Hacking - Section 5 (Scanning)

Question 1

What are the goals of scanning?

Answer 1

Find vulnerabilities on the machine, focusing on technology information.

Question 2

When scanning, what are we looking for?

Answer 2

Open ports on the machine of the target, which are basically connections that allow communication between the computer and the internet, websites, the software and the version.

Question 3

What are the most secure machines?

Answer 3

Home devices, and devices that are not hosting or are connect to a network (like a enterprise or a server host).
65535 ports at total.

Question 4

What are the best machines to exploit? and why?

Answer 4

Enterprises ones and those which are connected to a big server or hosting one, since they are obligated to maintain an open post.

Question 5

What is the TCP?

Answer 5

A protocol that sends data, known as packet.
Transmission control protocol, in order to appear things in our screen or the internet, we send a TCP and receive one from the network host, so you can both start communicating.
Checks if the other part has received the data, and if not, it keeps it saved at the server that’s why it is the slower one.

Question 6

What is the three way handshake?

Answer 6

They are the steps to stablish communication
1 - SYN (synchronize sequence number)
informs that the client wants to start a communication w/ the server.
2- SYN/ACK- server sends a response to the client.
3- ACK - client receives the answer and acknowledge it, starting the connection.

Question 7

What is the UDP?

Answer 7

User data protocol, much faster than the TCP, and error connection is not necessary, it won’t check if the others received the data, that’s why it is faster, used to transmit broadcasts.

Question 8

What is the arp command? how to use it?

Answer 8

A command that discover devices connected to a network (ip).
sudo + arp + –help
sudo + arp + -a + IP

Question 9

What is the netdiscover command? how to use it?

Answer 9

A command that discover devices connected into a network (ip).
sudo + netdiscover + -r + IP

Question 10

With what numbers does routers usually finish in their IP adress?

Answer 10

1

Question 11

What is the command to find routers?

Answer 11

netstat - nr

Question 12

What is nmap? how to use it (open/scan) ?

Answer 12

its a command that will scan a device in order to find open ports in it.
open - sudo + nmap + - -help
scan - sudo + nmap+ IP

Question 13

How to scan all the devices connected to a network?

Answer 13

Type all the IP address of the machine and replace the last number with /24?

Question 14

What is the command to scan quickly on the nmap?
Can u run it normally?
Tell some characteristics of it (speed/traces).

Answer 14

SYN scan (sS)
sudo + nmap + -sS + IP
No, u need sudo permission.
It is faster because it does not start a TCP connection, and it leaves less traces than the other (not so detectable).
Only the DYR is being sent on the 3 way handshake.

Question 15

What is the nmap scan that is easily detectable and why?

Answer 15

sudo + nmap + -sT + IP

Stablishes a full TCP connection.

Question 16

What is a port that is ‘‘filtered’’?

Answer 16

A port which the scan couldn’t tell if it was open or closed.

Question 17

What is the UDP scan and how to use it?

Answer 17

A scan that is elaborated to UDP connections.

sudo nmap -sU + IP

Question 18

How to open the nmap manual?

Answer 18

man + nmap

Question 19

What’s the service version scan and how to use it?

And its level of noise?

Answer 19

A scan that shows the version of the service running on an open port.
sudo + nmap + sV + IP
Medium noise.

Question 20

What’s the oS scam and how to use it?

And its level of noise?

Answer 20

Its a scam that shows the operating system of the target.
sudo + nmap + sO + IP
Medium noise.

Question 21

What’s the MAC address of virtual machines (kali linux) ?

how do they start?

Answer 21

08:00

Question 22

What’s the honeypot?

Answer 22

A purposely virtual machine put into a system, since it is the most vulnerable one hackers will go first for it and they will get caught since its a trap.

Question 23

What can u do w/ the version of the service running on a port?

Answer 23

Get the version and look on the internet or other means to search for specific vulnerabilities for it.

Question 24

How to set intensity with the -sV?

Answer 24

sudo nmap -sV + –version-intensity + (1 to 9) + IP

Question 25

What’s one of the most aggressive scams and what does it enables?
Level of noise?

Answer 25

-A
sudo nmap -A + IP
It enables the -sO, -sV and nmap script scams.
Very high.

Question 26

What’s the sN command and how to use it?

Answer 26

A scan which tells all the devices connected to a network (similar to netdiscover).
sudo nmap + -sN + IP.

Question 27

What’s the -p command and how to use it?

Answer 27

A specifier of ports, it will only scan the port that you choose.
sudo nmap + -p + Nº of the port + IP
you can choose more than separating them by a coma (80, 30, 90) or by a range: 1 -100

Question 28

What’s the -f command?

Answer 28

A command that’ll scan 100 ports (100 most used).

Question 29

How to save a nmap result?

Inside a file and creating one

Answer 29

inside a file - 
sudo nmap -sV + IP + >> + name of archive.txt
(use cat after it to read the text)
to create a file - 
sudo nmap + oN + name + -sS + IP

Question 30

What is a firewall and a IDS?

Answer 30

A security system that monitors network traffic, there are network and host based firewalls (which only filters what goes through a specific machine).
IDS is intrusion detection system (software).

Question 31

What is a decoy and how to use it?

How to hide it more?

Answer 31

Its when the scam you’ve done is split into more ‘decoys’ that you have created, the IDS will detect them but won’t know which one is the real ‘you’, so you hide your IP.
sudo nmap -D + RND:+number of IPs u want + IP

sudo nmap -D + type the IPs yourself so you can hide the original one even more (separate using coma). (sudo nmap -D 192.168.5.3, etc)
ME = your ip.

Question 32

What is the -T command and how to use it?

Answer 32

Its a scam for IDS evasion.

sudo nmap -T + 0/1 + IP

Question 33

How to create a code inside a nano file?

Answer 33

Use + .py at the end of the name of the archive, so it will be opened and coded on python.

Question 34

How to open a nano file after you’ve finished it?

Answer 34

Just type nano + name of archive, it will let you edit all again.