Thursday, June 21, 2012

OS Fingerprinting: Beginner tools


In Activity 5-1, NMAP was used to send packets (Port Scan) with SYN flags set to IP addresses within your local network. The last step was to specify either SMTP or HTTP services running on 5 IPs locally. The results of the SMTP (Port 25) scan on the 5 IPs reassured me that security was configured on my network. All SMTP ports on all IPs were filtered, indicating that a firewall or other network device was acting as an obstacle. Evidence that a firewall/router exist does give the hacker information that furthers there curiosity. If security was not configured on the network and a port was open, a hacker could connect to my network using the open port.

 SYN Scan on SMTP


In Activity 5-2, NMAP as well as tcpdump were utilized to gather information. SYN, ACK,FIN,XMAS Flags were set on individually on four packets using NMAP. Results show none of the 6 Host scanned were “up” and responding to the initiations to communicate. While a host is “up” it indicates that the IP scanned is indeed a valid active IP. Hackers can glean OS fingerprint details with NMAP Port scanning, because each OS responds in a different way to a packet. NMAP can give a Hacker the services running and version numbers as well by manipulating the commands.

(Notice the change in Syntax ,-sX, -sA, etc.)



In Activity 5-3, hping, fping and tcpdump were used to craft packets and observe the TCP data from the command entered, respectively. Results of this activity show that when crafting a packet with the optional flags (SYN,ACK,FIN) to an IP in my network generate very different responses. The SYN Packet returned a host unreachable. Both the ACK and FIN Packets returned a Reset Acknowledgment. Fping was helpful and would be to hackers because the -g option list the host that are alive .With this information the hacker can narrow down his target from the live host. 

hping



tcpdump output

 

In Activity 5-4, VI was used to create a script to list all IPs in a range and print to a text file that may be used with NMAP or FPING. The script defined and initialized variables needed to accomplish the task. A do-while loop was constructed to tact on the last octet in an increment of one. Modifying the permissions with chmod command allowed for Myshell to become an executable file. Scripts a crucial to a good hacker, because when the system is breached they can quickly type it up and run it on the target system. Scripts are clean and easy for a hacker with proper permission and escalation. Much of the malware created are from Javascript and vi, creating .exe files to hack systems.

VI Script
Script Output



In Activity 6-1, NBTscan was used in the BackTrack environment to highlight systems using NetBIOS. Information gleaned from this command are the NetBIOS names and services running. The Big find is that you know which host are running Windows OS, along with matching IP/MAC addressing. I found three systems on my network returning NetBIOS information.

In Activity 6-2, Net View, Net Use, and nbtstat windows commands were ran to discover a local computer to return the services running, enumerate and potentially access devices. Information from the returned above commands could assist a hacker in mapping your network. The vulnerabilities are really in the information returned, each details is like a small chip in the glass until they breach your system. Some Shares include evident high interest data , such as a PASSWORD Share. Targeting the Share and accessing it the hacker would be authenticated and run rampant on the system.

No comments:

Post a Comment