108
◾
Ethical Hacking and Penetration Testing Guide
As you can see, the id
is incremented by 1; this shows us that the host
is a potential candidate
for becoming our zombie and can be used to perform an IDLE scan.
Alternatively, we can use the metasploit auxiliary module for figuring out a good candidate for
a zombie. In order to use the auxiliary module, we would need to start up the metasploit frame-
work. We will talk about metasploit in more detail in Chapter 7.
From
the shell, type “msfconsole” to fire up metasploit. Once metasploit is started, issue the
following command to load the auxiliary module:
msf> use auxiliary/scanner/ip/ipidseq
Next, you need to set the Rhosts value; you can either specify a range or a single target. Here is
an example:
For a single host
Set RHOSTS
For a range
Set RHOSTS 192.168.15.1–192.168.15.255
Finally, you need to issue the
run
command in order to finish the process. Here is the screen-
shot of how this would look:
Target Enumeration and Port Scanning Techniques
◾
109
Performing an IDLE Scan with NMAP
Now that we have identified a good candidate for our zombie, let’s try performing an IDLE scan
with nmap. The idle scan can be simply performed by specifying the –sI parameter with nmap,
followed by the iP of our zombie host and the target that we want to scan against.
Command
:
nmap –sI
Also, one thing that would be worth mentioning here is that while performing an IDLE scan,
you should also use the –pN option. This will prevent nmap from sending an initial packet from
your real IP to the target host. Here is another example from the nmap book, which shows the idle
scan being performed on riaa.com by using a host that belongs to adobe.com.
Dostları ilə paylaş: