Hacking of Computer Networks. Dr. Hidaia Mahmood Alassouli
Чтение книги онлайн.

Читать онлайн книгу Hacking of Computer Networks - Dr. Hidaia Mahmood Alassouli страница 4

Название: Hacking of Computer Networks

Автор: Dr. Hidaia Mahmood Alassouli

Издательство: Bookwire

Жанр: Математика

Серия:

isbn: 9783969443545

isbn:

СКАЧАТЬ This technique used with the printer networks. The hacker sends SYN/ACK to zombie and it responses with RST signal. We write the packet ID. We will make packet spoofing IP. We will send the packet SYN to the target and so the target will answer to the Zombie with SYN ACK and the Zombie will answer with RST if the port is open. We will send SYN ACK again to the Zombie and we will take the packet ID. If the packet ID increased with two numbers, the port is open. If the packet ID increased with one number, the port is close.

Image Image

       In UDP scan, the hacker sends UDP probe to the destination. If the destination did not answer, then the port open otherwise it is close.

Image

      # nmap –sU 192.168.28.138 –p- (all ports)

      It will show all open UDP ports.

       Firewalking: It is the combination of portscanning and tracerouting technique.

Image

      # hping3 --scan 1-1024 -S - t 5 scanme.nmap.org

      d) Understanding the Port Scan Decoys:

Image

      The scan decoys is hiding process.

       To slow down scans write

      # nmap –T1 192.168.28.138 -p445

       To bypass firewalls so it will not detect the nmap

      # nmap –n –PN -g53 192.168.28.138 -p445

      e) Understanding operating system fingerprinting

Image

       To do fingerprinting, we have many tools: NetworkMiner, P0f, Satori

       In backtrack there is tool called p0f

      #p0f –i eth0

       Active fingerprinting

Image

      #nmap –O -v 192.168.28.135

      i. Banner grapping

Image Image

       You can get the type of operating system by writing

      # telnet 192.168.1.20 80

      GET/HTTP/1.1

      In my computer, It will shows the operating system is linux. Besides it told the web server apache and the web application php

      ii. Network Scan Tools

       You can use the superscan windows tool

       You can use the advanced IP scanner

Image

       In backtrack you can do scan using nmap

      # nmap -sV 192.168.28.139

       You can use Znmap tool

       You can use the nmap command

      # nmap –A –v –oA report 192.168.1.0/24 –p-

       If you want to make scan without showing the offline hosts, remove –v.

      # nmap –A –oA report 192.168.1.0/24 –p-

       Use the program Dradis. Go backrack, reporting tools, evidence management, dradis. It works https. Go to the browser and write https//127.0.0.1:3004. Write the username admin and the password admin.

Image

      In dradis, click on import from file> Choose the xml file and make upload. You will get all destinations in the subnetwork.

       Scan by metasploit armtage

Image

       Go to backtrack, exploitation tools, network exploitation tools, metasploit framework, armitage

Image

       We can use Cobalt Strike tool. You must buy the tool as it is not free

Image

      iii. Vulnerability Scanning

Image

       There are many programs for vulnerability scanning: Nessus, acunetix, w3af, armitage, netsparker, cobalt strike.

       Nmap scripting engines.

Image

       You can check using nmap on the version detection and operating system detection, traceroute. You can scan your host using a script in your computer

Image

       Nessus scan

Image

       In backtrack write

       # apt-get install nessus

       Go to Nessus in /opt/nessus

       # cd /opt/Nessus

       # cd sbin the add user with the command Nessus-adduser

Image

      To register in Nessus

      # cd /opt/Nessus/bin

Image

      After СКАЧАТЬ