Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked Nmap Tutorial | beginner friendly | Basics | With Pictures

karthy

By INACTIVE karthy
in Hacking

 Share

Recommended Posts

karthy Initiate

INACTIVE karthy

Posted
Posted

                                                                                                                                                                  INTRODUCTION

So you have connected to an unknown network. maybe a wifi network, you wanna know what devices are connected to the network. you can use Nmap to find live hosts on the network which is really usefull, maybe you want to do some OS fingerprinting which means you wanna determine what OS is running on the live host. apart form this nmap also has a scripting engine, The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. I Will go over the basics please pay attention, i will include pictures for ease of understanding. there is also zenmap with is the gui version of Nmap i am not fond of it i prefer you use the cli version of nmap. If you are using windows you can install nmap inside cygwin.

                                                        Nmap Basic Usage 

First and foremost you can get all the flags and options by running the command 

This is the hidden content, please

Once you are in a network. The fist thing you would want to do is to reduce the no. of IP's I mean we dont need all the dead hosts. We need to figure out what hosts are online i will teach you how to do that now this step is called as Host Discovery best thing you can do is -sn this will list all the alive hosts and skip port scan(it will be faster) this is also known as ping scan there are other scans you can do but we will not get into that for now, i will edit the guide later 

This is the hidden content, please

This is the hidden content, please

I just scanned my network. and by the way you are seeing multipile "Tp-link Technologies" because that is my repeater. go ahead and scan your network and see what results you get maybe someone is piggy backing on you connection you never know. don't just read my tutorial do the things i do so you get a hang of it.

                                                                                                                                                       Port Scanning

Once you get a list of all IP's which are alive you can do something called as port scanning there six port states recognized by Nmap open, closed, filtered, unfiltered, open|filtered, closed|filtered. Finding an open port is our goal if a port is open it might be suseptable to attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.Doing a port scan is simple you just do 

This is the hidden content, please

This is the hidden content, please

I have scaned my router for open ports you can see a bunch of ports popped up. Look port 80 is open now we know the admin panel is being served without ssl which means anyone in the network and sniff it out.

                                                                                                                                                 OS Detection

One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. and figures out what OS is running on the target system.

This is the hidden content, please

This is the hidden content, please

As you can see it detected the os perfectly I used the -v flag for verbose reults.

                                                                                                                                   Service and Version Detection

When you do a scan with nmap and it finds an open port using its inbuilt database it will tell for example if port 80 is open that it is a http service howerver you must tread carefully because when security is concerned people can host any other service in port 80 instead of http.

When doing vulnerability assessments (or even simple network inventories) of your companies or clients, you really want to know which mail and DNS servers and versions are running. Having an accurate version number helps dramatically in determining which exploits a server is vulnerable to. Version detection helps you obtain this information.

This is the hidden content, please

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.