Scanning

Scanning is one of the three components of intelligence gathering of an attacker.Scanning is the second phase in steps of hacker.
Through scanning , hacker find the info. regarding victim sytems , like OS , System Architecture , IP adresses , service running on computer
to discover which ports are active , etc.

 

Port-scanning-Procedure
Port scanning Procedure

 

Basically there are 3 types of scanning which as follows :

  1. Port Scanning
  2. Network Scanning
  3. Vulnerability Scanning

Port Scanning : – A series of messages sent by someone attempting to break into a computer to learn about the Computer’s network services.
Each associated with a well known port number.

Network Scanning : – A procedure for identifying active hosta on network. Eother for the procedurethem or for network security assesment.

Vulenrability Scanning: – The automated process of proactively identifying vulnerabilities of computing systmes present in a network

Port scanning Procedure : –
1. ICMP Scanning
In this type of scanning, By pinging all in network finding the up hosts , it can run in parallel o that it can run fast.
It can also be helpful to tweek the ping timeout value with the -t option
ICMP-Scanning

2. Angry IP Scanner :-
It is used for Window Platform , can scan IPs in any range.its simply ping every IP to check if it is alive.

3. Firewalk Tool

It is a tool that employs traceroute like technique to analyze IP packet response to determine gateway ACL filters and map networks
it determine the filter rules of victim place.

Check for Open Ports
Three way Hand Shake take place for checking the Open ports.
Tools used for checking Open Ports

I will surely  post about  Tool used for Port scanning.

We got the live systems , its open ports and knowing about services our next step is Banner Grabbing/OS fingerprinting.
Os fingerprinting is the method to determine the operating system that is running on the target system.And its also have two made Active and passive.

Active stack Fingerprinting.
Based on the fact that OS vendors implement the TCP stack differently specially crafted packets are sent to remote OSs and the response is noted. The responses are then compared with a database to determine the OS. The firewall logs your active banner grabbing scan since you are probing directly

Passive Fingerprinting
Passive bannergrabbing refers to indirecetly scanning a system to reveal its OS system its also based on the diffrential implantation of the stack and the various ways an OS responds to it.It uses sniffing techniques instead of the scanning techniques. It is less accurate than active fingerprinting

There are also various tools regarding Bannergrabbing which are discuss in this post.

Vulnerability Scanning
Bidiblah Automated Scanner -: It automates footprinting, DNS enumeration , banner grabbing, port scanning , and vulnerabilities assessmnent into a single program. its methodology

Port-scanning-Procedure

ISS Security Scanner
ISS provide automated vulnerability detections and analysis of network systems
it perofrm automated , distributed or event driven probes of geographically dispersed network services .OS. routers/switches. firewalls and applications and then displays the scan results

Port-scanning-Procedure

  • Nessus
  • GFI LANGuard
  • SATAN (Security Administartor’s Tool for Analyzing Networks)
  • Retina
  • Nagios
  • Packet trap’s pt 360 Tool suite
  • Nikto

After finding the vulnerability , hacker have to draw network Diagrams of Vulnerable Hosts. For Network Diagrams i made a list which can hep you in it.

  • Friendly Pinger
  • LANsurveyor
  • IPsonar
  • LANState
  • Insightix Visibility
  • IPCheck Server Monitor

And the last step is regarding Preparing proxies. So here you can learn about proxies which is useful for this purpose.

Hope you are getting all the session, if have any query just ask in comment sections.
Keep visiting !!

 

 

 

How to bye pass Firewall

How to bye pass Firewall

To bye pass the Firewall you must know the firewall identification means full information about Firewall like type , version , and rules of almost every firewall on a Network.

How to bye pass Firewall
How to bye pass Firewall

These are three technique for Firewall Identification

 

  • Port scanning
  • Firewalking
  • Banner grabbing

Port Scanning (How to bye pass Firewall)

Some firewalls have obvious signatures
  • Check Point’s FireWall-1 listens on TCP ports 256, 257, 258, and 259
  • Check Point NG listens on TCP ports 18210, 18211, 18186, 18190, 18191, and 18192 as well
  • Microsoft’s Proxy Server usually listens on TCP ports 1080 and 1745

Here we are providing you , the ways by which you can conceal your Scanning

  • Randomize target ports
  • Randomize target addresses
  • Randomize source ports
  • Distributed source scans
  • Using multiple computers on the Internet, each taking a small portion of the scanning targets
These techniques will fool most IDS systems with default rules.
And here are the Countermeasure of above
  • Block unneeded ICMP packets at your border router
  • Use an Intrusion Detection System, such as Snort
  • IPPL is a Linux daemon that detects port scans (link Ch 901)
  • Cisco routers have ACL rules to block scans

Firewalking (How to bye pass Firewall)

Firewalking is a method to collect information from remote network that are behind firewalls. Firewalk Looks Through a  Firewall

How to bye pass Firewall
How to bye pass Firewall
 In above figure  , Suppose The target is Router3
We want to know which ports Router3 blocks, and which ports it allows through.
Phase 1: Hopcount Ramping
  1. First Firewalk sends out a series of packets towards the destination with TTL=1, 2, 3, …
  2. When the target (Router3) is reached, that determines the TTL for the next phase
  3. In this example, the Target is at TTL=3, so all future packets will use TTL=4

 

Phase 2: Firewalking

  1. TCP or UDP paclets are sent from the scanning host to the Destination
  2. They all have TTL=4

Firwalking Countermesure

  • You can block “ICMP TTL expired” packets at the gateway
  • But this may negatively affect its performance
  • Because legitimate clients connecting will never know what happened to their connection

Banner Grabbing

Banner are messages sent out by network services while connecting to the service.They announce which service is running on System

Banner grabbing is simple method of OS detection, its also help to find services runs by Firewall. there are three measure services send out through it is TELNET , FTP and Web Server.

Banner Grabbing Countermeasures

  • Eliminate the open port on your firewall
– A management port should not be open externally anyway
  • If you must leave the ports open on the external interface of your firewall
–Change the banner to display a legal warning reminding the offender that all attempts to connect will be logged

How to bye pass Firewall

Breaching  Firewall

Byepassing a firewall using HTTP Tunnel

Placing Backdoors through Firewall

Hiding behind a Covert channel : Loki

The above topic and tools to bye pass firewall cover in next post as How to bye pass Firewall 2