Nmap: Getting Started Guide

Nmap is a free utility tool for network discovery, port scanning and security auditing, even though we can use it for more than that but in this article we will learn how to do these three things with nmap.

The original author of nmap is Gordon Lyon (Fyodor). Nmap is licensed under GPL v2 and has available ports in many different languages. Nmap is available for Linux, Windows, and Mac OS X. You can download your copy of nmap from their website.

Lets get started with nmap.

When performing pentests we always look for networks we are going to attack. We need to identify live hosts on the network so that we can attack them. There are plenty of tools available for finding live hosts on a network but nmap is one of the best tools for doing this job.

Lets start with simple host (target) discovery scans i,e scans that will tell us which ip address is up on our target network. Those ip addresses which are up on our target network are the ones that are assigned to a device connected on our target network. Every device on the network is going to have a unique ip address.
To perform a simple host discovery scan we use the following command

nmap -v -sn 10.10.10.0/24

flags we used in the above command are
-v for verbose output
-sn to disable port scan (we don't want to scan for ports right now)

Following the flags is the ip address of the target network on which we want to look for live hosts. The /24 at the end of the ip address is the CIDR that specifies the subnet of the network on which we are looking for live hosts.

After running the above command you should get a list of live hosts on your target network.
If you just want to know the list of ip addresses your command is going to scan, you can use the -sL flag of the nmap like this.

nmap -sL 10.10.10.0/24

this command will simply output the list of ip addresses to scan.

We sometimes want to do dns resolution (resolving ip addresses to domain names) when performing our network scans and sometimes we don't want dns resolution. While performing a host discovery scan with nmap if we want to perform dns resolution we use -R flag in our command like this:

nmap -v -sn -R 10.10.10.0/24

And if we don't want to perform dns resolution of hosts during our scan we add the -n flag to our command like this:

nmap -v -sn -n 10.10.10.0/24

After we have discovered the hosts that are up on our target network, we usually put the ip addresses of these hosts into a file for further enumeration.

Next step in our enumeration would be to detect which operating system and which ports are running on these live hosts, for that we run this command:

nmap -O -v 10.10.10.119

here we use -O (capital o not zero) for operating system detection and by default nmap performs SYN Scan for port discovery. However nmap scans for 1000 ports only by default of a particular host.

To make nmap go over a list of ip addresses in a file we use -iL flag like this:

nmap -O -v -iL targetlist

where targetlist is the name of the file which contains ip addresses that we want to perform port scan on.

To make nmap scan all the ports of a target we use the -p flag like this:

nmap -p- -v 10.10.10.121

We can also specify a range of ports using the -p flag like this:

nmap -p1-500 -v 10.10.10.121

here 1-500 means scan all the ports from 1 to 500.

We can use a number of scan techniques to discover open ports on our network but I will only discuss some of them for brevity.

We can perform a TCP SYN scan using nmap with -sS flag like this:

nmap -sS -v 10.10.10.150

We have also flags for TCP connect and ACK scans which are -sT -sA

nmap -sT -v 10.10.10.150

nmap -sA -v 10.10.10.150

We can also perform UDP scan as well instead of TCP scan using -sU flag

nmap -sU -v 10.10.10.150

We can perform TCP Null, FIN, and Xmas scans using the flags -sN, -sF, -sX

nmap -sN -v 10.10.10.150

nmap -sF -v 10.10.10.150

nmap -sX -v 10.10.10.150

If you don't know what these scans are then please visit Port Scanning Techniques and Algorithms for explanation.

After discovering the open ports on our target host, we want to enumerate what services are running on those open ports. To enumerate services and versions information on open ports we use the -sV flag like this:

nmap -sV -v 10.10.10.118

This should give us information about what services are running on what ports and what versions of those services are running on the target host.

nmap has an interesting feature called NSE nmap scripting engine. It allows users to write their own scripts, using the Lua programming language, to automate a wide variety of networking tasks. nmap ships with a diverse set of scripts which are very helpful to enumerate a target. To use the nmap default set of scripts while enumerating the target, we use the -sC flag like this:

nmap -sC -sV -v 10.10.10.118

We can also save the results of our nmap scans to a file using the -o flag like this

nmap -sC -sV -v -oA defaultscan 10.10.10.119

here -oA tells the nmap to output results in the three major formats at once and defaultscan is the name of the file that will be prepended to all the three output files.

This is the end of this short tutorial see you next time.

References:
https://nmap.org/book/scan-methods-null-fin-xmas-scan.html

Related posts

• Hacking Background
• Clases De Hacker
• Mundo Hacker
• Hacking Quotes
• Informatico Hacker
• Hacking Web Technologies Pdf
• Hacking Wifi Kali Linux
• Sean Ellis Growth Hacking
• Hardware Hacking Tools
• Curso De Hacking

Blockchain Exploitation Labs - Part 2 Hacking Blockchain Authorization

Bypassing Blockchain Authorization via Unsecured Functions

Note: Since the first part of this series I have also uploaded some further videos on remediation of reentrancy and dealing with compiler versions when working with this hacking blockchain series.  Head to the console cowboys YouTube account to check those out.  Haha as mentioned before I always forget to post blogs when I get excited making videos and just move on to my next project… So make sure to subscribe to the YouTube if you are waiting for any continuation of a video series.. It may show up there way before here. 

Note 2:  You WILL run into issues when dealing with Ethereum hacking, and you will have to google them as versions and functionality changes often... Be cognizant of versions used hopefully you will not run into to many hard to fix issues. 

In the second part of this lab series we are going to take a look at privacy issues on the blockchain which can result in a vulnerably a traditional system may  not face. Since typically blockchain projects are open source and also sometimes viewable within blockchain explorers but traditional application business logic is not usually available to us. With traditional applications we might not find these issues due to lack of knowledge of internal functionality or inability to read private values on a remote server side script.  After we review some issues we are going to exploit an authorization issues by writing web3.js code to directly bypass vertical authorization restrictions.

Blockchain projects are usually open source projects which allow you to browse their code and see what's going on under the hood.  This is fantastic for a lot of reasons but a developer can run into trouble with this if bad business logic decisions are deployed to the immutable blockchain.  In the first part of this series I mentioned that all uploaded code on the blockchain is immutable. Meaning that if you find a vulnerability it cannot be patched. So let's think about things that can go wrong..

A few things that can go wrong:

• Randomization functions that use values we can predict if we know the algorithm
• Hard-coded values such as passwords and private variables you can't change.
• Publicly called functions which offer hidden functionality
• Race conditions based on how requirements are calculated

Since this will be rather technical, require some setup and a lot of moving parts we will follow this blog via the video series below posting videos for relevant sections with a brief description of each.  I posted these a little bit ago but have not gotten a chance to post the blog associated with it.  Also note this series is turning into a full lab based blockchain exploitation course so keep a lookout for that.

In this first video you will see how data about your project is readily available on the blockchain in multiple formats for example:

• ABI data that allows you to interact with methods.
• Actual application code.
• Byte code and assembly code.
• Contract addresses and other data.

 Lab Video Part 1: Blockchain OSINT: 

Once you have the data you need to interact with a contract on the blockchain via some OSINT how do you actually interface with it? That's the question we are going to answer in this second video. We will take the ABI contract array and use it to interact with methods on the blockchain via Web3.js and then show how this correlates to its usage in an HTML file

Lab Video Part 2: Connecting to a Smart Contract: 

Time to Exploit an Application:

Exploit lab time, I created an vulnerable application you can use to follow along in the next video. Lab files can be downloaded from the same location as the last blog located below. Grab the AuthorizationLab.zip file:

Lab file downloads:

https://github.com/cclabsInc/BlockChainExploitation

Ok so you can see what's running on the blockchain, you can connect to it, now what?   Now we need to find a vulnerability and show how to exploit it. Since we are talking about privacy in this blog and using it to bypass issues. Lets take a look at a simple authorization bypass we can exploit by viewing an authorization coding error and taking advantage of it to bypass restrictions set in the Smart Contract.  You will also learn how to setup a local blockchain for testing purposes and you can download a hackable application to follow along with the exercises in the video..

Lab Video Part 3:  Finding and hacking a Smart Contract Authorization Issue: 

Summary:

In this part of the series you learned a lot, you learned how to transfer your OSINT skills to the blockchain. Leverage the information found to connect to that Smart Contract. You also learned how to interact with methods and search for issues that you can exploit. Finally you used your browsers developer console as a means to attack the blockchain application for privilege escalation.

Continue reading

1. Que Es El Hacking Etico
2. Curso Growth Hacking
3. Certificacion Hacking Etico
4. Hacking Videos

November 2019 Connector

*|MC_PREVIEW_TEXT|*

OWASP Connector November 2019 Communications | Projects | Events | Community | Membership COMMUNICATIONS Letter from the Vice-Chairman Dear OWASP Community,  Preparation for next year's conferences is underway. I had the pleasure of meeting people from our community at a recent ISACA Ireland event where I had an OWASP stand. I also had lots of swag to give away, loads left which I plan to share out amongst the community.  I was on a call recently with both WIA leadership and a number of individuals looking to broaden our diversity reach, forming DIA (diversity in AppSec). This was a positive call and I look forward to reviewing their proposal under the committee 2.0 operating model. I'd like to thank our volunteers, chapter and project leaders for making OWASP what it is today. We wouldn't have a foundation without you. We always want to make things better, to this end, it would be great if you could fill out the following feedback form. Thank you,  Owen Pendlebury, Vice-Chairman FROM THE EXECUTIVE DIRECTOR As we wind down 2019, we are planning lots of new opportunities to get involved with OWASP next year. The current working draft of the 2020 Operating Plan can be found on our staging site for our new website which is planned to launch next month.   Some of the highlights for 2020: Quarterly Town Hall meetings. Two Project Summits - the first in February 2020 Pilot single-day AppSec Days worldwide to offer local training and community. We are also set to further increase the transparency of the daily workings of OWASP through our Staff Projects page. The pages linked there will always be a work in progress; some of which today are still only templates but still a great resource to know what's going on at OWASP. All of this which adds to our Global and Regional Events, ongoing local chapter support, and other member activities. Our plans are ambitious and we look forward to your continued support this and every month as we look to better secure the web. OWASP Foundation Global AppSec Event Dates for 2020 Global AppSec Dublin, June 15 - 19, 2020 (Formerly known as AppSec EU) Sponsorship is now available Call for Papers & Call for Training December 2019   Global AppSec San Francisco, October 19 - 23, 2020 (Formerly known as AppSec US) CFP &  CFT February 2020 ** Visit our website for future announcements.** NEW OWASP Project Summit - Winter 2020 February 2020 in Cancun, Mexico   The OWASP Foundation will host a three-day working session for FIVE selected projects in Cancun, Mexico, February 2020. Arrival day will be Wednesday the 19th and departures will be the 23rd. Projects must apply and then get selected to participate. The application process will require project meeting goals, work plans, key contributors, and expected attendance. The OWASP Foundation Officers Group will make the final selection. For more information click here.  You can also email Emily Berman Global Events Director or Harold Blankenship Director of Technology and Projects. Announcing a New Opportunity to become part of a Global AppSec Program Team   Conference Program Teams are constituted for each Global AppSec event and consists of members of OWASP members and staff. The selection of team members is based on subject-matter expertise and a balanced representation of the OWASP community. For planning purposes, team members shall reside on the continent of the Global AppSec for which they serve. Teams are constituted no later than six months prior to the Global AppSec event. To apply to become a member of the Conference Program Team click here.   We are so excited to announce that both the London OWASP and WIA community have been asked to speak at BlackHat Europe 2019 on Wednesday 4 December at the EXCEL London.   Andra Lezza is leading the panel of women to "Share insights gained at different stages of their careers to help other women in the field."  Thank you, Andra, for leading the initiative and also to Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel.  Also from the OWASP Community and a London Chapter Leader Sam Stepanyan and Paul Harragan.  Sam and Pau will be presenting a more in-depth demo on the OWASP Nettacker.  Good luck to all the speakers have a great conference. I would like to encourage all of the OWASP community that will be attending BlackHat Europe to please make every effort to attend and support our fellow OWASP members Wednesday, 4 December 2019. (Click to view the schedule details.) OWASP Members don't forget you are eligible for € 200.00 discount, email marketing@owasp.org for code to use when registering. BlackHat Europe has extended an invitation to our London WIA community  to  lead a panel to "Share insights gained at different stages of their careers that could help other women in the field."  Thank you to Andra Lezza for leading this initiative and Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel and to contribute.  Good luck I am sure your session will be a huge success. BlackHat Europe 2019 London at EXCEL London 2019 December 2-5  The OWASP Booth 1015 Business Hall December 4 & 5  December 4, 10:30 AM - 7:00 PM December 5: 10:00 AM - 4:00 PM EVENTS  You may also be interested in one of our other affiliated events: REGIONAL EVENTS Event Date Location German OWASP Day 2019 December 10, 2019 Karlsruhe, Germany AppSec California 2020 January 21 - 24, 2020 Santa Monica, CA OWASP New Zealand Day 2020 February 20 - 21, 2020 Auckland, New Zealand OWASP Seasides March 3 - 5, 2020 Panjim Goa, India SnowFROC 2020 March 5, 2020 Denver, CO AppSec Morocco & Africa 2020 June 4 - 5, 2020 Rabat, Morocco GLOBAL PARTNERSHIP EVENTS Event Date Location BlackHat Europe 2019 December 2 - 5, 2019 London PROJECTS As the foundation moves toward the migration of the OWASP web presence from the old wiki site to our new Github-hosted home, some of you may still have questions regarding what to move and how to move it. Essentially, if you have a chapter page or project page and you have not migrated it to the new website, that would be first. Steps on what to do and what is needed can be found at https://www2.owasp.org/migration There are also some minor instructions on the default project or chapter page itself. And if you are wondering where that page is located, you can go to https://github.com/OWASP and type your chapter name in the repository search bar. If your project or chapter is not there, contact me. Lastly, there are a number of excellent examples already done by other leaders (also linked on the migration page). And, as a precaution, you should click over into the 'Settings' of your repository and then click the 'Collaborators & teams' link on the left menu and check to make sure that the usernames added to Collaborators match what you expect.  Having someone you do not know edit your web page without your knowledge is no longer the expected behavior. Some resources, mostly for projects, have been uploaded to the OWASP Site Theme Repository and can be linked to via the /assets/image/common/<file> URL. After your chapter or project page is done, there is a www-community repository which would include any files from the wiki that are not currently in a project or chapter or board/staff policy area.  For instance, there are pages there for GSoC and XSS and CSRF.  A list of the top pages that need to be migrated can be found attached to one of the TODO cards on our website migration Trello board which you are invited to join if you want to help migrate loose pages and/or perform some automation work. Our current plan can be found on the Website Relaunch project page. PROJECT ANNOUNCEMENT As part of OWASP's participation in Google's Season of Docs, the ZAP project has had Nirojan Selvanathan (@sshniro)  working on API documentation.  The first iteration of the documentation is now live.  It includes Java, Python, and shell example snippets all presented in a responsive and accessible design which we will continue to build on in the future. Big thanks to Nirojan for his efforts on this wonderful initiative! Congratulations and thanks to Google Open Source for helping to bring the open-source and technical writer communities together! COMMUNITY   Welcome to our New OWASP Chapters Colombo, Sri Lanka Des Moines, IA Harrisburg, PA Louisville, KY Monterrey, Brazil Moscow, Russia   Contributor Corporate Members     *Ads and logos are not endorsements and reflect the messages of the advertiser only. * Join us Donate Our mailing address is: OWASP Foundation  1200-C Agora Drive, #232 Bel Air, MD 21014   Contact Us Unsubscribe

This email was sent to *|EMAIL|* why did I get this?    unsubscribe from this list    update subscription preferences *|LIST:ADDRESSLINE|*