Scanning for a Vulnerable Host

108
◾ 
Ethical Hacking and Penetration Testing Guide
As you can see, the id
 
is incremented by 1; this shows us that the host is a potential candidate 
for becoming our zombie and can be used to perform an IDLE scan.
Alternatively, we can use the metasploit auxiliary module for figuring out a good candidate for 
a zombie. In order to use the auxiliary module, we would need to start up the metasploit frame-
work. We will talk about metasploit in more detail in Chapter 7.
From the shell, type “msfconsole” to fire up metasploit. Once metasploit is started, issue the 
following command to load the auxiliary module:
msf> use auxiliary/scanner/ip/ipidseq
Next, you need to set the Rhosts value; you can either specify a range or a single target. Here is 
an example:
For a single host
Set RHOSTS
For a range
Set RHOSTS 192.168.15.1–192.168.15.255
Finally, you need to issue the 
run
 
command in order to finish the process. Here is the screen-
shot of how this would look:

Target Enumeration and Port Scanning Techniques
◾ 
109
Performing an IDLE Scan with NMAP
Now that we have identified a good candidate for our zombie, let’s try performing an IDLE scan 
with nmap. The idle scan can be simply performed by specifying the –sI parameter with nmap, 
followed by the iP of our zombie host and the target that we want to scan against.
Command
:
nmap –sI
Also, one thing that would be worth mentioning here is that while performing an IDLE scan, 
you should also use the –pN option. This will prevent nmap from sending an initial packet from 
your real IP to the target host. Here is another example from the nmap book, which shows the idle 
scan being performed on riaa.com by using a host that belongs to adobe.com.

Yüklə 22,44 Mb.

Dostları ilə paylaş: