Warning! Reading below this point means that you agree any action is of your own choice and free will. I take no responsibility for how you use this information. Please use good judgment and caution with the information given. Use your own machines for testing!
Lets get started, the scanners I will be using today are offered inside of the backtrack series. My specific series is Backtrack 4 r2.
Nmap: Insanely powerful scanner
AMap: Awesome script, truly awesome
Telnet: Yep, you read it right. TELNET
Lets start with NMap, Nmap is a F*ck tastic tool used to scan a target(s) for open ports. Among other things it can find out whats running on those ports (-sV), Identify the operating system (-O), and be a ninja of stealth to evade IDS Systems and Firewalls. An example of the command is:
This performed a simple ping scan over my a subnet (note ip/24). To show some more powerful options here we will run the -sV and -O commands next and just for a touch of spice force nmap to only target port (-p) with TCP (T:) on port 21 (-p T:21).
Easy peasy right? Look over the nmap manual for even more things. Nmap has tons of security features that allow us to dodge detection, get around firewalls for results, and be all we can be. On top of all that it allows us to use/make scripts. I wont tell you or show this feature but I will let you know that it can help for automated detection of vulnerabilities by having it check the service & Version numbers against our database of exploits.
AMap: OH SHI-
AMap is included with Backtrack and is a script I recently just started using, but boy is it worth it. I’ve had AMap return information that I could not retrieve with Nmap or a custom made scanner. Learn it love it, use it.
Below is me showing AMap -B and -A
Netcat. A utility tool that can be used many different ways, one of my favorite ways is port scanning. Netcat can be used to listen to connections, send connections. We have seen it used as a backdoor to send a terminal and simply used it to listen for a connection on our ports. Today we use it for scanning. For this we will use -v -w -z and -n. -v(v) is verbose. Will show more information about our connection -w is a timeout -z is used for scanning.Last but not least Telnet. Telnet is built in with most systems now adays, although disabled by windows vista and seven for “security” issues. It is easy to re-enable. Google-fu to find your way through. Telnet is a unique tool used to connect to another computer on a specified port. In our case we will use telnet to connect to port 20 (ftp data port) and 21 (ftp port). A response considers the port open, and a reject considers the port to be closed.
Now with this being shown you will eventually try this. If you try this vs some services such as port 80 (http) you will not get a response (text) instantly and can take a note of it connecting as it is open BUT you are interested in that banner of theirs arnt you? Service information is needed! So after connecting to it we will type in a command like GET or HEAD (seen in HTML)
Well thats it for our first session. I’ll do my best to make one article a day. At the least one to three articles a week.