Port Scanning

Port scanning is the process of checking for open TCP or UDP ports on a machine. Please note that port scanning is considered illegal in many countries and should not be performed outside the labs. I was once running an Nmap scan during an internal penetration test. Unwittingly, I did not take note of the unusual subnet mask employed on the local network, and ended up running the Nmap scan through a remote up link that was offsite....

Posted By Bergin A11:18 AM

0

Continue Reading

Little About Nmap

Nmap is probably one of the most comprehensive port scanners to date. Looking at the Nmap usage might be daunting at first. However, once you start scanning you will quickly become accustomed to the syntax. In BackTrack, the Nmap configuration files (such as the default port scan list) are located in /usr/local/share/nmap/.Note that when running Nmap as a root user, certain defaults are assumed...

Posted By Bergin A11:15 AM

0

Continue Reading

Dynamic Memory & The Heap

Dynamic Linux Memory In this article we will take look at how the heap works on the Linux operating system. This includes structure, allocation, functions, clean-up and other important details. Feel free to ask questions in comments as the topics ahead are rather complex compared to that of stack-based memory. We will go through how dynamic memory differs from stack memory and analyse the aspects...

Posted By Bergin A11:13 AM

0

Continue Reading

The Phases of an Attack

Both malicious attackers and professional penetration tester/ ethical hackers apply various phases in their attacks. Attacks are often separated into these phases: Reconnaissance is the process of investigating target organization to gather information about it from publicly available sources, such as domain registration services, websites, and so on. Some people include techniques such as...

Posted By Bergin A11:12 AM

0

Continue Reading

Google Hacking

Prior to an attack, I spend some time browsing the web and looking for background information about the organization I’m about to attack. First, I usually browse the organizational website and look for general information such as contact information, phone and fax numbers, emails, company structure, and so on. I also usually look for sites that link to the target site or for organizational emails...

Posted By Bergin A11:11 AM

0

Continue Reading

Listening on a TCP/UDP Port with Netcat

 To listen on port 4444 and accept incoming connections,type: Computer 1 (local computer – 192.168.8.74)root@bt:~# nc -lvp 4444                 listening on [any]4444From a different computer connect to port 4444 on your local machine:Computer 2 (Windows box – 192.168.9.158)C:\>nc -v 192.168.8.74 4444192.168.8.74: inverse host lookup failed: h_errno 11004: NO_DATA(UNKNOWN) [192.168.8.74] 4444...

Posted By Bergin A11:10 AM

0

Continue Reading

Netcat

Netcat is a wonderfully versatile tool that has been dubbed the “hackers’ Swiss army knife.” The simplest definition of Netcat is “a tool that can read and write to TCP and UDP ports.” This dual functionality suggests that Netcat runs in two modes: client and server.Connecting to a TCP/UDP port can be useful in several situations:To check if a port is open or closedTo read a banner from the portTo connect to a network service manuallyPlease take...

Posted By Bergin A11:09 AM

0

Continue Reading

Basics Of Web App Attack

In this article we’ll define how web applications are associated with network penetration testing and ethical hacking. In this up-front overview, we’ll also define web applications.Some of the most widespread web application vulnerabilities found today are Cross-Site Request Forgery (XSRF), Cross-Site Scripting (XSS), SQL Injection etc, In the penetration testing and ethical hacking field,...

Posted By Bergin A11:08 AM

0

Continue Reading

Transferring Files with Netcat

Netcat can also be used to transfer files, both text and binary, from one computer to another. To send a file from Computer 2 to Computer 1, try the following:Computer 1: Set up Netcat to listen to and accept the connection and to redirect any input into a file.root@bt:~# nc -lvp 4444 > output.txtlistening on [any] 4444 …Computer 2: Connect to the listening Netcat on computer 1 (port 4444) and send the file:C:\>echo “Hi! This is a text file!”...

Posted By Bergin A11:06 AM

0

Continue Reading

Forward Lookup Brute Force

The idea behind this method is to try to guess valid names of organizational servers by trying to resolve a given name. If the name resolves, the server exists. Here’s a short example using the host command:root@bt:~# host www.checkpoint.comwww.checkpoint.com has address 216.200.241.66root@bt:~# host idontexist.checkpoint.comHost idontexist.checkpoint.com not found: 3(NXDOMAIN)root@bt:~#Notice that the DNS name www.checkpoint.com resolved and...

Posted By Bergin A11:05 AM

0

Continue Reading

DNS Reconnaissance

DNS is one of my favorite sources of information gathering. DNS offers a variety of information about public (and sometimes private!) organization servers, such as IP addresses, server names, and server functions.Interacting with a DNS ServerA DNS server will usually divulge DNS and mail server information for the domain for which it is authoritative. This is a necessity because public requests for mail server addresses and DNS server addresses...

Posted By Bergin A11:03 AM

0

Continue Reading