NMap 101: Scanning Networks For Open Ports To Access, HakTip 94

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this hack tip is brought to you by hack 5 and viewers like you support us directly at hack shop calm welcome to act tip the show will we break down concepts tools and techniques for hackers gurus and IT ninjas I'm Shannon Morse and today we are performing aggressive scans and even more now first off and map it can be used to obtain a much more aggressive scan than the ones that we have seen so far in our previous hack tips it's very very simple to do this to you simply add an extra little script and you're good to go so let's go ahead and try this out on my computer I'll go ahead and pull up one of my terminals I have two grunting and I'll show you why in just a few moments but first off let's go ahead and do this aggressive scan to do this you type in nmap tech capital a progressive and then whatever you're wanting to scan so I'm going to scan 10.7 a 3.31 dot 64 and I'm going to go ahead and run it so while this is running in the background let me go ahead and tell you a little bit about what an aggressive scan is so these simply put together some of the most popularly used commands in nmap into one command for you to type so it just makes it easier it uses commands such as tak o tak s capital C tech tech traceroute and some others we'll go into all of these very soon on hacked tip but for now just simply know that Oh works for operating system detection which is pretty cool tak s capital C runs several scripts inside of nmap once such as speed and verbosity and then traceroute is just that it is a traceroute now when running the scan which will take a lot longer and you can tell in the background because of the extra scripts involved you'll receive back a whole bunch of strange looking fingerprint information so let's go ahead and wait for this to go ahead and finish so once that's done it'll pull up a bunch of information about the thing that I'm trying to scan and it does take about like two three minutes for it to finish there we go okay so if you are watching this you see that I ran two commands the first one look like this it was nmap Tek a 1070 330 1.64 and the second one I ran was 74 so the reason for that is I wanted to show you the difference between the two first one I ran was a printer which really doesn't give us a lot of information if I scroll up and look at that command right here okay so we see a whole bunch of fingerprinting information but otherwise we just get what we normally would with a regular nmap scan if I scroll back down to this one 74 this one is running our Nass and it gives us some really interesting facts such as the name of our Nass which is the Synology dis station and if I scroll down you can see that there it is HTML title Synology z-- dis station and we can also see things such as the open ports with a little bit more information so you can see right here we have OpenSSH 5.8 running on this open port 2 - 2 - as well as the printer work group a workgroup and whatnot you can even see this really interesting part down a little bit further let me see if I can find it for you it's kind of funny oh there they are right here I've highlighted it for you the SSH host key with DSA and RSA encryption that's really funny I just enjoy being able to see all those interesting facts about different things on the network it can really help if you're worried about somebody breaking in from externally into your network and trying to make sure that things are you know secure like they should be now after the break I'm going to go ahead and jump over to netcat yeah we're bringing back in that cat we're going to have some fun with that but first let's go ahead and thank our sponsor the hack shop is hack 5s premier store for all of your pen testing needs including one of my favorites the USB rubber ducky which looks like a flash drive and it types like a keyboard it type scripts into a computer crazy crazy fast like this week's pick from water pistol in the forums so this very very simple script is used to change the wallpaper on an OSX Mavericks computer it's very very easy to use and it's short so it's a really great one to start off on also congrats to water pistol on your first script excellently written now of course we couldn't do the show without your support so we would like to thank you with something very special you can use the coupon code snubs with any order in the hack shop for your very own hack tip sticker isn't that cute and I even signed it for you thank you so much for supporting the show we'll be right back we're back and we promise to bring you some netcat action so here goes if i nmap our network obviously we already know how to use this so I'm going to go ahead and type it in its nmap 10 dot 73 31.0 slash 24 that's the site or cidr notation so I'm going to let this run in the background basically what it's going to find is dot six four so ten dot 73 31.6 for which just happens to be an HP printer with telnet open on port 23 here we go alright so it's updated for us so I'm going to scroll up so I can look through here and see all sorts of fun things so here it is oh look at that telnet sopin on for 23 hmm what can I do now so let's think in netcat we learned how to log into a port so if i open netcat on my computer i'll just type NC 10 dot 70 3.31 dot and that was 64 and the port which is 23 and click enter I am now in telnet debugging we just tell NetID into our HP computer so fun so now I can just type in all sorts of different things that I can do in telnet so I could try PWD and I see nothing all right that's boring let's try LS ok so we have some folders let's see what what are these directories cloud eprint IPP that's interesting let's try ePrint actually CD ePrint and if I LS now I can see let's see okay so we have debug settings error codes cloud config I can show settings so I'm going to type show settings so I can see the settings of the computer if I see D period period get back to home LS again let's see I'll go into cloud / wild LS and here I get a whole bunch of fun things I can do let's see I can set cloud cert validation custom settings I can set the serial number oh that's fun print print instruction page okay so if I had this printer installed on my computer instruction page CSS printer is not registered but if you do have it registered you could pretty much print from the terminal because why not this is so fun I got so excited when I figured that out that I could easily do this with two programs that I just recently learned and researched how to use it's super exciting and I love being able to integrate what I've learned into a hack tip like this so yay I learned something fun and I want to see what you guys have been doing with nmap as well because this is really cool I love being able to take netcat and use my example with nmap and just you know have some enjoyment out of it seems you can always send me a comment below or you can email us over at tips at hack 5 org we check them all we may not be able to reply but you know we're busy so if you like add map perhaps you will also enjoy our new show with Moo bik's which is called Metasploit and minute it's over at youtube.com slash hack 5 and hack 5 org and be sure of course to check out our sister show hack 5 we've been having a lot of fun with antennas definitely check that out I'll be reminding you over there to trust your titanal list see you next ramble ramble ramble ramble ramble

Info

Channel: Hak5

Views: 245,901

Rating: 4.8807082 out of 5

Keywords: NMap, Network mapper, scan, target, hack, net cat, network, ports, subnet, list. exclude, file, omit, open, keys

Id: TyUtnOb-kS0

Channel Id: undefined

Length: 8min 50sec (530 seconds)

Published: Fri Apr 11 2014