Ad
More Related Content
What's hot (20)
Viewers also liked (7)
Ad
Similar to Nmap and metasploitable (20)
Ad
Recently uploaded (20)
![Get & Download Wondershare Filmora Crack Latest [2025]](https://cdn.slidesharecdn.com/ss_thumbnails/revolutionizingresidentialwi-fi-250422112639-60fb726f-250429170801-59e1b240-thumbnail.jpg?width=560&fit=bounds)
Nmap and metasploitable
- 2. About Me Mohammed Akbar Shariff Cyber Sec Intern – WICS Graduating M.tech www.linkedin.com/in/mohammed-akbar-shariff @akbarshariffak
- 3. Agenda • Basics of Network • Metasploitable II • Introduction to NMAP • Port Status • Scan Types • Host Discovery • OS Fingerprinting • Nmap Scripting Engine
- 4. Basics of Netwoks TCP Header
- 7. TCP Three way handshake
- 8. Metasploitable II The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
- 9. What is NMAP? • Network Mapper - Utility used to identify assets and map them in a network. • https://github.com/nmap/nmap (Current release is 7.50, 20 year old project and active)
- 10. Why NMAP..?? • Perhaps I can ping sweep? • How to know which IP’s are alive? • There are only • 65535(PORTS) *2 (TCP &UDP)*24 ( if class C)
- 11. Nmap Port Status • OPEN • CLOSED • FILTERED • OPEN|FILTERED
- 12. NMAP port “Status” - Open •Open - SYN reached the end system, victim responded with SYN+ACK and Completes the handshake. Nmap -n -sT -p 80 192.168.56.104
- 13. NMAP port “Status” - Closed • Closed - SYN reached the end system, responded with RST+ACK. System is accessible and service is still not open on victim. Nmap -n -sT -p 22 192.168.56.104
- 14. NMAP port “Status” - Filtered • Filtered – Observed when a port does not respond on repeated tries. Nmap -n -sT -p 445 192.168.56.105
- 15. Scan Types nmap <options><scan type> <target>
- 16. NMAP Options -iL <filename>: Pass a list of hosts. -iR <number of Hosts>: Choose random targets. Ex: nmap -Pn -sS -p 80 -iR 0 --open -p <port ranges> : Port scanning, Only scan specified ports…. -p- Host Discovery -sL (List Scan): Simply lists each host of the network(s) specified. -sn : No port scan and only ping scan -Pn : Skip ping scan and treat all host to be live -PS <portlist> : TCP SYN Ping -n : No DNS resolution -R : DNS resolution for all targets -PE; -PP; -PM : ICMP Ping Types. -PA <port list> : TCP ACK ping -PU <port list> : UDP Ping
- 17. Nmap Scan Types • -sP (Ping Sweep) – Performs ARP ping and ICMP echo request to determine system is alive. • -sS (TCP SYN Scan) – Determines a system/port being alive by sending only SYN and waiting for SYN-ACK • -sU (UDP Scan) – Probes UDP detects system/port is alive when there is a UDP response + ICMP packet Destination unreachable. • -sT (TCP Connect Scan): Performs connection establishment using system call “connect” • -sN (Null scan): Does not set any bits (TCP flag header is 0). • -sF (FIN Scan): Sets just the TCP FIN bit. • -sX (Xmas scan): Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
- 18. OS Fingerprinting • Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. • Nmap compares the results to its nmap-os-db database of more than 2,600 known OS fingerprints and prints out the OS details if there is a match. -O (Enable OS detection)
- 19. Nmap – service Version and Enumeration! • Nmap-services database is constantly updated with services, finger printing and banners to identify remote ports and operating systems. • -sV - runs about ~30 Nmap Script Engine (.nse files) to identify and enumerate the service that has been detected earlier. • -sC – runs “default” ~200 Nmap Script Engine (.nse files) to identify and enumerate the services and provide vulnerabilities identified. Optionally can use - -script option.
- 20. Nmap service Enumeration! • The Difference between the two in Action TCP scan with Version -sT + -sV = -sTV Regular TCP scan
- 21. Nmap Scripting Engine(NSE) –What and Why? • Nmap Script Engine, written in Lua. • Sophisticated Version detection and OS detection. • Example: smb-os-discovery.nse , http-cisco-anyconnect.nse … • Vulnerability detection. • Example: tls-ticketbleed.nse, sslv2-drown.nse,.. • Malware detection. • Example: http-google-malware.nse.. • Vulnerability Exploitation. • Example: smb-psexec.nse,..
- 22. NSE – what? where? • -sC and --script uses NSE. There is a default set launched when no option is given. https://nmap.org/nsedoc/categories/default.html
- 23. Nmap Enumeration technique Notice how the service is not shell Even though Banner shows Shell
- 24. Nmap Enumeration technique So you need to use –sTV along for Version grab
- 25. Nmap Output Formatting Greppable Regular Text XML
- 26. References • https://www.nmap.org • https://null.co.in/ • http://insecure.org/
- 27. QUESTIONS??
- 28. THANK YOU