SCANS Flashcards
heavily enable reconnaissance, and information gathering. This intelligence can reveal vulnerabilities that cyber threat attackers can exploit and use as attack surfaces
Scanning and enumeration
is the process of collecting information without performing any analysis to identify a host, or obtain more details on a host.
Scanning
is performing cursory analysis on the data collected from scanning to identify one or more hosts, or gathering more information on a host to discover additional details on the target. The goal of _______ is to establish a numeric understanding of the target and enables the identification and collection of important information about the target
Enumeration
Successful enumeration and scanning can reveal possible ___________ and provide insight on the vulnerabilities that our targets attack surfaces are exposed to.
Attack Surfaces
are the set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from.
Attack surfaces
is any weakness that exists within a targets device, software and/or network that can be exploited in order to deliver a payload and cause harm to the target.
Vulnerability
Characteristics of scanning and enumeration: is the recording, aka sniffing, and analysis of packet streams to determine hosts and network characteristics
Passive fingerprinting
- Passive collections will leave little to no evidence of the scans being performed by not interacting with host machines on the network.
- This technique avoids the 4 D’s (deny, degrade, destroy, disrupting) to the network and host machines, and prevents alerts from occurring
Characteristics of scanning and enumeration: are a grouping of information that can be used to identify the software, network protocols, operating systems and the hardware that may be in use on a network
Fingerprints
What process focuses on establishing a numerical understanding to collected information pertaining to a target network?
enumeration
What is the process of collecting information without performing any analysis to identify or obtain more details on a host?
Scanning
is the process of sending normal or malformed packets to a target, and monitoring it’s response.
involve interaction with network machines, which may alert users on the network through logs, alerts, or artifacts left behind.
Active fingerprinting
Analyzing the target’s response may help fingerprint the target and determine the security measures that may have been placed. Pertaining to port scanning, 1 of 3 responses will be received:
- Open, Accepted – host responds and awaits further instructions
- Closed, Not Listening – port currently in use and unavailable
- Filtered, Dropped, Blocked – host does not respond
involve interaction with network machines, which may alert users on the network through logs, alerts, or artifacts left behind.
Active scans/fingerprinting
Some Active Fingerprinting tools that an attacker may use to gather information on a target network, include the following:
- NMAP
- Xprobe2
- CronOS
What fingerprinting method is considered to be more overt? Active or Passive?
Active
What three responses are provided when port scanning?
- open
- closed
- filtered
Port and Service Identification
is part of the fingerprinting process. In the client-server communication relationship, the client has the ability to request one or more services from a server.
Port and Service Identification: that are identified when analyzing network traffic between a server and client, can often reveal what services a client may be requesting from a server, and allows the client to know what services the server is sending back to the client
port numbers
Port and Service Identification: caution
Remember, the ports may be set or modified by the administrator. An example of this would be if port 22 (ssh) was changed to port 2222 for security measures
Analyzing what, can reveal services that a client is requesting from the server?
port numbers
True or False: Port numbers are always static
false
Port and Service Identification
These common ports are associated with certain host machines and servers
is a tool used to discover live hosts, services, network inventory, managing service upgrade schedules, monitoring host or service uptime, filters/firewalls, or specific operating systems by analyzing the response from the raw IP packets sent to a target system
Nmap
Angry IP Scanner advantages
- The biggest advantages to Angry IP Scanner is the ease of use and flexibility that it provides to the user as a tool. Angry IP allows for the saving of favorite IP ranges, utilizes an easy to use GUI, uses multi-threaded scanning for faster response times and provides flexibility when exporting results into a CSV, TXT or XML file format.
- This flexibility is also seen in the open source nature of the tool, which allows for easy customization of the source code, as well as the ability to use additional plug-ins to provide greater information returns.
Nmap analyzes the response from what type of packets that are being sent to a target system?
TCP, UDP … depends on what you send out
Angry IP Scanner:
is powerful tool that is capable of providing a vast array of information about a target; revealing host names, MAC addresses, NetBIOS information (such as the computer name, workgroup name, and currently logged in Windows user), favorite IP ranges, detecting web servers, and more
Angry IP Scanner
True or False: NMAP is a tool that can identify and fingerprint network hosts and devices from PCAP files captured from ethernet or WiFi data.
false
Angry IP Scanner: was a legacy command line port scanner dedicated to the Windows OS that utilized ICMP to conduct its scans and targeted all TCP and UDP ports. Today ScanLine no longer exists and the tools we use have a much broader scope and capability.
Scanline
Angry IP Scanner: was not designed with the sole purpose of being an offensive security tool; it lacks the ability to conduct stealth-scanning methods that other scanning tools are able to utilize.
This means that targeted networks and systems may be able to easily detect scanning if using Angry IP, as opposed to Nmap
Angry IP Scanner
Angry IP Scanner: is an great GUI based alternative network scanning tool, that is able to function with ease on Windows, Linux and MacOS and provides the ability to quickly scan any range of IPs (as the name suggests), and ports, as well as various other functions.
Angry IP Scanner
What operating system can Angry IP Scanner run on?
any
True or False: Angry IP Scanner is a cross-platform scanning tool that can uncover information about a target in an undetectable manner?
false
Services like FTP servers, web servers, SSH servers and other systems expose confidential information like software names, versions and the OS it is running. All of this information is known as?
banner data
If an attacker can grab this _________, it could easily lead them to vulnerabilities that they can exploit against their target.
banner data
Technique banner grabbing: Within banner grabbing, there are two different techniques
Active banner grabbing, and Passive banner grabbing
is the act of obtaining software banner information, either manually or using tools that perform this function automatically
Banner grabbing
Technique banner grabbing: is the most widely used method of grabbing banner data.
This is active because the connection is logged in the remote system. This method can often times, be detected by intrusion detection systems, and therefore is much more overt.
Active Banner Grabbing
Technique banner grabbing: provides nearly as much information, yet is able to avoid the exposure and scrutiny from the origin connection
Passive Banner Grabbing
The following tools, functions or protocols can be used to perform banner grabbing
- cURL
- Burp Suite
- Dmitry
- Netcraft
- Netcat
- Niko
- Nmap
- Telnet
- Wikto
- Wget
What is the act of gathering banner data either manually or through the use of tools?
banner grabbing
True or False: Banner data consists of services like TP servers, web servers, SSH servers, software names, OS versions and open ports/
True