–
oN rafay.txt
Grepable Format
In Unix-based operating systems, we have a very useful command “grep”, which can search for
specific results such as ports and hosts. With the grepable format, the results are presented with
one host per line.
Example
nmap –sS 192.168.15.1 –oG rafay
Target Enumeration and Port Scanning Techniques
◾
113
This command would save the output into a grepable format, which is one host per line.
The following command will highlight all the ports that are open, which in this case is only
port 80.
XML Format
The XML format is by far the most useful output format in nmap. The reason is that the XML
output generated from nmap can be easily ported over to dradis framework and armitage.
Example
nmap –sS 192.168.15.1 –oX
Advanced Firewall/IDS Evading Techniques
The techniques that we have discussed here are very loud in nature and are often detected by fire-
walls and IDS. Even scan techniques such as XMAS, FIN, and NULL are not that accurate; also,
they don’t work on the Windows operating system, so they have a limited advantage over firewalls
and IDS.
In this section, we will discuss some of the techniques that can be used to evade firewall detec-
tion. There is no universal method to do this; it’s all based on trial and error. Thus, methods could
work on some firewalls/IDS but fail with others. It all depends upon how strong the rule sets are.
The Nmap book discusses a wide variety of techniques that could be used to get past firewalls.
We will now briefly look at some of them:
◾
Timing technique
◾
Fragmented packets
114
◾
Ethical Hacking and Penetration Testing Guide
◾
Source port scan
◾
Specifying an MTU
◾
Sending bad checksums
Dostları ilə paylaş: |