we use the tool lbd (load balance dector)
# ./lbd.sh www.yahoo.com
It will try to find whether it is load balancing server. It will find the type of server, whether dns or http. It will check the dns load balancing and the http load balancing. Then it will tell whether load balancing made by http or dns
You can detect the web application firewall. There is tool called wafw00f. The tool can detect some firewalls. Go to waffit in backtrack.
#./wafw00f.py www.contra.gr
Some websites can offer help in least time.Centralops.net can make service scan and network whois and domain whois and traceroute and find dns records. Other website can do the same purpose: network-tools.com and serversniff.net and mrdns.com.
On firefox, add passiverecon addon and you can get from it all information about the web site you are browsing.
Part 3: Scanning Methodology
Part 3 of Certified Ethical Hacker (CEH) Course
By
Dr. Hidaia Mahmood Alassouli
Part 3: Scanning Methodology
a) Scanning Methodology
The steps for hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks
b) Understanding Packet Craft to Create Packet
Using scapy tool to send a packet
c) Understanding the ping sweep technique.
It will find which devices are actives in the network. There are many tools to make ping sweep: angry and hping and nmap.
Use nmap
#nmap –sn 192.168.28.0 /24
Use hping
Use in windows angry tools
Use the nmap to know the open ports in a host
#nmap –sT 192.168.152.130 -p 80
Use the nmap to make scan on all ports
#nmap 192.168.152.130
Use the metasploit for same purpose
#msfconsole
Msf> search scanner/portscan
Msf> Use auxiliary/scanner/tcp
Msf> Info
Msf> Set RHOSTS 192.168.28.139
Msf> Set PORTS 1-1000
Msf> run
The problem if there is firewall we will not get results. In stealth scan or half open scan
# nmap –sS 192.168.28.13 -p 80
Use the metasploit for same purpose
#msfconsole
Msf> search scanner/portscan
Use auxiliary/scanner/syn
Info
Set RHOSTS 192.168.28.139
Set PORTS 1-1000
Run
We can use the ACK to know the unfiltered ports on firewall
# nmap –sA 192.168.28.138 -p138
It will tell you it is unfiltered port in the firewall
Use the metasploit for same purpose
#msfconsole
Msf> search scanner/portscan
Use auxiliary/scanner/ack
Info
Set RHOSTS 192.168.28.139
Set PORTS 3380-3390
Run
It will tell you the unfiltered ports
The FIN scan is another way of scan. The computer sends FIN packet and if the host answered it, it is open port otherwise it is closed port
# nmap –sF 192.168.28.138 -p1-1000
The XMAS scan is another way of scan. The source machine sends FIN and URG and PUSH and if the destination did not answer, then the port open and if it did answer with RST then the port close.
# nmap –sX 192.168.28.138 -p80
Here the source machine sends TCP packet with NO flag set. If the destination did not answer, then the port open and if it did answer with RST then the port close.
# nmap –sN 192.168.28.138 -p80
The Idel scan is another way of scan. We want when we make scan, the destination does not register that I made the scan, but the IDS registers the Zombie
