Tuesday, 29 July 2014

Top 10 NMap Command Variant used by Pentesters



This is actually a video I made simply to highlight the most commonly used NMap command by pentester in their daily job. Well, this is a very simple command - output video that I used against a virtual machine of mine. Below are the list of commands I have highlighted in the video (in case you want a static non-moving reference). Do share if you find this video helpful and follow me at @SecurityBazinga and my Youtube channel Security Bazinga Youtube Channel. Thanks folks!

NMap Commands Used in this Video
  • nmap -sP [IPAddressRange] - Ping sweep the whole subnet to see what host is alive
  • nmap -sT [IPAddress] - Establish a complete 3 way handshake with Target Host & port scan (Non-stealthy and easily leaves traces)
  • nmap -sS [IPAddress] - Establish an incomplete 3 way handshakre with Target Host & port scan (Stealthy and less traces)
  • nmap -F [IPAddress] - By default NMap does port scan using the Top 1000 commonly used ports in the Internet. To do a much faster scan, use -F to scan Top 100 commonly used ports in the Internet.
  • nmap [IPAddress] -p [portnum/range] - Does port scan on Target Host only to the ports mentioned.
  • nmap -sV [IPAddress] - Does port scan and version scan on the service listening on the respective ports.
  • nmap [IPAddress] --reason - Displays the reason why NMap  determined the port is either open, closed or filtered.
  • nmap -O [IPAddress] - Does a OS fingerprinting scan to identify what OS the Target Host is running on.
  • nmap [IPAddress] -oA [filename] - Outputs the result of NMap in 3 different files (txt, greppable format and xml format)
  • P, V, D - This can be done interactively while the scan is running. To turn on the packet trace function, press the p key. This will display the packets that are being sent by NMap to the target host (sniffer). To turn on Verbosity, press the v key. This is to display the verbosity and more information about the scan to the user. Example of information would be number of packet sent, ports discovered open and responding etc. Debugging is another feature which can be turned on using the key d. This is to show the debugging information of the scan while it is running.

Saturday, 12 April 2014

Netcat Relay for Penetration Testing

Hello Guys. In this post, I would explain to you about Netcat relay which has very little video presentation on how it is done especially for penetration testing purpose. So I have done a simple video illustrating how in a penetration testing process, you may use Netcat relay to achieve something which is useful.

Netcat Relay

In this video, the scenario would be like below;

1) There will be three machines in this tutorial. 
  1. Windows Machine (Hacker's Machine)
  2. Kali Linux Machine (A machine assuming in the DMZ environment of the target network)
  3. Ubuntu Machine (A machine which is in the same network as DMZ but not accessible by the Hacker's machine)

Sunday, 29 December 2013

Don't Hack Them. Hack-Me!



Want to learn web application hacking on the fly? What if there is a platform that has almost all the vulnerable web apps for you to test, play and research about web application security? What if you don't have to pay a single dime for this application? What if you don't have to worry about running vulnerable web apps in your own machine and get hacked by others while you are learning to hack? Well, wait no more as the platform is here.


Tuesday, 17 December 2013

[TIPS] Learn Linux/Unix CMD Line the Easy Way


Hey Guys. This time it's going to be a very simple and short post about something I found in the Net recently. See, we have to admit that most of the powerful tool (heck even Operating System) are Linux / Unix base. As much as we love our Windows 8.1 interface, but the power still goes to command-line. And we know that most of the security tools are best run in command-line (unless you have a choice to run it in GUI). So mastering command line to a certain level would be a great upper hand for any pentesters or sys admins to do their job.