Hello There, Guest! Login Register
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.

[TUT] Network Mapper (Nmap Portscanning & OS Detection )

  • 3 Vote(s) - 4.67 Average

08-02-2012, 04:41 PM #1
M4DSh4k Offline Administrator *******
Posts:182 Threads:56 Joined:Jul 2012 Reputation: 0
Mood: None
Salamz Everyone !

As all the 1337's already know about NMAP(Network Mapper), its one of the most basic & advanced fingerprinting tool,
i personally like this Network Mapper , when i need penetrate the server.
we all know in Penetration , its a first step , to get the DEEP INFO of your Target/Server/Ip/Computer/Website,
This tool will give you the Entry Pass Biggrinsmiley

well , If you are planning to attack a system, or a simply testing your own system, you will pretty much always need an IP address and port number through which to exploit right ?
so , Network scanners provide you with the information you need to discover certain holes, such as ports with vulnerable applications running.
Network Mapper (Port Scanners) scan an IP address or a range of IP addresses. They can find what computers are on a network, or how many applications are running on a computer. They are also good for determining firewall rules and other access control policies.
Nmap is the best port scanner available, with the widest range of features.

Alright , let me explain some basic Nmap Scanner features , whenever you Launch a Port scan of any target Nmap will comes up with this
"Six Port States" means nmap recognized these 6 ports Stats ,you need to understand the meaning of these States (Most of you are already aware of it )
there is a lengthy explanation about these 6 ports stats in the official nmap website , em gona just tell the basic so then everyone can easily understand it.

# Open: Means that there is an application running on a port which accepts TCP/UDP/SCTP.
# Closed: There is no application running on the port.
# Filtered: A firewall or IPS (intrustion prevention system) is hindering nmaps ability to determine whether or not the port is open because a packet filtering device is blocking any probing nmap carries out.
# Unfiltered: Similar to above, except there is no firewall or IPS but nmap does not know whether or not it is open or closed.
# Open Filtered: Nmap cannot determine if the port is either open or filtered.
# Closed Filtered: Nmap cannot determind if the port is either closed or filtered.

Nmap is a very simple tool to use actually, the difficulty with using nmap resides in when you use which type of scan (because there are ALOT)

Here are a list of most of the types of scans nmap can support along with their corresponding switches, I won't bother explaining them all because the guys at nmap have already done that for you Biggrinsmiley

you can read those from here : http://nmap.org/bennieston-tutorial/

Anyway , i'll show you the types of scan which nmap uses.

* TCP Connect Scan -sT
* SYN Stealh Scan -sS
* FIN Scan -sF
* Null Scan -sN
* Xmas Tree Scan -sX
* Ping Scan -sP
* UDP Scan -sU
* IP Protocol Scan -sO
* Idle Scanning -sI
* Version Detection Scan -sV
* ACK Scan -sA
* Windows Scan -sW
* Operating System Detection -O -V

I am not going to do all of these scans, because that is just silly. Instead, I will carry out a simple SYN stealth scan AND an operating system detection scan on one of my machines on network.

ok lets Starts , Open the terminal and type..

apt-get install nmap

This above command will install the latest version of Nmap into your linux , ( em using Backtrack here )
if the above command does'nt work for you then try with YUM ( Redhats )

yum install namp

if you still got any error installing it , you can reply this thread i'll help you out.

Anyway , After Installation lets Launch SYN Stealth Scan !

Nmap -sS xxx.xxx.xxx.xxx ( Hit Enter )

The xxx... is supposed to be the local ipv4 address of your target machine, ( You can even use the website address ) the one you wish to scan.
Obviously, in the -sS part the first s stands for scan and the second S signifies a SYN scan.

for more understanding em showing you the screenshots too ..
here look at the results .

[Image: 2ppzul3.png]

So, Nmap scanned the address and has "hopefully" displayed a bunch of open ports to you (as well as a MAC Address, sometimes it will give you the manufacturer of the hardware like mine did).
ok thats it , we did complete the SYN scan . simple is'nt ? L0olx

Well , After you have seen a bunch of ports open and began looking for vulnerabilities and exploits corresponding to these ports (explained later) you may need to figure out what operating system the target machine is running. Afterall, a machine may have an open port which can be compromised by both a windows exploit or linux exploit but it depends on whether or not the target is actually running one of those operating systems.
It would be a bit annoying if they were running MACOSX Sadsmiley

Alright , now em going to Detect the OS , for that type :

Nmap -O -v xxx.xxx.xxx.xxx

The -O switch is designed to scan operating systems (hence the O) and the -v for "verbosity" which basically means "show ALL the information you find from the probe".

Results :

[Image: amxk7m.png]

NOTE: YES, I know the text is tiny, I just zoomed out of the terminal so you could see how much information you SHOULD receive. The information there is irrelevant to you because you should perform this and get your own results. ok The operating system information is towards the bottom.

This scan was successful in detecting my Operating System, Windows 7! Although it did also think it COULD be windows server 2008, in cases of these dual positives you should probably run a version scan to narrow it down. That is performed with nmap -sV -O -v xxx.xxx.xxx.xxx.

You can see Nmap is a very simple but powerful tool and MUST be used before you ever attempt a penetration test on another machine.
it is crucial in determing running services, open ports to exploit and the operating system of a target.

with all the different scans in Nmap you are more than likely going to trip up some packets that an IDS scans over alerting any network.

so , what do I do with open ports? xD

I have seen alot of people looking purely for an exploit they can use blindly, they have no comprehension of how it works or even why it is working. A lack of understanding of TCP/IP and even common Router/Switch/Hub knowledge is lacking, so I hope you can look at the nmap website and read how each scan works.
If you don't understand something like what is a SYN packet? what is the difference between TCP and UDP? You should probably read a book on networking!!!! or leave it , play some Video Games l0olx

Assuming you do have some basic knowledge though Biggrinsmiley
Footprinting and scanning are easily the two most important aspects of penetration testing, unless you are a Skid of course who simply downloads and exploit or uses metasploit blindly asking "haow to eXpl01t windows 7 ?" ......l0olx
you are never going to learn anything that will actually help you penetrate systems.

Well , i think its more than enough now ,
Hope you enjoyed.
its been more than a hour em writing this TUT lol

aur mera R0za b ha Sadsmiley

Thanks for reading! Hope you enjoyed!

~ M4DSh4k - MAD All Time :p



Mad All Time.

08-02-2012, 04:52 PM #2
Dr.Z0mbie Offline Administrator *******
Posts:286 Threads:27 Joined:Jun 2012 Reputation: 6
Mood: None
nice tutorial Smiley1


08-02-2012, 04:57 PM #3
[email protected] Mind Offline MadLeeTs Staff **********
Junior Administrator
Posts:170 Threads:30 Joined:Jun 2012 Reputation: 4
Mood: None
Great And very informative tutorial big brother wink (Y)

Imperfection is beauty, madness is genius and it's better to be absolutely ridiculous than absolutely boring

08-02-2012, 05:31 PM #4
H4x0rl1f3 Offline Commander In Cheif *******
Posts:1,129 Threads:25 Joined:Jun 2012 Reputation: 15
Mood: Stoned
Very Awesome Thread Bro :

Always Aspect Reward from the Creator and not anyone or anything Created.
For Complaints & Help Contact:- [email protected]
I am the orphan of Gaza & Kashmir. Ruins of Iraq,Syria & Palestine Bombarded of Pakistan,Afghanistan, Mali & Yemen Change of Libya and Egypt Discriminated of Bahrain & Turkey Freedom of Earth's paradise and Al-AQSA. I am the hunger stricken child of Somalia, Ethopia, & rest of Africa I am the suffering of each and every single corner of the world. But Listen!!! Hope is what I am!!

08-02-2012, 06:27 PM #5
1337 Offline Don't PM me for help, post it on forum ! *******
Posts:525 Threads:106 Joined:Jun 2012 Reputation: 21
Mood: Hacker
Awesome Tut brother, Clear as Crystal Biggrinsmiley
Thanks for this Awesome TUT bro Biggrinsmiley
Loved it
Thread Sticked and Rep + Biggrinsmiley

08-02-2012, 11:08 PM #6
Pain006 Offline Super Moderator ******
Super Moderators
Posts:575 Threads:28 Joined:Jun 2012 Reputation: 0
Mood: None
Nice Tut. keep it up

08-03-2012, 02:37 AM #7
Hitcher Offline MadLeets Vip ******
Posts:52 Threads:6 Joined:Jun 2012 Reputation: 0
Mood: None
Great Share brother Smiley1

08-03-2012, 10:15 PM #8
M4DSh4k Offline Administrator *******
Posts:182 Threads:56 Joined:Jul 2012 Reputation: 0
Mood: None
(08-02-2012, 04:52 PM)Dr.Z0mbie Wrote:  nice tutorial Smiley1

Thanks Buddy Biggrinsmiley



Mad All Time.

08-03-2012, 10:17 PM #9
M4DSh4k Offline Administrator *******
Posts:182 Threads:56 Joined:Jul 2012 Reputation: 0
Mood: None
(08-02-2012, 04:57 PM)[email protected] Mind Wrote:  Great And very informative tutorial big brother wink (Y)

Thank you Bro ... Biggrinsmiley



Mad All Time.

08-03-2012, 10:18 PM #10
M4DSh4k Offline Administrator *******
Posts:182 Threads:56 Joined:Jul 2012 Reputation: 0
Mood: None
(08-02-2012, 05:31 PM)H4x0rL1f3 Wrote:  Very Awesome Thread Bro :

Thank jani ... Biggrinsmiley



Mad All Time.

Forum Jump:

Users browsing this thread:1 Guest(s)