It goes without saying that you need to first know your
target before you can attack one.
Knowing your target is one of the most important things a
security professional has to do. You should spend a good amount of time here.
Basic objectives of network scanning:
- Discover live hosts (IP address) and their OS
- Discover open ports on live hosts
- Discover services running on open ports
Let’s do this! :)
Fire up your Kali, Windows 7 and XP (if you got one). Make
sure they are all on VMNet1 (Host Only) network.
Go to your attacker machine, open up the terminal and type: ifconfig
Go to your attacker machine, open up the terminal and type: ifconfig
You should see your IP address start with 192.168.x.x. Mine
is 192.168.221.133. With the net-mask of 255.255.255.0, it means I am on the 192.168.221.0/24
network giving me the privilege to talk to any other hosts on my network
directly.
Since this series is not meant for experts, we will not go
through the rest of the information that is displayed. We cover it all in-depth
with our advanced hacking course. More info on this at the bottom of the page.
A ping sweep is a fundamental
system scanning tactic to discover live hosts on the network.
How does it work?
It uses the ICMP protocol. Send ICMP Echo requests
to hosts. If host is alive, you will receive an ICMP Echo response else you
will not receive anything.
Ping sweep using Fping
Type the following in the terminal: fping -g 192.168.221.0/24
Replace my network address with
yours. You should know yours by now. What this command does with the “-g” flag
is it tells fping to generate a target list on the given subnet.
You should now be able to discover
your Windows 7 and/or XP machines on the virtual lab. As you can see above, 3
hosts are found alive. 1 is my attacker machine and the remaining 2 are the
victim machines.
Ping sweep using Nmap
Nmap is a popular network scanning
tool. It holds more functionality over Fping.
Type the following in the terminal:
nmap -sP -PI 192.168.221.0/24
Make sure to replace my network address with yours. What this command does with the "-sP" flag is it tells nmap to run a ping scan and with the "-PI" to run ICMP scan.
Fping discovered 3 hosts are also discovered with Nmap. However there are 2 more extra "hosts" that are discovered with nmap, 192.168.221.1 and 192.168.221.254. Can you guess what they are? Tell us in the comments below.
That’s it for now. Take your time to play around with fping
and nmap and see what else you can do with it. We will continue with further
network scanning on the next article. One step at a time.
I mentioned about an advanced hacking course earlier. We at
Bitcrack are offering a course that is 110% hands on and technical. For
example, from what we demonstrated today we go in-depth into what other information of “ifconfig”
command and mastering fping and nmap.
For info on this, send us a tweet @bitcrack_cyber.
-Jayesh Kerai (@secjay)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.