In
Activity 5-1, NMAP was used to send packets (Port Scan) with SYN
flags set to IP addresses within your local network. The last step
was to specify either SMTP or HTTP services running on 5 IPs locally.
The results of the SMTP (Port 25) scan on the 5 IPs reassured me
that security was configured on my network. All SMTP ports on all IPs
were filtered, indicating that a firewall or other network device was
acting as an obstacle. Evidence that a firewall/router exist does
give the hacker information that furthers there curiosity. If
security was not configured on the network and a port was open, a
hacker could connect to my network using the open port.
 |
| SYN Scan on SMTP |
In
Activity 5-2, NMAP as well as tcpdump were utilized to gather
information. SYN, ACK,FIN,XMAS Flags were set on individually on four
packets using NMAP. Results show none of the 6 Host scanned were “up”
and responding to the initiations to communicate. While a host is
“up” it indicates that the IP scanned is indeed a valid active
IP. Hackers can glean OS fingerprint details with NMAP Port scanning,
because each OS responds in a different way to a packet. NMAP can
give a Hacker the services running and version numbers as well by
manipulating the commands.
(Notice the change in Syntax ,-sX, -sA, etc.)
In
Activity 5-3, hping, fping and tcpdump were used to craft packets and
observe the TCP data from the command entered, respectively. Results
of this activity show that when crafting a packet with the optional
flags (SYN,ACK,FIN) to an IP in my network generate very different
responses. The SYN Packet returned a host unreachable. Both the ACK
and FIN Packets returned a Reset Acknowledgment. Fping was helpful
and would be to hackers because the -g option list the host that are
alive .With this information the hacker can narrow down his target
from the live host.
 |
| hping |
 |
| tcpdump output |
In
Activity 5-4, VI was used to create a script to list all IPs in a
range and print to a text file that may be used with NMAP or FPING.
The script defined and initialized variables needed to accomplish the
task. A do-while loop was constructed to tact on the last octet in an
increment of one. Modifying the permissions with chmod command
allowed for Myshell to become an executable file. Scripts a crucial
to a good hacker, because when the system is breached they can
quickly type it up and run it on the target system. Scripts are clean
and easy for a hacker with proper permission and escalation. Much of
the malware created are from Javascript and vi, creating .exe files
to hack systems.
 |
| VI Script |
 |
| Script Output |
In
Activity 6-1, NBTscan was used in the BackTrack environment to
highlight systems using NetBIOS. Information gleaned from this
command are the NetBIOS names and services running. The Big find is
that you know which host are running Windows OS, along with matching
IP/MAC addressing. I found three systems on my network returning
NetBIOS information.
In
Activity 6-2, Net View, Net Use, and nbtstat windows commands were
ran to discover a local computer to return the services running,
enumerate and potentially access devices. Information from the
returned above commands could assist a hacker in mapping your
network. The vulnerabilities are really in the information returned,
each details is like a small chip in the glass until they breach your
system. Some Shares include evident high interest data , such as a
PASSWORD Share. Targeting the Share and accessing it the hacker would
be authenticated and run rampant on the system.
