Learn Ethical Hacking Episode #26: External Nmap Resources

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you some more stuff you can do with nmap. But, more importantly than that, I will show you a tool which you can use to assign a physical location, namely a city, to an IP address. It’s relatively precise, but the downside of it is that you can only make 1,000 queries per day. I mean, 1,000 queries per day is still fairly reasonable, however if you’re doing some form of mass scanning it won’t really help you much. You will need to go online and download additional libraries for that. But, 1,000 is a very good number, and let me just show you how it actually works.

So, here I have a command. This is the command that I’ve used previously, scanme.nmap.org, and to pull information from it. So, it’s curl ipinfo.IO/, and then you get an IP address here, it’s a curl script, just copy/paste that here, and this is the command, curl. This is the argument that you are passing to it along with the IP address. Once you press ENTER it queries the server, and there you go. You have an IP, and you get a host name as well. You get a city, it’s Vermont, it’s region is California, a country, U.S. You even get some coordinates here, organization, postal code, and so on and so forth. So, you get some really useful information here in regard to an IP address. But, as I said, the downside is that you can make only 1,000 queries per a day. So, you’re not doing anything illegal here, you are simply querying a database somewhere in the world to give you specific information on an IP address. You could have done this by simply typing on the net whois, however I wish to teach you how to do these things in the terminal so that you will be less dependent on the browser. Anyway, let me just go ahead and clear this.

What I would like to cover today with you are some external resources which you can use in combination with nmap. Nmap has a wide variety of scripts that are applicable to it, and then you will be able to use nmap in order to scan for particular vulnerabilities on servers elsewhere in the world. Go ahead and open up your browser. Okay, so I have this website, scanme.nmap.org, open here, and on the website there is a link, it’s nmap.org, and then some links here. Look, here we have a list of categories of the sort of scripts I can run with nmap in order to scan for particular vulnerabilities. There are 490 scripts. For example, here are scripts I can use for DoS (denial of service) attacks. Anyway, let’s go and click on one of the links. I’m going to go ahead and click on vuln, general thing, and now I have all these things here. So, if you’re wondering how you can bypass firewall rules, well, simply use a script. It says, firewall-bypass: detects vulnerability in netfilter and other firewalls that use helpers to dynamically open ports for protocols such as ftp and sip. Let’s open it up in a new tab. Once you click on it you’ll get the exact syntax on how to use it, so example usage. Instead of just type in the IP address, and that’s it. Literally, that is the only thing that you need to change here. Copy/paste this command, and then just change the last thing into the IP address that you wish to scan. I’m not going to go through all of them, as I said there are 490 different scripts. We will be using a few of them in the later tutorials where we will get into demonstrations, once we actually start attacking particular services and start exploiting their vulnerabilities. There are many resources here which you can utilize, and I strongly advise you to go on to this website and check it out. This is the most important part for you on this website, it’s the availability of these scripts. So, take a look at what they do, and you can save yourself a ton of time by conducting a scan for certain types of exploits. If I click on exploits, it gives me all various sorts of exploits. For example, if I’m attacking a very secure File Transfer Protocol, it explains in great detail what it does, and if you click on it it’s going to give you the exact syntax which you need to use. Literally, the exact syntax which you need to use. Right next to it you just type in the IP address of whatever host you want, and that’s it. There are no changes, there is nothing else that you need to do, you just copy/paste this, and change the name here.

Anyway, I’m just going to go ahead and scroll up, and I have yet another website that I wish to show you. It’s called exploit-db. So, just type in exploit-db, and the first site that pops up should be exploit database by offensive security. This is one of the largest databases out there in regard to vulnerabilities. You can find them all in one place here. There are some very nice wireless tricks that you can use here, reverse shells, privilege escalation, pretty much everything. We will be using this site fairly extensively in the follow up tutorials, but I just wanted to mention it here so that you can explore it a little bit. Feel free to go through the website. For example, take a look at the router that you are using. Identify the router you are using, take a look at what sort of router was provided to you by the ISP provider, and then go ahead and click on search in the upper right corner. I’m going to click on it and search for the vulnerabilities of home routers. See what you can do with it. You can look at it by a port, there is a free text search, description, order, platform, look at how many platforms are down there. If you don’t know what platform it is just just try a free text search. Type in the name of your router in the text search and it’s bound to give you some vulnerabilities, because most home routers have more vulnerabilities than they should. So, that is the task that I leave you with. I want you to open up this website, exploit database, find a vulnerability with your home router, and once you’ve done that there will be a description of how to use it. Try using it, try exploiting it. If it fails, not a problem. We will get into greater detail regarding routers later on in the course. If you have any questions, feel free to post them in the question section.

Before I leave, once more, over here you have scripts that you can use with nmap to detect particular vulnerabilities. Just click on it, you will get the exact syntax. All you need to do is change the IP address. The website is exploit-db, use this website extensively, it is very good. There are a lot of vulnerabilities on it, pretty much all of them are located there. The site is open, free, anybody can access it, no registration required. With that, I bid you farewell.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Leave a Reply

Your email address will not be published. Required fields are marked *