Hacking Tool: nmapposted in security on • by Wouter Van Schandevijl
Before Trinity could take down the electric grid, she had to find an attack vector. Her hack started with… nmap!
nmap/nmap : Github mirror of official SVN repository.
A CLI tool to discover hosts and services on a computer network by sending packets and analyzing the responses.
If you rather have a GUI, there is zenmap.
List all bells & whistles:
nmap -sT -T4 -Pn 10.23.10.2
This lists all ports that have something running.
The service name displayed is the default port of a known service for the port but there is no telling if that is actually the case.
-sT: Scan Technique: TCP connect scan, will show up in server logs.
-sS: Quick (thousands/sec), unobtrusive and stealthy with clear, reliable differentiation between the open, closed, and filtered states. The default and most popular.
-sU: UDP scans
-T<0-5>: Set timing template (higher is faster)
- paranoid (0) & sneaky (1): Enable IDS (Intrusion Detection System) evasion
- polite (2): Don’t overload to the target machine
- normal (3): (default)
- aggressive (4): for fast and reliable networks
- insane (5): for extraordinarily fast networks
-Pn: Treat all hosts as online – skip host discovery
nmap -sT -T4 -Pn -sV -O -p- 10.23.10.2
-sV: Probe open ports to determine service/version info
-O: Enable OS detection
-p <port ranges>: Only scan specified ports
There is an Docker image for that…
docker run --rm -it instrumentisto/nmap -A -T4 scanme.nmap.org
-A: Enable OS detection, version detection, script scanning, and traceroute
At the start of the itenium Security Bootcamp at least one player per team should do an nmap scan to discover services that are not (yet) available directly from the Portal.