Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin (Hacking Illustrated Series InfoSec Tutorial Videos)

Feel free to include my content in your page via my
RSS feed Follow @irongeek_adc

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:

Help Irongeek.com pay for bandwidth and research equipment:

Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin (Hacking Illustrated Series InfoSec Tutorial Videos)

Intro to Scanning: Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin

This is the 2nd in a line of classes Jeremy Druin will be giving on pen-testing and web app security featuring Mutillidae for the Kentuckiana ISSA. This one covers scanning Nmap, Hping, Amap, TCPDump, Metasploit, etc.

Details:

Video Tutorials: www.youtube.com/user/webpwnized
Video Index URL: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae
YouTube Channel: http://www.youtube.com/user/webpwnized
Twitter Updates: @webpwnized

Download from:
http://archive.org/download/IntroToScanningNmapHpingAmapTcpdumpMetasploitEtc.JeremyDruin/IntroToScanningNmapHpingAmapTcpdumpMetasploitEtc.JeremyDruinwebpwnized.avi

Notes from Jeremy:

Network DNS Sweeping

nmap -sL - Does not send packets to hosts. Attempts to resolve hostnames via DNS only.

Network Sweeping

nmap
  -P<probe type>
  N - Don't Ping
  B - Default (ICMP Echo, SYN 443, ACK 80, ICMP Timestamp)
  E - ICMP Echo Request (type 8)
  S <ports> - TCP SYN <ports>
  P - ICMP Timestamp Only
  M - ICMP address mask request
  P - ARP
ping6

  ping6 -I <interface> ff02::1 - local subnet broadcast
  ping6 -I <interface> ff02::2 - IPv6 router neighborhood discovery

-sn = sweep network

hping3
  By default sends TCP packets to port 0 with no flags set. Can send ICMP, TCP, UDP to any port with any comination of flags specified.

Operating System Fingerprinting

nmap -O
xprobe2

Service Version Scanning

THC amap
nmap -sV -sC --script=<scripts>
nmap -A (nmap -O -sV -sC --traceroute)

Network Scanning

  nmap

  -sS SYN scan (stealth)
  --packet-trace display packet summary

  runtime interaction
   p packet trace
   d debugging info
   v verbosity
   (Shift undo setting)

  -T timing
   Speeds 0-5
   --host_timeout time limit per host
   --max_rtt_timeout probe timeout
   --min_rtt_timeout min probe wait time
   --initial_rtt_timeout starting timeout value
   --max_parallelism simultaneous probes
   --scan_delay min wait between probes

  -P<X> Probe (Sweep) Type
   N - Don't Ping
   B - Default (ICMP Echo, SYN 443, ACK 80, ICMP Timestamp)
   E - ICMP Echo Request (type 8)
   S <ports> - TCP SYN <ports>
   P - ICMP Timestamp Only
   M - ICMP address mask request
   P - ARP

  --trace-route

  --script=<scripts or script filter> i.e. "smb* and safe"

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.