Jump to content
slacker

Scanning ( path to a succesful attack )

By slacker, in Tutoriale in engleza

Recommended Posts

slacker Newbie

slacker

Posted
Posted (edited)

Scanning is the the process where a hacker will try to know something more about the computer or the site he/she is trying to attack.

There are a lot of different ways to scan a victims computer and i will show below some of them and the programs used.

1- ANGRY IP

Angry IP is a program that not only tries to scan a computer for open ports but that ATTEMPTS to connect to them and to the shared drives on the computer ...

Download angry ip ( its free so google it ) and install it. The GUI of the program is quite simple to understand. If your are going to scan just one ip ex ( 120.0.1.2 ) than range is from 120.0.1.2 to 120.0.1.2 . If you know some of the characters of the victims IP lets say for ex the first to series 120.0.xxx.xxx than range it from 120.0.0.0 to 120.0.255.255 ... that will scan all possible IP's through the internet that have that range. After the scan finishes you can see the open ports on your victim. Most common ports opened on a computer are :

port 80 : http protocol

port 21 : ftp protocol

port 25 : smtp service ( email )

port 139 : windows shares

there are also other ports but may vary from the application for example various games use big ports generally ranged from 3000 - 8000 depends on the game. Various internet applications like hamachi use ports like 17771 etc etc

Than after the scan you can right-click on the ip and go to "connect to computer" which will try to connect to the victims computer ... the connection may vary depending on the firewall and windows setting the victim has.

Ways to not make your drives hackble through angry ip and protect information ? :

1- host-based firewalls

2- restrict anonymous

3- blocked sharable drives ( C$ and ADMIN$ )

4- restrict null sessions

2-LANGuard

The LANguard application not only scans a target for open

ports and services but has an integrated penetration testing feature that

looks for weaknesses in the target operating system (OS) by running

predefined scripts against the target.

Google for the program, download it and install it. Than enter the IP or hostname of your victim and start the scan

Fun part after the scan : If your target is not secure enough ( which is on 99 % of the cases where ppl only buy a pc to enter facebook ) the application may find several pieces of valuable information like the MAC address, the name of the currently logged in user, shared drives, users, network cards, and other things ...

NOTE : if the target is running OS with old service packs, scripts included in LANGuard may identify the flaws during the scans directory traversal and the attacker depending on the flaw may do a dos attack which may later result in an easy exploitation of the victim and control over his pc

ways to prevent yourself from getting hacked with LANGuard :

1- host based firewalls

2- blocked sharable drives

3- update OS with latest updates

3-FScan

FScan is a tool from foundstone which is unique for scanning because it scans a victims pc in a "quiet" mode to avoid being detected from IDS's ( intrusion detection software ). FScan also allows scanning a certain port for ex port 80 ( which most firewalls keep unblocked ).

From the fscan directory run a cmd and type

fscan <options> (ip address) #port

as options of fscan we have -i, which scans ports allowed by firewall of victim, -q which pings the vitcim before scanning, -r scans in a random order

example a command would be

fscan -qr 196.168.130.120 ( you can put or not a port number its ur choice )

the scan will show the open ports in the target

NOTE : older versions of FSCAN cannot scan port 23 because of a coding error of the program

ways to not get scanned with fscan :

1- host-based firewalls

4-LanSpy

LanSpy is an application that is used to scan computers within the LAN range. How can this become useful ? If you go in vacations in another city or state and you go in an internet cafe, computers there are connected in LAN and if you feel bored hack em XD ... despite of that ... LanSpy identifies information of victims in lan such as mac addresses, hosnames, operating systems, and other info ...

Install LanSpy and enter target ip and click on green arrow to start. Results will be displayed showing all ports open.

Note : LanSpy is the perfect tool to preform quick scans of a computer rather than slow programs

ways to protect ? :

1- host-based firewalls

2- disable/uninstall unnecesary services

5-Netcat

The netcat application has many uses; one is the ability to

scan a target for open ports and services. Another utility, cryptcat, is

almost identical except that it operates with encryption.

to use from a prompt on netcat dir type the following command type :

nc <options > <Hostname or IP Address> <Port Range>

example : nc -v -r -w2 -z 192.168.100.0 -1024

- The –v option instructs netcat to run in verbose mode, allowing you

to see the progress of the scan.

- The –r option instructs netcat to randomize local and remote ports in

an attempt to elude any intrusion detection systems.

- The –w2 option instructs netcat to wait 2 seconds between each port

scanned to help elude any intrusion detection systems.

- The –z option instructs netcat to operate in a zero-I/O (Input/Output)

mode. It is best to use the –z when scanning with netcat.

- The 1-1024 instructs netcat to scan port 1-1024.

from a scan i did to a friend the results were

- 80 (http)

- 7 (Echo)

- 13 (daytime)

- 21 (FTP)

- 17 (Quote of the Day)

- 445 (Windows Share)

- 9 (discard)

- 139 (Windows Share)

- 19 (Character Generator)

- 135 (epmap)

- 443 (HTTPS)

- 25 (Simple Mail Transfer Protocol (SMTP)

ports on interest here are 7, 13, 17, 9, and 19 since these ports are easy to launch a dos attack to

ways to protect :

1- uninstall/disable unnecesary serivces

2- IDS

6-SuperScan

SuperScan has the ability to discover which ports are open

on the target. Identifying the open ports tells an attacker what ports

are available for potential exploit.

download and install

the gui is simple to understand if u see careful through it so i wont go in detail

enter victim IP and scan

below the IP bar it will show a shared drive. Click on "port list setup" and you will see all open ports and services running on the victim. SuperScan by default will preform a banner grabbing too , which is the current program running that uses that port ...

ways to protect :

1- secured firewall

2- bastion servers / workstations

3- secure access control list ( ACL )

OTHER PROGRAMS YOU MIGHT WANT TO TRY ARE :

-TCS CGI Scanner

-FTPScanner

-WGateScan/ADM Gates

Edited by slacker

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...