Hacking of Computer Networks. Dr. Hidaia Mahmood Alassouli

Чтение книги онлайн.

Читать онлайн книгу Hacking of Computer Networks - Dr. Hidaia Mahmood Alassouli страница 3

Hacking of Computer Networks - Dr. Hidaia Mahmood Alassouli

Скачать книгу

we use the tool lbd (load balance dector)

      # ./lbd.sh www.yahoo.com

      It will try to find whether it is load balancing server. It will find the type of server, whether dns or http. It will check the dns load balancing and the http load balancing. Then it will tell whether load balancing made by http or dns

       You can detect the web application firewall. There is tool called wafw00f. The tool can detect some firewalls. Go to waffit in backtrack.

      #./wafw00f.py www.contra.gr

       Some websites can offer help in least time.Centralops.net can make service scan and network whois and domain whois and traceroute and find dns records. Other website can do the same purpose: network-tools.com and serversniff.net and mrdns.com.

       On firefox, add passiverecon addon and you can get from it all information about the web site you are browsing.

       Part 3: Scanning Methodology

      Part 3 of Certified Ethical Hacker (CEH) Course

      By

      Dr. Hidaia Mahmood Alassouli

      [email protected]

       Part 3: Scanning Methodology

      a) Scanning Methodology

      The steps for hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks

Image

      b) Understanding Packet Craft to Create Packet

Image

       Using scapy tool to send a packet

Image Image

      c) Understanding the ping sweep technique.

Image

      It will find which devices are actives in the network. There are many tools to make ping sweep: angry and hping and nmap.

       Use nmap

      #nmap –sn 192.168.28.0 /24

       Use hping

       Use in windows angry tools

Image

       Use the nmap to know the open ports in a host

Image

      #nmap –sT 192.168.152.130 -p 80

       Use the nmap to make scan on all ports

      #nmap 192.168.152.130

       Use the metasploit for same purpose

      #msfconsole

      Msf> search scanner/portscan

      Msf> Use auxiliary/scanner/tcp

      Msf> Info

      Msf> Set RHOSTS 192.168.28.139

      Msf> Set PORTS 1-1000

      Msf> run

       The problem if there is firewall we will not get results. In stealth scan or half open scan

Image

      # nmap –sS 192.168.28.13 -p 80

      Use the metasploit for same purpose

      #msfconsole

      Msf> search scanner/portscan

      Use auxiliary/scanner/syn

      Info

      Set RHOSTS 192.168.28.139

      Set PORTS 1-1000

      Run

       We can use the ACK to know the unfiltered ports on firewall

Image

      # nmap –sA 192.168.28.138 -p138

      It will tell you it is unfiltered port in the firewall

       Use the metasploit for same purpose

      #msfconsole

      Msf> search scanner/portscan

      Use auxiliary/scanner/ack

      Info

      Set RHOSTS 192.168.28.139

      Set PORTS 3380-3390

      Run

      It will tell you the unfiltered ports

       The FIN scan is another way of scan. The computer sends FIN packet and if the host answered it, it is open port otherwise it is closed port

Image

      # nmap –sF 192.168.28.138 -p1-1000

       The XMAS scan is another way of scan. The source machine sends FIN and URG and PUSH and if the destination did not answer, then the port open and if it did answer with RST then the port close.

Image

      # nmap –sX 192.168.28.138 -p80

       Here the source machine sends TCP packet with NO flag set. If the destination did not answer, then the port open and if it did answer with RST then the port close.

Image

      # nmap –sN 192.168.28.138 -p80

       The Idel scan is another way of scan. We want when we make scan, the destination does not register that I made the scan, but the IDS registers the Zombie

Скачать книгу