Ethical Hacking

This a guide to use them:- nmap -A is the aggressive option that use os detection , service detection and scripts to determine any and all information on a target. (Not to be used on a target machine on which you have no authorization) nmap -sn tells a which hosts are up and works similar to netdiscover nmap -p  helps us specify port  nmap -F scans first 100 ports  HOW TO OUTPUT A NMAP SCAN  nmap <arguements and ip port etc> >> filename.txt Results in a file as well as displayed on the terminal nmap -oN filename.txt

A few Important Nmap scans are as given below  nmap -sS only first step of the tcp handshake is done which is sending SYN and as a result you are a little undetectable. The target can send back syn/ack which tells the port is open  it can also send rsd which means port is closed if no response then filtered filtered port means either there is a packet filtering firewall or a normal firewall .... nmap -sT Does not require sudo privileges  It performs scan using tcp packets A total 3 way tcp handshake is done   Will remain fingerprints and traces on the target and easily detectable. Can take a little bit longer nmap -sU Since many service on internet run on tcp, udp is mostly ignored. Which can be helpful to us. This scan can be helpful to us but is a bit slow. Requires root privileges To see all other nmap scans see nmap's manual  can be done using man command man nmap A screen grab for the upper command is as given below  As well as port states and other details  TARGET SPECIFICAT

What Is Netdiscover used for? Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending ARP requests. Netdiscover can also be used to inspect your network ARP traffic, or find network addresses using auto scan mode, which will scan for common local networks. Netdiscover uses the OUI table to show the vendor of the each MAC address discovered and is very useful for security checks or in pentests. How to install netdiscover? it can be installed with the following command sudo apt-install netdiscover How to use netdiscover To use netdiscover just simply type sudo netdiscover (It requires root to run) A screen grab from netdiscover is given below  netdiscover takes variety of arguements They are as shown below  and can be seen using  sudo

 Structured Query Language  SQL is used when a database is connected to a site allowing you the capabilities to store,retrieve and search for data. Different users will have different authorization over the access of data.   The most common thing done on sql databases is sql injection. SQL can be used in login pages for a website, the log in information for websites will sent to the server as a form of query and if the information the database will report back to the application. After this the the user permission will be granted by a cookie or an authentication token stored both in the browser and in the server.   The reason a site uses services for sql is that they need to store data somewhere and PIIs(Personally Identidiable Information) such as passwords, messages etc need to be saved.  Some common techniques of sql attack defenses are 1) input validation(compares input against malicious and non malicious preknown inputs) 2) parametrized queries(makes sure sql diffrentiates between

 WHAT IS SMB? There are multiple ways to transfer a file between two hosts (computers) on the same network. One of these protocols is studied in this example, and that is SMB (Server Message Block). This communication protocol provides shared access to files, printers, and serial ports between endpoints on a network. We mostly see SMB services running on Windows machines. During scanning, we will typically see port 445 TCP open on the target, reserved for the SMB protocol. Usually, SMB runs at the Application or Presentation layers of the OSI model, pictured below. Due to this, it relies on lower-level protocols for transport. The Transport layer protocol that Microsoft SMB Protocol is most often used with is NetBIOS over TCP/IP (NBT). This is why, during scans, we will most likely see both protocols with open ports running on the target. We will see this during the enumeration phase Using the SMB protocol, an application (or the user of an application) can access files at a remote ser

WHAT IS FTP? FILE TRANSFER PROTOCOL is a standard protocol used for transfer of computer files from a server to a client on a computer network. It is built on a client server model using separate control connections and data connections between the both of them. FTP IN COMMON TERMS  FTP uses a basic command reply mechanism. The client will connect to the FTP servers on port 21, the port 21 is primarily reserved for ftp connections.   The client will begin a synchronous conversation by sending a command to which the server will reply. If the server replies well it means that the server is ready for the next command. The reply will come in a standardized format. The first 3 numerals on the reply determine the state of the server. If the first digit of the reply is 1,2,3 the reply is good and server is ready or something else which will be indicated by the next 2 digits. If the first digit is 4 or 5 the reply is not good Lets look at some standard replies:- 331 :- send password 23:- logge