NMAP - Commands | Shahul Hameed

Scanning Methodology — A Roadmap

This guide gives you a quick end-to-end roadmap of pen-test activity using nmap.

To Whom It Concern: This article is for beginners in the cybersecurity domain who wants to get a quick practical guide on Pen Testing systems via the nmap.

First thing first, you will need a Network exploration tool and security/port scanner. We will be using the nmap tool. If you don’t have Nmap installed, you can get it from here. It’s free…!
We can use both Graphical version or via terminal.

Methodology

  1. Look for Live Systems
  2. Check for Open Ports
  3. Banner Grabbing
  4. Vulnerability Scan
  5. Penetration Test Report

1. Check for Live Systems

We have to search for any alive systems present in our scope environment. We will perform a sweep over a network.

nmap -sP 192.168.205.1/24

Now, we have a total of 6 hosts that are Up out of 256 IP address sweep.

2. Check for Open Ports

The next task to be done would be to do a port scanning to obtain information about open ports running on the system. Choose a specific host. We will get to know the port details and services running over them.

nmap 192.168.254.249

Total of 6 open ports are found, and we can see service running on them also.

3. Perform Banner Grabbing

Banner Grabbing is one of the several techniques used to discover the type and/or version of the software in use.

Version Detection
To enable version detection the “-sV” switch is used.

nmap -sV 192.168.254.249

It’s getting interested now, we got to know the Application names and their version also.

Operating System Detection:
To enable operating system detection the “-O” switch is used.

nmap -O 192.168.205.249

The operating system on this host is found to as Windows 10.

Alternatively, you can use the -A argument to perform an aggressive scan. It enables OS detection, version detection, and other services.

nmap -A 192.168.205.249

4. Vulnerability Scan

The next step is to determine the vulnerability that exists in host.

nmap --script vuln 192.168.205.249

Nmap Scripting Engine (NSE) Script is one of the most popular and powerful capabilities of Nmap. These Nmap vulnerability scan scripts are used by penetration testers and hackers to examine common known vulnerabilities.

NSE scripts are classified according to a set of predetermined categories to which each script belongs. Authentication, broadcast, brute force, intrusive, malware, safe, version, and vuln are some of the categories. You can find all the category types of NSE scripts and their phases here.

It makes your life easier since you can find an existing vulnerability from the Common Vulnerabilities and Exploits (CVE) database for a particular version of the service.

So we can see several vulnerability codes: CVE-2012–1182, CVE-2007–6750.

The running application/services are prone to those vulnerabilities. Further details can be found over vulnerability databases.

Vulnerability Databases:

https://cve.mitre.org/cve/search_cve_list.html
https://www.cvedetails.com/
https://nvd.nist.gov/vuln/search
https://vuldb.com/?search

5. Penetration Testing Report

It’s time to write down the findings. Few headings to be addressed in a Pen test reports are as follows;

  • Summary:
    Summaries the report content in small paragraph; statement of tasks accomplished, methodology used, high level findings and recommendation.
  • Scope of Work:
    Includes IP addresses tested, type of pen test performed. Duration in which activity was carried.
  • Project Objective:
    What organization can achieve after knowing the risk and mitigating it.
  • Details of Finding:
    Count of discovered risks, based on priorities. For each finding, describe the threat level, vulnerability rating, impact.
  • Recommendations:
    Present the solutions, mitigations, or other suggestions for reducing/eliminating the vulnerability.

You can find out several sample penetration testing reports online. Details for pen-test report content can be found on SANS “https://www.sans.org/white-papers/33343/”.

Comments

Post a Comment

Popular posts from this blog

Using Burp Suite - Brute Force payloads using XSS Validator(Extension) | Shahul Hameed

Image
XSS Brute Force Payloads using Burp Suite  Step 1: Get the parameter variable from the scope URL. Step 2: Intercept the parameter value using the burp suite application as shown in the below screenshot. Step 3: Clear and add the variable position which goes to perform an attack on the brute force of XSS payloads. Step 4: Install xssValidator extension in the burp suite and we can also add custom payloads in the below payloads box. Step 5: Set the following options in the Payloads option. Step 6: In Intruder clear, the Grep-Match and Grep-Payloads checked option search responses for payload strings. Step 7: Copy the grep phase from xssValidator and paste it into the intruder grep-match. Step 8: Unchecked the option from the payload encoding. Step 9: Start the attack and check the results with the grep value is 1 manually in the web browser which exploited the XSS attack payload.
Read more

Janus Vulnerability Exploitation

Image
  Janus Vulnerability(Exploitation) In brief, Applications that are signed only with v1 when installed on devices having an android version(5.0–8.0) are vulnerable to Janus Vulnerability. Step 1: Use the  apksigner tool and verify the signature v1 is only true , Hence it's highly possible to exploit the Janus vulnerability in the android application. CMD: apksigner verify -verbose h5.apk(Victim app) Before that we need to make sure that this application can be made to run on vulnerable Android versions  5.x, 6.x, 7.x & 8.0 (i.e., api level 21–26). Step 2:  Now let's check with min android version running on the application use apktool . CMD: apktool -s d H5.apk && cat H5/apktool.yml | grep minSdk The below application can be run on API Level 15(Android 4.0.4 Ice Cream Sandwich), so we can choose any device from  5.x, 6.x, 7.x & 8.0  to exploit it. A serious vulnerability in Android allows attackers to inject a DEX file into an APK file without affecting the sig
Read more

SQL Basics | Shahul Hameed

Image
  SQL _Queries   Resource: https://balanced-quince-db1.notion.site/SQL-7347f5956fe347f887b4132c716cd236#17bc403a1add453db519621da47c1de3 Database queries CREATE DATABASE LOGICFIRST; -- creates a new database -- TO DELETE A DATABASE DROP DATABASE LOGICFIRST; DROP SCHEMA LOGICFIRST; -- same as above. u can use DATABASE Or SCHEMA DROP SCHEMA IF EXISTS LOGICFIRST; -- prevents error if db not found   SHOW DATABASES; -- shows all the databases SHOW SCHEMAS; -- same as above. shows schemas/db   USE SYS; -- uses this database for all further commands SHOW TABLES;-- shows all tables in the database being used Table - Create,Delete,Alter primary key - uniquely identifies a row in a table //creating a table CREATE TABLE student(                id INT PRIMARY KEY,     name VARCHAR(30),     gpa DECIMAL(3,2) ); -- ----or----- CREATE TABLE student(                id INT,     name VARCHAR(30),     gpa DECIMAL(3,2),     PRIMARY KEY(id) );  
Read more