Practical Network Scanning
Dear Security Professionals,
Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. Scanning procedures, such as ping sweeps and port scans, return information about which IP addresses map to live hosts that are active on the Internet and what services they offer. Another scanning method, inverse mapping, returns information about what IP addresses do not map to live hosts; this enables an attacker to make assumptions about viable addresses.
Scanning is one of three components of intelligence gathering for an attacker. In the foot printing phase, the attacker creates a profile of the target organization, with information such as its domain name system (DNS) and e-mail servers, and its IP address range. Most of this information is available online. In the scanning phase, the attacker finds information about the specific IP addresses that can be accessed over the Internet, their operating systems, the system architecture, and the services running on each computer. In the enumeration phase, the attacker gathers information such as network user and group names, routing tables, and Simple Network Management Protocol (SNMP) data.
Page 4: Smart traffic sniffing for penetration testers with Net Ripper
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipper was released at Defcon 23, Las Vegas, Nevada.
Page 12: Mass 'Dark Web' Scanning With PunkSPIDER
A while back we did some work in scanning Tor hidden services for vulnerabilities. Moreover, we did a massive scan of the Tor network for web app vulnerabilities as part of our PunkSPIDER project and released these as part of our PunkSPIDER Community Edition. There were questions about our methodology here. I wanted to get into, technically how we did this and what problems we encountered.
Page 26: Getting started with Nmap
Use the operating system that works for you. Nmap will run on a Windows system, however it generally works better and is faster under Linux so that would be my recommended platform. In addition having experience with Linux based systems is a great way to get access to a wide selection of security tools.
Page 39: How To Use Nmap to Scan for Open Ports on your VPS
Networking is an expansive and overwhelming topic for many budding system administrators. There are various layers, protocols, and interfaces, and many tools and utilities that must be mastered to understand them. This guide will cover the concept of "ports" and will demonstrate how the nmap program can be used to get information about the state of a machine's ports on a network.
Page 54: Analyzing Apache Log Files
The server access log records all requests processed by the server. The location and content of the access log are controlled by the CustomLog directive. Of course, storing the information in the access log is only the start of log management. The next step is to analyze this information to produce useful statistics.
Page 72: Remote Code Execution in Dolphin Browser for Android
An attacker with the ability to control the network traffic for users of theDolphin Browser for Android, can modify the functionality of downloading and applying new themes for the browser. Through the exploitation of this functionality, an attacker can achieve an arbitrary file write, which can then be turned into code execution within the context of the browser on the user's device. The only user interaction this requires is selecting, downloading, and applying a new Dolphin Browser theme.
For more technical articles available on our website, subscribe to Hack Insight and receive:
--> 24 unique magazine editions per one year.
--> Access to all the previous releases from the archives.
--> Access to special publications, workshops and video tutorials.