scanning · 2017-09-09 · scanning matsuzaki‘maz’ yoshinobu stole slides from ... •file...
TRANSCRIPT
![Page 1: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/1.jpg)
scanningMatsuzaki ‘maz’Yoshinobu
<[email protected]>Stoleslidesfrom
Fakrul Alam andShahadatHossain
1
![Page 2: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/2.jpg)
BasicFeaturesofGoogleSearch
• Automatic“AND”Queries• Bydefault,Googleonlyreturnspagesthatincludeallofyoursearchterms.• Thereisnoneedtoinclude“AND”betweenterms.
• AutomaticExclusionofCommonWords• Googleignorescommonwordsandcharacterssuchasand,or,in,of,beetc.aswellascertainsingledigitsandsingleletters,becausetheytendtoslowdownyoursearchwithoutimprovingtheresults.Googlewillindicateifacommonwordhasbeenexcludedbydisplayingdetailsontheresultspagebelowthesearchbox.
2
![Page 3: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/3.jpg)
BasicFeaturesofGoogleSearch
• Capitalization• GooglesearchareNOTcasesensitive.Forexamplesearchesfor“APNIC”,• “Apnic”and“apnic”willallretrievethesameresults.
• SpellChecker• Google’sspellcheckingsoftwareautomaticallylooksatyourquerytoseeifyouareusingthemostcommonversionofaword’sspelling.Ifitislikelythatanalternativespellingwouldretrievemorerelevantresults,itwillas”Did youmean:(morecommonspelling)?”
3
![Page 4: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/4.jpg)
DifferentSearchOperators
• +Searches• - Searches• ~Searches• PhraseSearches• DomainRestrictSearches• DefinitionSearches• FileTypeSearches• OrSearches
• FillintheBlank• CurrencyConversion• CalculatorFunction• UnitConversion• TimeCheck
4
![Page 5: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/5.jpg)
AdvancedOperators
• Googleadvancedoperatorshelprefinesearches.• TheyareincludedaspartofastandardGooglequery.• Advancedoperatorsuseasyntaxsuchasthefollowing:
operator:search_term• There’snospacebetweentheoperator,thecolon,andthesearchterm!
5
![Page 6: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/6.jpg)
AdvancedOperatorsataGlance
Operators Purpose
intitle Searchpagetitle
allintitle Searchpagetitle
inurl SearchURL
allinurl SearchURL
filetype Searchspecificfiles
allintext Searchtextofpageonly
site Searchspecificsite
link Searchforlinkstopages
inanchor Searchlinkanchortext
Operators Purpose
numrange Locatenumber
daterange Searchindaterange
author Groupauthorsearch
group Groupnamesearch
insubject Groupsubjectsearch
msgid Groupmsgid search
6
![Page 7: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/7.jpg)
AdvancedGoogleSearching
Someoperatorssearchoverlappingareas.Considersite,inurl andfiletype.
7
![Page 8: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/8.jpg)
Exercise:
1. Findwebserversthatuseyourorganizationaldomainname
2. Anyadminloginpageavailable?3. Any.docfilewhichcontainsword“Confidential”?
8
![Page 9: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/9.jpg)
nmap (https://nmap.org)
• Nmap isafreeandopensourcenetworkexplorationandsecurityauditingtool• Nmap wascreatedbyGordonLyon,a.k.a.FyodorVaskovich,andfirstpublishedin1997.• Workingcross-platformalthoughbestworkingonLinux-typeenvironments• ItusesrawIPpacketstodetermine• Whathostsareavailableonthenetwork• Whatservices(applicationnameandversion)• Guessestheoperationalsystem,uptimeandothercharacteristics
9
![Page 10: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/10.jpg)
EthicalIssue
• Canbeusedforhacking-todiscovervulnerableports• Systemadminscauseittocheckthatsystemsmeetsecuritystandards• UnauthorizeduseofNmap onasystemcouldbeillegal.• Makesureyouhavepermissionbeforeusingthistool.• Thereisnorightwaytodothewrongthings
10
![Page 11: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/11.jpg)
Nmap :Howitworks
• DNSlookup-matchesnamewithIP• Nmap pingstheremotetargetwith0(zero)bytepacketstoeachport• Ifpacketsarenotreceivedback,portisopen• Ifpacketsarereceived,portisclosed• Firewallcaninterferewiththisprocess
11
![Page 12: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/12.jpg)
Nmap :ScanningTechniques
• HostDiscoveryandTargetSpecification• PortScanningTechnique,Specificationandorder• OS,ServiceandVersionDetection• namp ScriptingEngine• TimingandPerformance• Firewall,IDSEvasionandSpoofingTechnique• ScanReport
12
![Page 13: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/13.jpg)
Nmap:Scan
Usage:nmap [ScanType(s)][Options]{targetspecification}
TARGETSPECIFICATION:
Canpasshostnames,IPaddresses,networks,etc.
Ex:scanme.nmap.org,microsoft.com/24,192.168.0.1;10.0.0-255.1-254
-iL <inputfilename>:Inputfromlistofhosts/networks
-iR <num hosts>:Chooserandomtargets
--exclude<host1[,host2][,host3],...>:Excludehosts/networks
--excludefile <exclude_file>:Excludelistfromfile
OSDETECTION:-O:EnableOSdetection--osscan-limit:LimitOSdetectiontopromisingtargets--osscan-guess:GuessOSmoreaggressively
13
![Page 14: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/14.jpg)
Nmap:Scan
HOSTDISCOVERY:
-sL:ListScan- simplylisttargetstoscan
-sn:PingScan- disableportscan
-Pn:Treatallhostsasonline-- skiphostdiscovery
-PS/PA/PU/PY[portlist]:TCPSYN/ACK,UDPorSCTPdiscoverytogivenports
-PE/PP/PM:ICMPecho,timestamp,andnetmaskrequestdiscoveryprobes
-PO[protocollist]:IPProtocolPing
-n/-R:NeverdoDNSresolution/Alwaysresolve[default:sometimes]
--dns-servers<serv1[,serv2],...>:SpecifycustomDNSservers
--system-dns:UseOS'sDNSresolver
--traceroute:Tracehoppathtoeachhost
14
![Page 15: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/15.jpg)
Nmap:Scan
SCANTECHNIQUES:
-sS/sT/sA/sW/sM:TCPSYN/Connect()/ACK/Window/Maimon scans
-sU:UDPScan
-sN/sF/sX:TCPNull,FIN,andXmasscans
--scanflags <flags>:CustomizeTCPscanflags
-sI <zombiehost[:probeport]>:Idlescan
-sY/sZ:SCTPINIT/COOKIE-ECHOscans
-sO:IPprotocolscan
-b<FTPrelayhost>:FTPbouncescan
15
![Page 16: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/16.jpg)
Exercise1:Hostdiscovery
• ssh [email protected]• Note:xisyour group#• Note:password isiij/2497
• $nmap -sP 10.0.2.0/24
16
![Page 17: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/17.jpg)
Exercise1:Hostdiscovery
• ssh [email protected]• Note:xisyour group#• Note:password isiij/2497
• $nmap -sP 10.0.1.0/24
17
![Page 18: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/18.jpg)
Exercise2:OpeningPorts
• ScanthehostfoundinExercise1
• $nmap <$ip>
18
![Page 19: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/19.jpg)
Exercise3:OSFingerprint
• GuesstheOSfoundinExercise1
• $nmap -O<ip>
19
![Page 20: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/20.jpg)
Exercise4:Scanyourclient
• donotscanothers’
• $nmap <yourIP>
• What’skindofservicerunningthere?• Letnmap guessyourOS
20
![Page 21: scanning · 2017-09-09 · scanning Matsuzaki‘maz’ Yoshinobu Stole slides from ... •File Type Searches •Or Searches •Fill in the Blank •Currency](https://reader034.vdocuments.net/reader034/viewer/2022042107/5e86b7441d4f49491b17e235/html5/thumbnails/21.jpg)
Exercise5:Version
• $nmap -sV 10.0.2.1
21