Penetration Testing with Kali Linux OffSec
nc -nvv -w 1 -z 192.168.50.152 3388-3390
|
|
nc -nvv -w 1 -z 192.168.50.152 3388-3390
(UNKNOWN) [192.168.50.152] 3390 (?) : Connection refused (UNKNOWN) [192.168.50.152] 3389 (ms-wbt-server) open (UNKNOWN) [192.168.50.152] 3388 (?) : Connection refused sent 0, rcvd 0 Listing 52 - Using netcat to perform a TCP port scan Based on this output, we know that port 3389 is open, while connections on ports 3388 and 3390 have been refused. The screenshot below shows the Wireshark capture of this scan. 251 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Intrusion_detection_system 252 (Microsoft, 2010), http://support.microsoft.com/kb/172983 Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 140 Figure 31: Wireshark capture of the Netcat port scan In this capture (Figure 31), Netcat sent several TCP SYN packets to ports 3390, 3389, and 3388 on packets 1, 3, and 7, respectively. Due to a variety of factors, including timing issues, the packets may appear out of order in Wireshark. We’ll observe that the server sent a TCP SYN-ACK packet from port 3389 on packet 4, indicating that the port is open. The other ports did not reply with a similar SYN-ACK packet, and actively rejected the connection attempt via a RST-ACK packet. Finally, on packet 6, Netcat closed this connection by sending a FIN-ACK packet. Now that we have a good understanding of the TCP handshake and have examined how a TCP scan works behind the scenes, let’s cover UDP scanning. Since UDP is stateless and does not involve a three-way handshake, the mechanism behind UDP port scanning is different from TCP. Let’s run a UDP Netcat port scan against ports 120-123 on a different target. We’ll use the only nc option we have not covered yet, -u, which indicates a UDP scan. kali@kali:~$ Yüklə Dostları ilə paylaş:
|