Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin (Hacking Illustrated Series InfoSec Tutorial Videos)

Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin

    This is the 2nd in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers scanning Nmap, Hping, Amap, TCPDump, Metasploit, etc.

Details:

Video Tutorials: www.youtube.com/user/webpwnized
Video Index URL: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae 
YouTube Channel:  http://www.youtube.com/user/webpwnized
Twitter Updates: @webpwnized

 

Download from:
http://archive.org/download/IntroToScanningNmapHpingAmapTcpdumpMetasploitEtc.JeremyDruin/IntroToScanningNmapHpingAmapTcpdumpMetasploitEtc.JeremyDruinwebpwnized.avi

Notes from Jeremy:

Network DNS Sweeping
 nmap -sL - Does not send packets to hosts. Attempts to resolve hostnames via DNS only.
 
Network Sweeping
 nmap
  -P<probe type>
  N - Don't Ping
  B - Default (ICMP Echo, SYN 443, ACK 80, ICMP Timestamp)
  E - ICMP Echo Request (type 8)
  S <ports> - TCP SYN <ports>
  P - ICMP Timestamp Only
  M - ICMP address mask request
  P - ARP
 ping6
  ping6 -I <interface> ff02::1 - local subnet broadcast
  ping6 -I <interface> ff02::2 - IPv6 router neighborhood discovery
 -sn = sweep network
 
 hping3
  By default sends TCP packets to port 0 with no flags set. Can send ICMP, TCP, UDP to any port with any comination of flags specified.
Operating System Fingerprinting
 nmap -O
 xprobe2
Service Version Scanning
 THC amap
 nmap -sV -sC --script=<scripts>
 nmap -A (nmap -O -sV -sC --traceroute)
Network Scanning
  nmap
  -sS SYN scan (stealth)
  --packet-trace display packet summary
  runtime interaction
   p packet trace
   d debugging info
   v verbosity
   (Shift undo setting)
  -T timing
   Speeds 0-5
   --host_timeout time limit per host
   --max_rtt_timeout probe timeout
   --min_rtt_timeout min probe wait time
   --initial_rtt_timeout starting timeout value
   --max_parallelism simultaneous probes
   --scan_delay min wait between probes
  -P<X> Probe (Sweep) Type
   N - Don't Ping
   B - Default (ICMP Echo, SYN 443, ACK 80, ICMP Timestamp)
   E - ICMP Echo Request (type 8)
   S <ports> - TCP SYN <ports>
   P - ICMP Timestamp Only
   M - ICMP address mask request
   P - ARP
  --trace-route
  --script=<scripts or script filter> i.e. "smb* and safe"

 

 

 


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek