Task 9, Day 04, Scanning Scanning through the snow

Types

Two types of scanning based on intrusiveness of info gathering:

Passive Scanning

Scanning without directly interacting with the target device. Usually packet capture and analysis tools like Wireshark (doo doo doodoo doo doo). Basic asset info like OS version, netwrok protocol, etc, of target.

Active Scanning

Scan individual endpoints of network for more detailed info. Involves sending packets or queries directly to assets instead of just catching what goes by.

Techniques

Three standard techniques for effective info gathering:

Network Scanning

Helps discover complete network, any live hosts, open ports, IP addresses, services. With network mapped, attacker can execute exploits on known systems.

Port Scanning

Method of examining open ports capable of receiving/sending data. Reveals three types of ports:

  • Closed - Host not listening to port
  • Open - Host actively accepts connection to port
  • Filtered - port is open, but host isn’t accepting connections, or accepting connections based on certain criteria (i.e. specific IP address).

Vulnerability Scanning

Proactively identifies network’s vulns in an automated way. Tools identify loopholes through a pre-build db of vulnerabilities. Tools include Nessus and Acunetix.

Tools

Nmap

Port scanning, discover network protocols, ID running services, detect OS on live hosts. Recommended scans:

  • TCP SYN - nmap -sS IP address
  • Ping - nmap -sn IP address
  • OS - nmap -O IP adress
  • Services - nmap -sV IP address

Nikto

OSS that scans websites for vulns. Enables looking for subdomains, outdated servers, debug messages, etc., on a website. nikto -host IP address

The Task

Use Nmap and Nikto to get information on qa.santagift.shop. Zenmap on PC couldn’t do -sV scan, but AttachBox could. Nikto returns interesting info. Samba is accessed through file explorer, smb://IP address in address bar.