Hello readers, and HAPPY NEW YEAR to all of you. Today we will be talking about Scanning. Everything from checking open ports and services to finding the OS and the system architecture of the target is referred to as Scanning. Scanning is an active(using the web) way of gathering information as compared to footprinting which can be active as well as passive(offline). It is sometimes also referred to as post-reconnaissance or at times pre-attack stage. During scanning we detect the IP addresses which are active from a given range on the target's machine along with open ports and services, the system architecture and the type of Operating System(such as Windows, Linux or Mac). Now the question arises that how one could do the stuff mentioned above. Well that I am going to explain you under the respective category under which every task falls.
Broadly there are three types of scanning :-
1. Port Scanning : As the name explains itself,It is a type of scanning which is used to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the aim of compromising it. There are many softwares out there which can be used for this purpose but the one that I recommended and is also used by many professionals is Nmap. Once a hacker knows all the services running on one's server, he could search for possible vulnerabilities they may have and exploit them to take control of his/her website
2. Network Scanning : It is a technique used to identify the active hosts on a network with a specific purpose such as Auditing or Attacking. During Network Scanning, we scan the whole network for different subnets and for the active on those subnets and given network range. For this softwares like Angry IP Scanner can be used. Network scaning involves Ping sweep scan to scan the whole network. Ping sweep is a process or a scan which is used to enlist live hosts in the network. For this we can use the ping utility. One can simply go to just-ping.com to use this utility. In windows even the CMD utility can be used for this purpose. Simply open it(Press Win+R and in the run window type cmd) and in it type - ping www.website-name.com where website-name.com could be any site such as facebook.com, nmap.org, cbse.in etc.
3. Vulnerability Scanning : It is a scanning meant for identifying the vulnerabilities with in a system or network of systems. Once the hacker has the name of the software/service being used and its version number by doing port scanning, he would take that information and search a couple vulnerability databases for an exploit. If there’s an exploit available, he will run it against the server and take complete control. If there isn't any, he would move onto another open port and try again on a different service but this doesn’t mean every hacker will. If a skillful hacker is determined, he may try to locate a vulnerability in the current software/service version and develop an exploit for it.In the hacker community, this new vulnerability would be called a 0-day Vulnerability. Apart from port scanning, there are also softwares out in the market which could be used for vulnerability scanning such as Acunetix Web Vulnerability Scanner, Shadow Security Scanner, Retina, JSky, to name few.
Now you know how to detect open ports and services of a target's machine(port scanning), look for vulnerabilities(discussed under vulnerability scanning), find IP addresses which are active from a given range on the target's machine(using Angry IP Scanner) and to check whether a server or website is online or not(ping sweep scan). But still you don't know how to do OS-fingerprinting i.e., to detect the type of OS of the target.
OS-fingerprinting can be done in many ways. Just like footprinting it can also be active or passive. In active fingerprinting we will send malformed packets to the target machine and predict the OS after analysing the responses to those packets whereas in passive fingerprinting we sniff the data packets being transferred to and from the target machine and then analyse them by using softwares such as wireshark. Apart from these complicated methods one can also simply use the Nmap tool discussed under port scanning to detect the operating system of the target.
OK time to say good bye for today, Keep Practising.
Broadly there are three types of scanning :-
1. Port Scanning : As the name explains itself,It is a type of scanning which is used to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the aim of compromising it. There are many softwares out there which can be used for this purpose but the one that I recommended and is also used by many professionals is Nmap. Once a hacker knows all the services running on one's server, he could search for possible vulnerabilities they may have and exploit them to take control of his/her website
2. Network Scanning : It is a technique used to identify the active hosts on a network with a specific purpose such as Auditing or Attacking. During Network Scanning, we scan the whole network for different subnets and for the active on those subnets and given network range. For this softwares like Angry IP Scanner can be used. Network scaning involves Ping sweep scan to scan the whole network. Ping sweep is a process or a scan which is used to enlist live hosts in the network. For this we can use the ping utility. One can simply go to just-ping.com to use this utility. In windows even the CMD utility can be used for this purpose. Simply open it(Press Win+R and in the run window type cmd) and in it type - ping www.website-name.com where website-name.com could be any site such as facebook.com, nmap.org, cbse.in etc.
Now you know how to detect open ports and services of a target's machine(port scanning), look for vulnerabilities(discussed under vulnerability scanning), find IP addresses which are active from a given range on the target's machine(using Angry IP Scanner) and to check whether a server or website is online or not(ping sweep scan). But still you don't know how to do OS-fingerprinting i.e., to detect the type of OS of the target.
OS-fingerprinting can be done in many ways. Just like footprinting it can also be active or passive. In active fingerprinting we will send malformed packets to the target machine and predict the OS after analysing the responses to those packets whereas in passive fingerprinting we sniff the data packets being transferred to and from the target machine and then analyse them by using softwares such as wireshark. Apart from these complicated methods one can also simply use the Nmap tool discussed under port scanning to detect the operating system of the target.
OK time to say good bye for today, Keep Practising.
No comments:
Post a Comment