#portscanning

Attacks to be performed using Hping3 and Scapy – Packet Crafting

What is Packet Crafting? When we talk about the packet crafting in network, it means that how we can bypass the filtration of any security device and customise the packets as you want. Here in this tutorial we are going to discuss about hping3 / Scapy tool which mostly used for packet crafting. Packet crafting has following steps: Packet Assembly: Creation of PacketsPacket Editing: Perform…

Got slow portscans on CTF's? You will not believe how much this post will help you!

Aaaaaargh, my port scan take forever to complete! Heard that one before? You should have, it is a common complaint often heard between CTF rookies. Today we are looking into some ways to mitigate slow scans.

Nmap

When looking at the various complaints, Nmap seem to be the culprit. Gamers bash it for being slow and whatnot. Is it that bad? No, it isn’t. It’s all PEBCAK. It’s all about knowing how…

Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure. (more…)

armitage – Red team collaboration tool

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework. (more…)

NMAP – network mapper

My toolbox consists of many tools to support me in my daily work. I got everything from small Python and Ruby scripts to fully fledged tools like Nessus and alike. One of the tools I value the most and the most crucial tool to kick-start the penetration testing process is Nmap. Nmap is an open sourced network mapper for network exploration and security auditing.

Nmap comes with no GUI – it runs…

Use --max-rate to keep your NAT router in check.

Lets say you want to scan 10.0.0.0/8 but you don't want your NAT router to die because of how fast nmap sends out packets. [1]

One way to deal with this is with -T [0-5] or -T paranoid, sneaky, polite, normal, aggressive, and insane.

Contrary to the nmap docs [2], that is waaay too confusing because I don't really know what nmap is doing when I specify -T. Unless, of course, I look at nmap's source, which I don't have the time or skillset for.

Using --max-rate limits the number of packets your computer sends out, which stops my NAT router from sending more than n packets. Here's an example:

nmap --max-rate 50 -p 80 10.0.0.0/8

This will check all IPs in 10.0.0.0/8 for an open TCP port 80, making sure to send no more than 50 packets a second.

[0] This is not going to become a regular thing.

[1] My NAT router has limited memory (8MB) and I'm going to replace it with a shitbox, 2 NICs, and a switch soon.