brimstone
commented
8 years ago Module 1: Active Reconnaissance, scanning, and introduction to TCP/IP for pen-testers
- Explain common ports < 1024
- Potential attack surface based on open ports/services
- finger printing
- History of NMAP in 1997, Fyodor, Phrack 51
- Analogy of TCP/UDP as apartment complexes
- 80, 25, 139/445
- Picture of IPv4 Header
- Touch on OSI model
- TCP header has an evil bit
- Explain MAC addresses
- OUI
- list of OUI online, is it in nmap source too?
- DE:AD:BE:EF:CA:FE
- Explain IPv4
- 32 bit addresses
- Links as DEC or HEX
- We're running out, reason for IPv6 and NAT
- Explain IPv6
- Explain Classes
- Explain RFC1918
- Explain CIDR notation
- Example: local ifconfig
- Explain ARP
- Explain TCP
- Session based
- 3 way handshake
- Flags
- Explain UDP
- sessionless
- Explain Ports
- 16 bit, 0 to 65535
- <1024 are reserved
- common: 80, 443, 25, 22, 23, 53
- Explain ICMP
- Messages, 8, 0
- ping
- traceroute
- Windows uses ICMP, *nix uses UDP
- List of other tcp/udp protocols
-sTConnect scan- SYN Flooding without RST/ACK
-sSSYN scan- OS Detection
- ACK and Xmas
- Xmas = URG, PSH, FIN
- Linux no response
- Windows RST, ACK
- actual nmap scan examples
- simple host
- udp
- syn vs connect
- nmap defaults
- if root, SYN scan
- if not, Connect scan
- targetting
- wildcards
- range
- CIDR
--exclude <host>-iL <inputfilename>--excludefile <exclude_file>- printers gotta print
-Pn -p-All but 0-PN -p 0-65535All- egadz.metasploit.com
- scanme.nmap.org
https://www.youtube.com/playlist?list=PLZOToVAK85MqWG76p5gUeMtTXSRthCuLr