karthy Posted July 16, 2023 Share Posted July 16, 2023 INTRODUCTION So you have connected to an unknown network. maybe a wifi network, you wanna know what devices are connected to the network. you can use Nmap to find live hosts on the network which is really usefull, maybe you want to do some OS fingerprinting which means you wanna determine what OS is running on the live host. apart form this nmap also has a scripting engine, The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. I Will go over the basics please pay attention, i will include pictures for ease of understanding. there is also zenmap with is the gui version of Nmap i am not fond of it i prefer you use the cli version of nmap. If you are using windows you can install nmap inside cygwin. Nmap Basic Usage First and foremost you can get all the flags and options by running the command This is the hidden content, please Sign In or Sign Up Once you are in a network. The fist thing you would want to do is to reduce the no. of IP's I mean we dont need all the dead hosts. We need to figure out what hosts are online i will teach you how to do that now this step is called as Host Discovery best thing you can do is -sn this will list all the alive hosts and skip port scan(it will be faster) this is also known as ping scan there are other scans you can do but we will not get into that for now, i will edit the guide later This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up I just scanned my network. and by the way you are seeing multipile "Tp-link Technologies" because that is my repeater. go ahead and scan your network and see what results you get maybe someone is piggy backing on you connection you never know. don't just read my tutorial do the things i do so you get a hang of it. Port Scanning Once you get a list of all IP's which are alive you can do something called as port scanning there six port states recognized by Nmap open, closed, filtered, unfiltered, open|filtered, closed|filtered. Finding an open port is our goal if a port is open it might be suseptable to attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.Doing a port scan is simple you just do This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up I have scaned my router for open ports you can see a bunch of ports popped up. Look port 80 is open now we know the admin panel is being served without ssl which means anyone in the network and sniff it out. OS Detection One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. and figures out what OS is running on the target system. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up As you can see it detected the os perfectly I used the -v flag for verbose reults. Service and Version Detection When you do a scan with nmap and it finds an open port using its inbuilt database it will tell for example if port 80 is open that it is a http service howerver you must tread carefully because when security is concerned people can host any other service in port 80 instead of http. When doing vulnerability assessments (or even simple network inventories) of your companies or clients, you really want to know which mail and DNS servers and versions are running. Having an accurate version number helps dramatically in determining which exploits a server is vulnerable to. Version detection helps you obtain this information. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts