Task 4: Explore Various Network Scanning Techniques using Hping3

 

Task 4: Explore Various Network Scanning Techniques using Hping3





Module 03: Scanning Networks
Task 4: Explore Various Network Scanning Techniques using Hping3

Hping2/Hping3 is a command-line-oriented network scanning and packet crafting tool for the TCP/IP protocol that sends
 ICMP echo requests and supports TCP, UDP, ICMP, and raw-IP protocols. Using Hping, you can study the behavior of an 
idle host and gain information about the target such as the services that the host offers, the ports supporting the services,
 and the OS of the target.






sudo su 
toor
cd
hping3 -A Target IP Address -p 80 -c 5 
-p specifies the port to be scanned (here, 80)
hping3 -8 0-100 -S [Target IP Address] -V
In this command, -8 specifies a scan mode ports to be scanned (here, 0-100 -V specifies the verbose mode.
hping3 -F -P -U [Target IP Address] -p 80 -c 5
 -F specifies setting the FIN flag, -P specifies setting the PUSH flag, -U specifies setting the URG flag, 
FIN, PUSH, and URG scan the port on the target IP address. If a port is open on the target, you will not receive a response. If the port is closed, Hping will return an RST response.
hping3 --scan 0-100 -S [Target IP Address]
--scan specifies the port range to scan, 0-100 specifies the range of ports to be scanned, and -S specifies setting the SYN flag.
ICMP scan: hping3 -1 [Target IP Address] -p 80 -c 5
Entire subnet scan for live host: hping3 -1 [Target Subnet] --rand-dest -I eth0
UDP scan: hping3 -2 [Target IP Address] -p 80 -c 5

Hping2/Hping3 is a command-line-oriented network scanning and packet crafting tool for the TCP/IP protocol that sends ICMP echo requests and supports TCP, UDP, ICMP, and raw-IP protocols. Using Hping, you can study the behavior of an idle host and gain information about the target such as the services that the host offers, the ports supporting the services, and the OS of the target.

Here, we will use Hping3 to discover open ports and services running on the live hosts in the target network.

  1. To launch Parrot Security machine, click Parrot Security.

    Screenshot

  2. In the login page, the attacker username will be selected by default. Enter password as toor in the Password field and press Enter to log in to the machine.

    If a Parrot Updater pop-up appears at the top-right corner of Desktop, ignore and close it.

    If a Question pop-up window appears asking you to update the machine, click No to close the window.

    Screenshot

  3. Click the MATE Terminal icon at the top of the Desktop window to open a Terminal window.

    44.jpg

  4. Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.

  5. In the [sudo] password for attacker field, type toor as a password and press Enter.

    The password that you type will not be visible.

  6. Now, type cd and press Enter to jump to the root directory.

    Screenshot

  7. Parrot Terminal window appears. In the terminal window, type hping3 -A [Target IP Address] -p 80 -c 5 (here, the target machine is Windows Server 2016 [10.10.10.16]) and press Enter.

    In this command, -A specifies setting the ACK flag, -p specifies the port to be scanned (here, 80), and -c specifies the packet count (here, 5).

  8. In a result, the number of packets sent and received is equal, indicating that the respective port is open, as shown in the screenshot.

    The ACK scan sends an ACK probe packet to the target host; no response means that the port is filtered. If an RST response returns, this means that the port is closed.

    Screenshot

  9. In the terminal window, type hping3 -8 0-100 -S [Target IP Address] -V (here, the target machine is Windows Server 2016 [10.10.10.16]) and press Enter.

    In this command, -8 specifies a scan mode, -p specifies the range of ports to be scanned (here, 0-100), and -V specifies the verbose mode.

  10. The result appears, displaying the open ports along with the name of service running on each open port, as shown in the screenshot.

    The SYN scan principally deals with three of the flags: SYN, ACK, and RST. You can use these three flags for gathering illegal information from servers during the enumeration process.

    Screenshot

  11. In the terminal window, type hping3 -F -P -U [Target IP Address] -p 80 -c 5 (here, the target machine is Windows Server 2016 [10.10.10.16]) and press Enter.

    In this command, -F specifies setting the FIN flag, -P specifies setting the PUSH flag, -U specifies setting the URG flag, -c specifies the packet count (here, 5), and -p specifies the port to be scanned (here, 80).

  12. The results demonstrate that the number of packets sent and received is equal, thereby indicating that the respective port is open, as shown in the screenshot.

    FIN, PUSH, and URG scan the port on the target IP address. If a port is open on the target, you will not receive a response. If the port is closed, Hping will return an RST response.

    Screenshot

  13. In the terminal window, type hping3 --scan 0-100 -S [Target IP Address] (here, the target machine is Windows Server 2016 [10.10.10.16]) and press Enter.

    In this command, --scan specifies the port range to scan, 0-100 specifies the range of ports to be scanned, and -S specifies setting the SYN flag.

  14. The result appears displaying the open ports and names of the services running on the target IP address, as shown in the screenshot.

    In the TCP stealth scan, the TCP packets are sent to the target host; if a SYN+ACK response is received, it indicates that the ports are open.

    Screenshot

  15. Apart from the aforementioned port scanning and service discovery techniques, you can also use the following scanning techniques to perform a port and service discovery on a target network using Hping3.

    • ICMP scan: hping3 -1 [Target IP Address] -p 80 -c 5

    • Entire subnet scan for live host: hping3 -1 [Target Subnet] --rand-dest -I eth0

    • UDP scan: hping3 -2 [Target IP Address] -p 80 -c 5

  16. This concludes the demonstration of discovering open ports and services running on the live hosts in the target network using Hping3.

  17. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more