Intro to Programming Database Internet of Things IT Project Management Networking Web Development Security For Research Students

Introduction

Network security concerns attacking and defending networks from others.
The current contents are:

Any questions or comments should be directed to: The creator's email

NMap

NMap is a network reconnaissance tool.

To get help.

To see the list of options available on NMap, type:

nmap -h

NMap has an official site.

To list machines and their nature on a subnet.

nmap -sn -sL <network node IP>/<mask>

The mask must be in CIDR prefix notation (i.e., with the slash) and must not be separated from the network node by a space.

This will list all devices in the subnet and their domain names.

To list operating system, open ports, services and versions

nmap -sV -O <target IP>

The -sV option will identify all open TCP ports within the port range 1-1000, services and versions. The -O option will identify the operating system.

To expand on the ports searched, do:

nmap -sV -p T:1-65535,U:1-65535 <target IP>

This will search all open TCP and UDP ports (from 1-65535). Note this takes a long time.

Vulnerability Scanning

NMap comes with two vulnerability testing scripts: (1) vuln and (2) vulners. In addition, you can download a third vulnerability testing script, vulscan by saying:

sudo git clone https://github.com/scipag/vulscan

Each of the scans will check for different, but overlapping vulnerabilities. Vulners will attempt to report discovered vulnerabilities to vulners.com

To run the vuln scan, type:

nmap -sV -script vuln <target IP>

To run the vulners scan, type:

nmap -sV -script vulners <target IP>

To run the vulscan scan, type:

nmap -sV -script ./vulscan/vulscan.nse <target IP>

This assumes vulscan was stored in the vulscan directory off of your home directory.

A list of NMap scripts can be found here.

Any questions or comments should be directed to: The creator's email

Metasploit

Metasploit is a framework for attacking a machine. It comes with a large array of built-in attack scripts. Metasploit can be linked to NMap such that the result of an NMap vulnerability scan is stored in the Metasploit database.

The Metasploit database is in PostgreSQL. To start PostgreSQL, type:

systemctl start postgresql

To create the Metasploit database (only need to do once), type:

sudo msfdb init

To start Metasploit, type:

msfconsole

Getting help in Metasploit

To get help in Metasploit, type:

help

Using NMap in Metasploit

Once the Metasploit database is created, you can invoke any NMap command in Metasploit using the db_nmap command. This works just like NMap, except any identified vulnerability will be stored in the vulnerabilities database.

To see the vulnerabilities, type:

vulns

Searching For and Using Exploits in Metasploit

The "search" command is used in Metasploit to retrieve modules to attack a system with. Common things to search for are:

For example:

search platform:linux type:exploit app:ftp

Will search for exploits that target FTP on Linux.

The search will enumerate the various modules by number. Once you identify the module, you can summon the module by saying "use <module number>.

In many cases, the module will require you to fill out one or more options before it can be executed. To see what the options are, type:

options

Options labeled Required- Yes must be filled. To set a value for an option, type " set <option> <value>. For example, one common option is the rhosts option which is the IP address of the target machine:

set rhosts 192.168.0.45

Many modules can change payloads. A payload is the actual task you want to execute once you have successfully penetrated a machine. For example, you might want to install a backdoor. To see the list of available payloads for a module, type:

show payloads

This will list all payloads for the module, with each payload being assigned a number. To change payloads, type "set payload <number> where the number is the number assigned to that payload.

Once you are ready, type "run" to execute that module.

Any questions or comments should be directed to: The creator's email