Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- GRADE 2 Session 6
- =================
- NSA --> Network Security Analysis
- =================================
- Information Gathering
- ---------------------
- When ever we perform or we try to exploit any device, which is coonected in the network, then, we need to have some specific information. We cannot exploit the target just by using target's IP address. So we need to perform Network Security Analysis.
- We have two types of Information Gathering
- 1. Normal Information Gathering
- 2. Intelligent|Advance Information Gathering
- 1. Normal Information Gathering
- -------------------------------
- It is the informatin Gathering in which we get IP addresses, MAC addresses, Vendor name and device name only. Which is again a good part but not enough for exploiting.
- Microsoft OS --> Cain & Able
- Angry IP Scanner
- Advance IP Scanner
- Softperfect Network Scanner
- Linux Based OS --> netdiscover
- arp-scan
- 2. Intelligent|Advance Information Gathering
- --------------------------------------------
- This is deep informatin Gathering. In this type of informatin Gathering, we receive much more information as compare to Normal Information Gathering.
- The Information we receive:
- IP Address
- MAC Address
- Services
- Service Version
- Port Number Which are being used
- OS Version
- OS Family
- OS Build Number
- VULNERABILITY
- Best tool ever for network informatin Gathering
- NMAP --> CLI --> Command Line Interface
- ZENMAP -> GUI --> Graphical User Interface
- NMAP --> Network Mapping
- ====
- It is the best network scanning tool with multiple types of scan. It is network discovery tool and exploring tool. It is already installed in Kali Linux.
- Scans
- -----
- 1. To scan the whole network.
- -----------------------------
- #nmap 192.168.195.1/24
- #nmap 192.168.195.1-255
- PORT STATE SERVICE
- Port Number OPEN Protocol|Service
- CLOSED
- FILTERED
- OPEN --> Open means that an application on the target machine
- is listening for connections/packets on that port.
- CLOSED -> Closed ports have no application listening on them, though they could open up at any time.
- FILTERED --> There is either of the things deployed
- Firewall
- IPS
- IDS
- WAF
- OPEN|FILTERED
- CLOSED|FILTERED
- 2. To scan a specific IP Address
- --------------------------------
- #nmap 192.168.195.192
- nmap <IP Address>
- 3. To get the services
- ----------------------
- #nmap -sS 192.168.195.192
- -s --> To run a script
- S --> It is a service scanning script
- 4. To scan the version of the services
- --------------------------------------
- #nmap -sS -sV 192.168.195.192
- -s --> to run a script
- S --> Service Detection
- V --> Version Detection
- 5. To gather other minute information about the services
- --------------------------------------------------------
- #nmap -sS -sC -sV 192.168.195.192
- C --> to gether other information completely
- 6. OS Detection Only
- --------------------
- #nmap -O 192.168.195.192
- 7. Aggressive Scan
- ------------------
- #nmap -A -T4 192.168.195.192
- -A --> Aggressive Scan
- -T --> Time duration between two consecutive packets
- 4
- 8. To detect a firewall
- -----------------------
- #nmap -f 192.168.195.192
- 9. To do fast|quick scan
- ------------------------
- #nmap -F 192.168.195.192
- 10. When Firewall is up
- -----------------------
- #nmap -Pn 192.168.195.192
- #nmap -Pn -sS -sC -sV -O 192.168.195.192
- 11. To scan a specific port
- ---------------------------
- #nmap 192.168.195.192 -p 80,3306 --> scan port 80 and 3306
- #nmap 192.168.195.192 -p 80-3306 --> scan a range of port from 80-3306
- 12. Vulnerability Script
- --------------------------
- # nmap --script vuln IPADDRESS
- 13. MIgrating SCans
- #nmap -Pn -p80 -sS -sV -sC 192.168.195.192
- ZENMAP
- ======
- Graphical representation of NMAP. Data in this scanning is not accurate and it generates the noise in the network.
- IP Address
- Type Of scan
- Click on scan
- Enjoy :)
- Metasploit Framework
- ====================
- Tool used for exploitation purposes. Most of the researchers uses this tool for exploiting devices, machine, databases and servers.
- This tool is a product of Rapid7 community.
- Metasploit Framework we use is a trial version|limited version.
- MODULE CONTAINING :
- Payloads
- Exploits
- Auxiliary
- Encoders
- NOPS
- Post
Add Comment
Please, Sign In to add comment