thejoyofhacking.com

How to use Nmap like a Hacker

by CodebyCody September 14, 2020

If you’ve spent five minutes looking around at anything related to hacking networks you’ve undoubtedly run across the tool NMAP. And if you’ve just followed what ever example you saw it used in you are missing out on one of the most powerful hacking tools out there. Lets start from the beginning about nmap it was developed by Gordon Lyon also know as fyodor in 1997. It was created for fun and in the hopes that people would find it useful. And fyodor if you’re reading this it really is. This tool comes by default on kali machines but if you are using an OS that doesn’t have it already installed I’ll go over installation right now.

Installing Nmap

Linux RPM Source and Binaries

Simple commands for downloading nmap to RPM Source Linux check out the following commands. If these don’t work for you check out the more detailed guide on the nmap site here

rpm -vhU https://nmap.org/dist/nmap-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/zenmap-7.80-1.noarch.rpm
rpm -vhU https://nmap.org/dist/ncat-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/nping-0.7.80-1.x86_64.rpm

Mac OS X Binaries

You can get a stable release installer for Mac OS here

Scanning for targets

Before you can start looking at open ports and what services reside there we have to see what hosts are up to begin with.

Scan single IP	`root@kali:~# nmap 127.0.0.1`
Scan via domain name	`root@kali:~# nmap www.target.com`
Scan range of IPs	`root@kali:~# nmap 127.0.0.1-24`
Scan a full subnet	`root@kali:~# nmap 127.0.0.1/24`
Scan based on IP text file	`root@kali:~# nmap -iL iplist.txt`
Exclude host from Scan	`root@kali:~# nmap --exclude 127.0.0.1`
Exclude list from Scan	`root@kali:~# nmap --excludefile ips.txt`

OS and Service Detection

Now that we can see what host is up we should take a look at what Nmap can do in helping us determine the operating system and services on those hosts.

Detect OS and Services	`root@kali:~# nmap -A 127.0.0.1`
Standard Service Detection	`root@kali:~# nmap -sV 192.0.0.1`
Aggressive Detection	`root@kali:~# nmap -sV --version-intensity 5 127.0.0.1`
Banner Grabbing	`root@kali:~# nmap -sV --version-intensity 0 127.0.0.1`

Scanning for ports

While nmap has added a dizzying amount of functions and features port scanning is the core of what it does. Nmap recognizes six states when it comes to ports open, closed, filtered, unfiltered, open|filtered, and closed|filtered.

Scan Single Port (port 80)	`root@kali:~# nmap -p 80 127.0.0.1`
Scan a range of ports	`root@kali:~# nmap -p 22-80 127.0.0.1`
Scan top 100 most common ports	`root@kali:~# nmap -f 127.0.0.1`
Scan all the ports	`root@kali:~# nmap -p"*" 127.0.0.1`
Scan results for open ports only	`root@kali:~# nmap --open 127.0.0.1`

Port Scanning Techniques

With Nmap you can set the type of scan you would like to do when you set off on a scan hunt. Depending on the type of scanning you do most often you will use one of the following on an almost every scan bases. But even if that is the case it never hurts to know what the other techniques for scanning are out there.

TCP SYN scan (default)	`root@kali:~# nmap -sS 127.0.0.1`
TCP connect scan	`root@kali:~# nmap -sT 127.0.0.1`
UDP scan	`root@kali:~# nmap -sU 127.0.0.1`
SCTP INIT scan	`root@kali:~# nmap -sY 127.0.0.1`
TCP ACK scan	`root@kali:~# nmap -sA 127.0.0.1`
TCP Window scan	`root@kali:~# nmap -sW 127.0.0.1`

Outputting Formats

Lets finish this off with how you can store what nmap give you from these scans. Yes you could always pipe the standard out to a file but before you do that but check out what nmap can do right out of the box.

Default output to file	`root@kali:~# nmap -oN file.txt 127.0.0.1`
Output to XML	`root@kali:~# nmap -oX file.xml 127.0.0.1`
Output for grep friendly file	`root@kali:~# nmap -oG file.txt 127.0.0.1`
Output in all formats	`root@kali:~# nmap -oA file 127.0.0.1`

Conclusion

Nmap has far more to it then just what is listed here. Full books have been written on the subject including this one from the creator himself Nmap Network Scanning these will get you started in taking your nmap skills beyond simply running this command examples that are found on stackoverflow.

Uncategorized

Virtual Machines Explained

by CodebyCody September 8, 2020

TLDR;

Wikipedia defines Virtual Machines as: In computing, a virtual machine (VM) is an emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination. This post will be a Hello World for getting up and running with them.

Virtual Machines Explained
Images Explained
VMs and Linux
VMs and Mac
VMs and Windows

Virtual Machines Explained

A Virtual Machine, also referred to as VM, is simply a system known as the Guest running inside another system known as the Host with software holding the boundaries between the two. The system running inside the Virtual Machines is based on something called an Image and I’ll cover what that is in the next section. Virtual Machines are useful for a number of reasons from protecting your system from potentially harmful software to keeping a backup of a system ready for deployment at anytime. But for the purposes of this post and most of the site I’ll be using VMs for loading images to test hacking skills against.

What is an Image

The image is the everything when it comes to VMs. It holds the OS, applications, preexisting files, and anything else a normal system could have. Think of an image as a snapshot of a system. This could be used for handing out identical systems to multiple people and is a great way to learn since differences in configurations aren’t a factor. While you can make your own images that will be out of the scope of this post. But luckily you can pick up tons of images from VulnHub. For this post I’m going to get the Mr. Robot Image for no other reason then I’m a fan of the show. So go ahead pick one that you like or you can just follow the link I put for the Mr. Robot image. Then simply download the ova (this is the file type VMs use) and check that the hash matchs.

Virtual Machines for Linux

For linux we are going to go with virtual box as our VM software of choice. You can find the download link here. This is the hardest of installs for virtual box as the number of linux distros is pretty high. The following are the basics if you don’t see your flavor of linux here and/or the steps aren’t working for you please check out the download page of virtual box for more details.

Oracle Linux

Users of Oracle Linux 6 and 7 can use the Oracle Linux yum

yum install VirtualBox-6.1

Debian-based Linux distributions

Add the following line to your /etc/apt/sources.list. According to your distribution, replace ‘<mydist>’ with ‘eoan’, ‘bionic’, ‘xenial’, ‘buster’, ‘stretch’, or ‘jessie’ (older versions of VirtualBox supported different distributions):

deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian <mydist> contrib

Then to download:

sudo apt-get update
sudo apt-get install virtualbox-6.1

Once you’ve installed virtualbox just run it and its as simple as clicking the import selecting the image file you’ve downloaded

Virtual Machine for Windows

Once again going with virtualbox for this instance the process is more straight forward then with linux installation. Just download the exe file format from here go threw your normal next next finish clicking and once you’ve finished the installation you’re ready for importing the ova to get started.

Virtual Machine for Mac

If you’ve made it this far in the post what I’m going to say next is obvious. Download virtualbox for Mac on the download page.