Sunday, 16 December 2012

msf scanning on backtrack 5



MSF SCANNING  
msf scanning on backtrack 5

INTRODUCTION
  • In this tutorial we are going to use NMAP ( Network Mapper ) with MSFCONSOLE .
  • We are going to learn how can we use nmap in msfconsole on backtrack .
  • For penetration tester nmap is a very helpful tool , which provides different modes of scanning the target system.
  • We are going to do different types of scanning like TCP connect scan ,SYN scan , UDP scan , ACK scan , OS scan , Version Detection Scan  and Spoof scan with examples And all this done on msfconsole.
  • It's a easy and interesting process of Information Gathering .So without wasting time lets start the MSF scanning .
HOW TO OPEN MSFCONSOLE
  • First the simple process launch the msfconsole , to do that follow the steps on Backtrack 5 .
  • BackTrack > Exploitation Tool > Network Exploitation Tools > Metasploit Framework > msfconsole
  • See the below image for more details - 

MSFCONSOLE OPENED
  • Now your msfconsole is open and you can see a beautiful I LOVE SHELL banner is displaying in this image . You also get a random banner . 
  • See the below image for more details -
  • Next step is type nmap .

msfconsole shell
MSFCONSOLE (I LOVE SHELL)

INVOKE NMAP 
  • To invoke nmap , type nmap and as you press enter , it display the list of scan options .
  • As you can see in the below image .
  • See the below image for more help - 
  • Here in the below image you can see there is a  list of  target specification , scan types and various other options.
  • Your work is to understand all this , don't directly jump on the commands execution .
  • NEXT STEP : - Run a TCP connect Scan 
NMAP ON MSFCONSOLE
NMAP 

TCP CONNECT SCAN (-sT)
  • This scan is used to detect open ports on the target machine , it follow the three way handshake process .
  • Command Used : nmap -sT -p1-2000 < targetip address >
  • Here -sT parameter means we want to perform a TCP connect scan .
  • -p parameter means range of ports to be used , in our example , we have given the range from 1 - 2000.
  • See the below image for more details  -
TCP connect scan
TCP CONNECT SCAN

ADVANTAGE 
  • The advantage is after a complete handshake process , it display all the open ports ,which you wan too see .
  • It shows the accurate results .
DISADVANTAGE 
  • Now the biggest disadvantage is , it is easily detectable by IDS (Intrusion Detection System ) and IPS( Intrusion Prevention System ). 

STEALTH SCAN (SYN SCAN )
  • Syn scan is also known as Stealth scan .
  • It is also known as half open scanning because it never forms  a complete connecttion between the target and the scanner machine .
  • Command Used : nmap -sS -p1-5000 < targetip-address >
  • See the below image for more details -
SYN SCAN
SYN SCAN

ADVANTAGES
  • Difficult to detect by the firewall  IDS And IPS .
DISADVANTAGES 
  • These days updated , new mordern firewalls can detect and capable to catch the syn scan.

UDP SCAN 
  • This techniques is used to detect the open ,closed and filtered UDP ports .
  • The scan operation can be done like this - 
FOR CLOSED PORTS 
  • Suppose i sent a Udp packets and the station responds with the ICMP : Port Unreacheable, it means the post is closed .
CLOSED PORTS
CLOSED PORTS 

 FOR FILTERED OPEN PORTS 
  • In case of filtered open ports , we send the UDP packets from BackTrack  to Metasploitable target machine .
  • If there is no respond from the target (Metasploitable) machine , then it means the port is open but filtered . 
  • You can see this in our example . 
OPEN PORTS | FILTERED
OPEN PORTS | FILTERED

FOR OPEN PORTS 
  • For open ports if there a reply comes back to backtrack 5 machine , then it is considered to be open ports .
OPEN PORTS
OPEN PORTS

  • SO According to the above scan operations , here is the actual example of the UDP scanning through msfconsole.
  • See the below example for more details -
  • In this example the command used is 
  • Command Used : nmap -sU  -p1-1000 < targetip address >
  • In the output you can see the open and open|filtered ports .
UDP SCAN
UDP SCAN 

ACKNOWLEDGEMENT SCAN (ACK SCAN)
  • It tells that whether the target machines  ports are filtered or unfiltered by a firewall .
  • It sends TCP ACK frames to remote port and if there is no response then it is considered to be filtered . 
  • And if it responds with a RST ( RESET)  then it is considered to be unfiltered port.
  • The below example shows that the target machine has unfiltered ports .
  • Command used to perform Acknowledgement Scan is :
  • Command : nmap -sA -p1-5000 <target-ip address>
  • See the below example for more details -
ACKNOWLEDGEMENT SCAN
ACKNOWLEDGEMENT SCAN

OS SCAN ( OPERATING SYSTEM SCAN )
  • Through this scan we can identifying the target Operating system .
  • Command Used is : nmap -O < TARGET IP ADDRESS >
  • In this example , it shows the target OS is Microsoft windows .
  • See the below example and analyse it , how it can scan OS .
OPERATING SYSTEM SCAN
OPERATING SYSTEM SCAN

OPERATING SYSTEM SCAN
OPERATING SYSTEM SCAN 

VERSION SCAN
  • It can detect the open ports and the what version of services the target system running.
  • Command Used : nmap -sV <target ip >
  • See the below example for more details -
version scan
VERSION SCAN

SPOOF SCAN
  • Now , this scan is used to make some anonymity on the firewall logs .
  • Nmap has a features called Decoy[-D],  this features will not prevent you to be get recorded on the firewall logs but in this features we can add two more fake /spoof ip addresses that create a log file more complicated .
  • When the administrator look that logs , it shows that there are several other machines that scan at the same time .
  • See the below example , In this example the command that we used is 
  • msf > nmap -sS <target ip> -D < Fake ip > <Fake ip>
  • Now when the it execute the command , it shows all the target details , but on the firewall logs it confuse the administrator with the fake ip addresses a little bit .
  • See the below example and understand carefully .
SPOOF SCAN
SPOOF SCAN

THIS IS HOW WE CAN PERFORM NMAP SCANNINING  IN MSFCONSOLE , I HOPE YOU LEARN A LOT FROM THIS TUTORIAL AND CLEAR YOUR BASICS UNDERSTANDING BETWEEN THESE SCANNING TECHNIQUES . 

THERE ARE LOTS OF OTHER NMAP SCANNING TECHNIQUES , TRY YOURSELF , KEEP ENJOYING AND LEARN PENETRATION TESTING PRACTICALLY WITH  WWW.HACKINGDNA.COM 

HOPE YOU LIKE IT DON'T FORGET TO JOIN OUR FACEBOOK PAGE WHERE YOU CAN SHOUT ANY QUESTIONS AND  YOU WILL GET THE LATEST UPDATES .

JOIN US 
ON 
FACEBOOK

THIS TUTORIAL IS JUST FOR EDUCATIONAL PURPOSE ONLY/-

0 comments:

Categories

Angry IPScanner On Backtrack 4 Arduino Arduino Opensource community attacks on router auditing tool Aurora Exploiting Through Kali Linux AUTOSCAN ON BACKTRACK 5 BackBox Linux On hackingDNA Backtrack 5 : Linux Commands Backtrack Bootable Pendrive Backtrack Tool : The Harvester Blender On Backtrack 5 Block Command Prompt Browser Autopwn On Backtrack 5 BUGTRAQ LOG REMOVER BLEACHBIT chkrootkit on Backtrack 5 chntpw on backtrack 5 cisco switches routing auditing tool. Client Side Attack On Backtrack 5 Command Shell Upgrade On Backtrack 5 Conky On Backtrack 5 convert guest account into admin using chntpw in backtrack 5 Convert Jpg Image into Ascii on Backtrack 5 countermeasures Cracking Unix Password On Backtrack 5 Cupp On Backtrack 5 Cutycapt On Kali Linux Detect Sniffer6 On Kali Linux dmitry on backtrack 5 Dnmap On Kali Linux dnsenum on backtrack 5 dnsrecon on backtrack 5 dnstracer on backtrack 5 dnswalk on backtrack 5 DOMAIN TOOL ON BUGTRAQ Dos attack driftnet on backtrack 5 dsniff on backtrack 5 enum4linux esp8266 EtherApe On BackTrack 5 ewizard on backtrack 5 ExifTool On BackTrack 5 Exploit Distccd On BackTrack 5 Exploit RDP Vulnerability On Kali Linux Exploit Samba Server On Backtrack 5 fatback on backtrack 5 FERN CRACKER ON BACKTRACK 5 Fierce in Backtrack 5 findmyhash : Crack the hash on Backtrack 5 Firewalk-Script On BackTrack 5 Firewall On Backtrack 5 Flash Player On Backtrack 5 Genlist On Backtrack 5 Gerix Cracker On Backtrack 5 Get Your Data Back Golismero On BackTrack 5 GOOFILE ON BUGTRAQ Google Kung-Fu goohost on backtrack 5 Grendel-Scan On Backtrack 5 gtk-recordmydesktop on backtrack 5 HACK BACKTRACK 5 via RAT Hack The Database with Backtrack 5 Hack the Facebook with Backtrack 5 Hack the windows in GNS3 Hack Windows XP using Backtrack 5 Hack Windows Xp using msfconsole hacking Hacking Lab 01 Hacking Windows 7 USING Backtrack 5 hackingdna hackingDNA choice :Best Antivirus Detection honeyd on backtrack 5 honeypot on backtrack 5 HOW TO INSTALL REDHAT ENTERPRISE LINUX 5 How to block ICMP request How To Install CAINE How to Install Chromium Browser on Backtrack 5 How to Install Windows 7 Ultimate How To Install Xampp On Kali Linux How to make new User in Backtrack 5 How to see files and directories on Linux how to use arduino in kali linux How to use Host Command on Backtrack 5 How to use Nano Editor on Backtrack 5 How to use Ping Command on Backtrack How to use whois tool on Backtrack 5 hping2 on backtrack 5r2 Httprint On BackTrack 5 icmpv6 flooding attack ifconfig command Installing And Accessing Backdoor On Backtrack 5 Installing software on Backtrack 5 using apt-get ipcalc on backtrack 5 Itrace On BackTrack 5 Jigsaw On Backtrack 5 Joomscan On Backtrack 5 KALI ARMITAGE ON KALI LINUX kali linux kali linux arduino Kali Linux Installation Kali Rolling Release 2016.2 keimpx on backtrack 5 Lanmap On Backtrack 4 Learn arping on Backtrack 5 Learn Basic of Internet with DAWN OF THE NET Learn Basics if Screen Utility Learn cmospwd on Backtrack 5 Learn dnsdict6 on backtrack 5 Learn fping on Backtrack 5 Learn Help Utilities Command On Backtrack 5 Learn hexedit on Backtrack 5 Learn how to hack root account on REDHAT5 Learn How to Install Backtrack 5 Learn how to make Bootable Pendrive Learn how to split Terminal into different regions Learn How To Split Terminal on backtrack 5 Learn how to use Armitage in Backtrack 5 Learn how to use chntpw on backtrack 5 LEARN HOW TO USE CISCO PACK ON BUGTRAQ - II Learn How to use ettercap on Backtrack 5 for hacking username and passwords Learn how to use Netstat Commands On Backtrack 5 Learn how to use nipper Learn How to work with Vim editor on Backtrack 5 Learn Linux Commands on Backtrack Environment Learn Netdiscover On Backtrack 5 Learn Pentbox On Backtrack 5 Learn Recoverjpeg on Backtrack 5 Learn samdump on backtrack 5 Learn TrueCrypt On Backtrack 5 LINUX NETWORKING COMMANDS ON BACKTRACK 5 linux OS LINUX PARTITION ON BACKTRACK 5 List-Urls On Backtrack 4 Load Balancing Detector On Backtrack 5 LOG REMOVER BLEACHBIT Lynis On Backtrack 5 Mac Tracker On Backtrack 5 macchanger on backtrack 5 Matriux Installation On hackingDNA Metaexploit Framework : Collecting Email Addresses Metasploit Framework With Basic Commands Meterpreter on Backtrack 5 mitre-cve on backtrack 5 MSF AUXILIARY SCANNING ON BACKTRACK 5 msf scanning on backtrack 5 nbtscan on backtrack 5 NESSUS ON BACKTRACK 5 Net Card Config Netcat : Learn how to create a instant chat session on Backtrack 5 netenum on backtrack 5 Netifera On Backtrack 5 NETMASK On Backtrack 5 NIKTO ON KALI LINUX Nmap Scanning On Backtrack 5 nmap smb script offensive security Oneko And Cowsay On BackTrack 5 OpenOffice On Backtrack 5 OpenVAS On Backtrack 5 Orion Browser History Dumper v1.0 Penetration Testing Pipal On Backtrack 5 PostgreSQL On Kali Linux Practice Session On Backtrack 5 PROTOS on backtrack 5 Reconnaissance Recover Kali Password Remote Desktop Connection Remote Desktop On Backtrack 5 Remote Desktop Sharing Removing Backdoor on Backtrack 5 Restrict Control Panel Restrict Registry Editor by Group Policies Rkhunter On Backtrack 5 router auditing tool Router Penetration Testing router security Safecopy On Backtrack 5 samba testing samrdump on backtrack 5 Scanning security auditing tool Shell Scripting On Kali Linux Shrink and Create Partition on Windows 7 Shutter On Backtrack 5 siege on backtrack 5 smb enumeration smb hacking Smbclient On Backtrack 5 Smtpscan On Backtrack 5 SMURF6 ON KALI LINUX Sniff Images on Backtrack 5 using Driftnet Snort On Backtrack 5 snurf6 Software Updates On Kali linux Spoof Your MAC Address on Backtrack 5 sql attack SSID ssldump on backtrack 5 sslstrip on backtrack 5 Start Backtrack 5 Without Startx Steam Locomotive On BackTrack5 Stop Bruteforce attack System Monitor On Backtrack 5 tcptraceroute on backtrack 5 Tctrace On Backtrack 5 TeamViewer On BackTrack 5 TELNET On Backtrack 5 Terminator On Backtrack 5 the Harvester On Backtrack 5 Things you should know about Backtrack Tweak Your System Settings On Backtrack 5 Tweak Your System Settings On Backtrack 5 Part 2 Unicornscan On BackTrack 5 Uniscan On Backtrack 5 urlcrazy on backtrack 5 urlsnarf on backtrack 5 WBOX on Backtrack 4 and 5 Weak points Web Httrack::Web Copier Websecurify On BackTrack5 Webshag On Backtrack 5 WEP CRACKING ON BACKTRACK 5 whatweb on backtrack 5 WHATWEB ON BUGTRAQ Wiffit (wafw00f): Firewall Detection Tool On Backtrack 5 wireshark Xpdf On Backtrack 5 xprobe2 on backtrack 5 Zenmap

Popular Posts