <port ranges> : Port scanning, Only scan specified ports…. -p- Host Discovery -sL (List Scan): Simply lists each host of the network(s) specified. -sn : No port scan and only ping scan -Pn : Skip ping scan and treat all host to be live -PS <portlist> : TCP SYN Ping -n : No DNS resolution -R : DNS resolution for all targets -PE; -PP; -PM : ICMP Ping Types. -PA <port list> : TCP ACK ping -PU <port list> : UDP Ping
  • 17. Nmap Scan Types • -sP (Ping Sweep) – Performs ARP ping and ICMP echo request to determine system is alive. • -sS (TCP SYN Scan) – Determines a system/port being alive by sending only SYN and waiting for SYN-ACK • -sU (UDP Scan) – Probes UDP detects system/port is alive when there is a UDP response + ICMP packet Destination unreachable. • -sT (TCP Connect Scan): Performs connection establishment using system call “connect” • -sN (Null scan): Does not set any bits (TCP flag header is 0). • -sF (FIN Scan): Sets just the TCP FIN bit. • -sX (Xmas scan): Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
  • 18. OS Fingerprinting • Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. • Nmap compares the results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the OS details if there is a match. -O (Enable OS detection)
  • 19. Nmap – service Version and Enumeration! • Nmap-services database is constantly updated with services, finger printing and banners to identify remote ports and operating systems. • -sV - runs about ~30 Nmap Script Engine (.nse files) to identify and enumerate the service that has been detected earlier. • -sC – runs “default” ~200 Nmap Script Engine (.nse files) to identify and enumerate the services and provide vulnerabilities identified. Optionally can use - -script option.
  • 20. Nmap service Enumeration! • The Difference between the two in Action TCP scan with Version -sT + -sV = -sTV Regular TCP scan
  • 21. Nmap Scripting Engine(NSE) –What and Why? • Nmap Script Engine, written in Lua. • Sophisticated Version detection and OS detection. • Example: smb-os-discovery.nse , http-cisco-anyconnect.nse … • Vulnerability detection. • Example: tls-ticketbleed.nse, sslv2-drown.nse,.. • Malware detection. • Example: http-google-malware.nse.. • Vulnerability Exploitation. • Example: smb-psexec.nse,..
  • 22. NSE – what? where? • -sC and --script uses NSE. There is a default set launched when no option is given. https://nmap.org/nsedoc/categories/default.html
  • 23. Nmap Enumeration technique Notice how the service is not shell Even though Banner shows Shell
  • 24. Nmap Enumeration technique So you need to use –sTV along for Version grab