Tuesday, 29 July 2014

Top 10 NMap Command Variant used by Pentesters



This is actually a video I made simply to highlight the most commonly used NMap command by pentester in their daily job. Well, this is a very simple command - output video that I used against a virtual machine of mine. Below are the list of commands I have highlighted in the video (in case you want a static non-moving reference). Do share if you find this video helpful and follow me at @SecurityBazinga and my Youtube channel Security Bazinga Youtube Channel. Thanks folks!

NMap Commands Used in this Video
  • nmap -sP [IPAddressRange] - Ping sweep the whole subnet to see what host is alive
  • nmap -sT [IPAddress] - Establish a complete 3 way handshake with Target Host & port scan (Non-stealthy and easily leaves traces)
  • nmap -sS [IPAddress] - Establish an incomplete 3 way handshakre with Target Host & port scan (Stealthy and less traces)
  • nmap -F [IPAddress] - By default NMap does port scan using the Top 1000 commonly used ports in the Internet. To do a much faster scan, use -F to scan Top 100 commonly used ports in the Internet.
  • nmap [IPAddress] -p [portnum/range] - Does port scan on Target Host only to the ports mentioned.
  • nmap -sV [IPAddress] - Does port scan and version scan on the service listening on the respective ports.
  • nmap [IPAddress] --reason - Displays the reason why NMap  determined the port is either open, closed or filtered.
  • nmap -O [IPAddress] - Does a OS fingerprinting scan to identify what OS the Target Host is running on.
  • nmap [IPAddress] -oA [filename] - Outputs the result of NMap in 3 different files (txt, greppable format and xml format)
  • P, V, D - This can be done interactively while the scan is running. To turn on the packet trace function, press the p key. This will display the packets that are being sent by NMap to the target host (sniffer). To turn on Verbosity, press the v key. This is to display the verbosity and more information about the scan to the user. Example of information would be number of packet sent, ports discovered open and responding etc. Debugging is another feature which can be turned on using the key d. This is to show the debugging information of the scan while it is running.

Saturday, 12 April 2014

Netcat Relay for Penetration Testing

Hello Guys. In this post, I would explain to you about Netcat relay which has very little video presentation on how it is done especially for penetration testing purpose. So I have done a simple video illustrating how in a penetration testing process, you may use Netcat relay to achieve something which is useful.

Netcat Relay

In this video, the scenario would be like below;

1) There will be three machines in this tutorial. 
  1. Windows Machine (Hacker's Machine)
  2. Kali Linux Machine (A machine assuming in the DMZ environment of the target network)
  3. Ubuntu Machine (A machine which is in the same network as DMZ but not accessible by the Hacker's machine)