Terms
| Port | Protocol |
|---|---|
| 21 | FTP Control |
| 20 | FTP Data |
| 23 | Telnet |
| 25 | SMTP |
| 53 | DNS |
| 80 | HTTP |
| 110 | POP3 |
| 143 | IMAP |
| 443 | HTTPS |
Firewall : It is part of network security system. Monitor internet traffic within network and outside of the network.
IDS : IDS stand for Intrusion Detection System. It is used to monitor data traffic and detect unwatched packets
IPS : IPS stand for Intrusion Prevention System. Used to monitor as well as prevent the packets.
Vulnerabilities
It is a weakness which can be exploit.
Types of vulnerabilities
Network Vulnerabilities : Poor firewall configure
OS Vulnerabilities : Programming error, Crack
Human Vulnerabilities : Social engineering
Process Vulnerabilities : Week password
Phases
Information gathering (Reconnaissance), Scanning, Access(Gaining Access), Maintain(Maintaining Access), Clear(Clearing Track)
Foot Printing
Gathering information and weakness about a target system which can be used to execute a successful cyber-attack.
Types of Foot Printing
Active Foot Printing : To perform foot printing by getting in direct touch with the target system.
Passive Foot Printing : To collect information of a system located at a remote distance from the attacker. (Network Through)
What do we gather?
VPN. URL, Email ID and Password, IP Address, Firewall, Open Ports, Closed Ports, Operating System, System Version, Domain Name
Sources : Social Media(Instagram, Facebook), Social Engineering (Friends, Trusted), Agent, Website, WHOIS
Type of Social Engineering
Shoulder Surfing : An attacker tries to catch the personal information like email id, password etc, of the victim by looking over the victim's shoulder.
Eavesdropping : An attacker tries to record personal conversation of the target victim with someone that's being help over communicate mediums like telephone.
Who.is Website
Nmap
NMAP
NMAP stand for Networking Mapping Tool.
Foot printing tool for information gathering of the website.
It can be known by firewall that you are using NMAP. So do it anonymously.
Example 1) major IP block : provide IP ranges across the country.
Example 2) who is : Provide who is using this IP.(who is <IP>)
Example 3) nsloookup : For finding the organization and also an IP. (nslookup <IP/website>)
Overview : Ports, Topology, Protocol, IP Address, DN
Types of NMAP Scanning
Normal Scan, Interface Scan, Idle Scan, Xmas Scan, Scanning using scripts, Scanning TCP and UDP ports, Scanning IP list, TCP connect scan, TCP flag scan, Half open flag scan, Inverse TCP scan, ACK, scanning
Nmap -y <IP> (Basic command -v = version number)
Nmap scans 1000 ports by default
Nmap -h (for detailed information)
Go to official website for scanning practical)
| Commands | Description |
|---|---|
| nmap -h | Detailed information of namp |
| nmap -v scanme.nmap.org | Detail of Nmap website |
| nmap -v (website url) | Detail of any website |
| nmap -v (IP Address for website) | Detail of any website |
| nmap -sV <ip> | Service version |
| nmap -A <ip> | Aggressive scan |
| nmap -F <ip> | Fast and gives most commonly service, scan 100 ports |
| nmap -A -p- | Scan all |
TCP Connect Scan
TCP scan : Establish a three way connection
For Open Port
Host----------SYN---------->Target
Host<----------SYN+ACK----------Target
Host----------ACK---------->Target
For Closed Port
Host----------SYN---------->Target
Host<----------RST/ACK----------Target
For Filtered Port
Host<----------No Response----------Target
Half Open Syn Flag Scan
For Open Port
Host----------SYN---------->Target
Host<----------SYN+ACK----------Target
Host----------RST---------->Target
For Closed Port
Host----------SYN---------->Target
Host<----------RST/ACK----------Target
Note: IDS and Firewall can detect this type of Attacks.
Commands | Description |
|---|---|
nmap (IP address) | Single IP |
nmap (Website url) | Host |
nmap (IP address)1-10 | Range of IP |
nmap (IP address)/24 | Subnet |
nmap -p 80 (Website url) | Single Port |
nmap -p 20,40,80 (website url) | Multiple Ports |
nmap -F (Website url) | 100 ports |
nmap -p- (Website url) | All Ports |
nmap -o (Website url) | Check operating system |
Inverse TCP
| Commands | Description |
|---|---|
| nmap -sF (Website url) | Sends packet with FIN TCP header |
| nmap -sX (Website url) | combines FIN, Urgent, PUSH flags |
| nmap -sN (Website url) | Sending NO flags in TCP header |
