Dalam melakukan hacking jarak jauh tahap awalnya adalah mengintip
yap memang tepat kata ini digunakan dalam artikel ini , mengintip sebuah port alias service yang dijalankan oleh target dan server , service yang dijalankan protokol TCP ( transmission control protokol ) .
Port apasih yang kita mau intip ? pertanyaan ini sering diutarakan teman-teman saya
ok kita mau melihat gambaran port yang paling umum :
25 SMTP server
80 Webserver
110 Pop3 Server
dll
Semakin penasaran dengan nmap? mari kita pelajari lebih jauh tentang nmap ini
Nmap dirancang untuk melakukan scanning dalam jaringan , melihat operasi yang sedang berjalan
berbagai teknik yang digunakan seperti UDP, TCP , Connect () TCP SYN ( half open ) ftp proxy (bounce attack), Reverse-ident, ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, dan Null scan. , nmap juga menyediakan fitur remote os ( ping sweep ) FIN , ACK Sweep . Xmas Tree SYN Sweep [ bingung dengan istilah ilmiah diatas siapkan kamus anda lalu search digoogle ]
sebagai tools awal saya menggunakan backtrack [ slackware ] dengan Flat 3G
misal target anda :
www.jasakom.com
bt ~ # nmap -v sS -O www.jasakom.com
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-29 07:15 GMT
Failed to resolve given hostname/IP: sS. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Initiating Parallel DNS resolution of 1 host. at 07:15
Completed Parallel DNS resolution of 1 host. at 07:15, 0.91s elapsed
Initiating System CNAME DNS resolution of 1 host. at 07:15
Completed System CNAME DNS resolution of 1 host. at 07:15, 0.40s elapsed
Initiating SYN Stealth Scan at 07:15
Scanning web115.discountasp.net (216.177.77.9) [1697 ports]
Discovered open port 21/tcp on 216.177.77.9
Discovered open port 80/tcp on 216.177.77.9
Discovered open port 25/tcp on 216.177.77.9
Discovered open port 443/tcp on 216.177.77.9
Increasing send delay for 216.177.77.9 from 0 to 5 due to 11 out of 29 dropped probes since last increase.
SYN Stealth Scan Timing: About 9.93% done; ETC: 07:20 (0:04:32 remaining)
Stats: 0:00:43 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 14.81% done; ETC: 07:19 (0:03:37 remaining)
Stats: 0:00:59 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 21.71% done; ETC: 07:19 (0:03:14 remaining)
Stats: 0:01:31 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 34.08% done; ETC: 07:19 (0:02:46 remaining)
Stats: 0:01:33 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 34.87% done; ETC: 07:19 (0:02:43 remaining)
Stats: 0:01:36 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 35.50% done; ETC: 07:19 (0:02:44 remaining)
Stats: 0:02:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 49.70% done; ETC: 07:19 (0:02:00 remaining)
Discovered open port 8080/tcp on 216.177.77.9
Discovered open port 1027/tcp on 216.177.77.9
Stats: 0:03:26 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 85.89% done; ETC: 07:19 (0:00:32 remaining)
Stats: 0:03:30 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 88.03% done; ETC: 07:19 (0:00:27 remaining)
Stats: 0:03:53 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 96.62% done; ETC: 07:19 (0:00:07 remaining)
Stats: 0:04:00 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.15% done; ETC: 07:19 (0:00:02 remaining)
Stats: 0:04:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.99% done; ETC: 07:19 (0:00:00 remaining)
Stats: 0:04:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.99% done; ETC: 07:19 (0:00:00 remaining)
Completed SYN Stealth Scan at 07:19, 242.96s elapsed (1697 total ports)
Initiating OS detection (try #1) against web115.discountasp.net (216.177.77.9)
Retrying OS detection (try #2) against web115.discountasp.net (216.177.77.9)
Initiating gen1 OS Detection against 216.177.77.9 at 269.212s
Stats: 0:04:29 elapsed; 0 hosts completed (1 up), 1 undergoing OS Scan
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
Stats: 0:05:08 elapsed; 0 hosts completed (1 up), 1 undergoing OS Scan
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
Host web115.discountasp.net (216.177.77.9) appears to be up ... good.
Interesting ports on web115.discountasp.net (216.177.77.9):
Not shown: 1684 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
554/tcp filtered rtsp
1027/tcp open IIS
8000/tcp filtered http-alt
8080/tcp open http-proxy
Device type: general purpose|web proxy|broadband router|firewall|WAP
Running (JUST GUESSING) : Microsoft Windows NT/2K/XP|2003/.NET (88%), Blue Coat SGOS (87%), Netopia embedded (86%), ZyXel ZyNOS (86%), Linux 1.X (85%), D-Link embedded (85%)
Aggressive OS guesses: Microsoft Windows XP Home Edition (German) SP2 (88%), Microsoft Windows 2003 Server or XP SP2 (88%), Microsoft Windows XP Pro SP2 (88%), BlueCoat SG4 (87%), Microsoft Windows 2003 Server SP1 (86%), Netopia DSL Router (86%), ZyXel ZyWALL 1 firewall (86%), ZyXel Zywall 10W firewall (86%), Linux 1.3.20 (x86) (85%), D-Link DI-774 WAP (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 19 hops
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Busy server or unknown class
OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 360.207 seconds
Raw packets sent: 2050 (94.832KB) | Rcvd: 1908 (89.312KB)
Ada banyak option yang mengatur cara kerja nmap, beberapa yang sering saya gunakan misalnya:
-P0 - tidak melakukan ping ke target, untuk menghindari kita terlihat oleh target.
-f - menggunakan potongan paket kecil-kecil (fragmented) agar sulit di deteksi oleh software
pendeteksi penyusup.
-v - verbose mode, untuk melihat hasil antara proses scan pada layar.
-O - mencoba menebak sistem operasi yang digunakan oleh mesin target.
masih penasaran tentang perintah nmap
bt ~ # man nmap
Itulah dasar pondasi dalam hacking , selanjutnya ada dapat berkreasi untuk mencoba menemukan bug
service tersebut , cari source di www.milw0rm.com dll tergantung kreasi anda selamat mencoba
TUTORIAL NMAP
Sabtu, 21 November 2009
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar