Showing posts with label Understanding Port and Services tools. Show all posts
Showing posts with label Understanding Port and Services tools. Show all posts

Sunday, June 12, 2022

Network Reconnaissance

Open Port / Service Identification:

In cybersecurity, the term open port refers to a TCP or UDP port number configured to accept packets. In contrast, a port that denies a connection or ignores all packets is a closed port. Port is an integral part of the Internet communication model. All communication over the Internet is exchanged over the port. Each IP address contains two types of ports, a UDP port, and a TCP port, with a specific IP address having up to 65,535 ports each. Internet-dependent services (web browsers, websites, file transfer services, etc.) depend on specific ports to send and receive information. Developers use File Transfer Protocol (FTP) or SSH to run encrypted tunnels between computers and exchange information between hosts.


Once a service runs on a particular port, you cannot run other services on that port. For example, if you start Apache after starting Nginx on port 80, the operation will fail because the port is already in use. Open ports can be compromised if the vulnerability exploits legitimate services or malware or social engineering introduces malicious services into the system. Cybercriminals can use these services with open ports to gain unauthorized access to sensitive data. Closing unused ports reduce the number of attack vectors exposed to your organization and reduce your security risk.


Service identification and system identification:

Service identification and system identification are the third and fourth modules listed in the Information Technology Security Testing section of OSSTMM, respectively. The purpose of these two sections is to list the services running on the TCP or UDP ports that responded in the previous module and identify the target's underlying operating system.


Banner/ version check:

The SMTP banner issued by the mail server did not include the resolved hostname in the server's IP address. The email server responds to connections on port 25 with a text string called an SMTP banner. This string aims to inform the server and the administrator of the information they want to convey to the world. It's good to include the server's name in the SMTP banner to know who the person connecting to using the IP address is talking to. This warning is displayed if the name you provide is not in the same domain as the hostname you get when performing a PTR lookup of the IP address.


For some time, many servers "masked" SMTP banners by replacing letters with asterisks for people outside the network. The logic behind this was often that they didn't want to send information over the network to outsiders for fear of providing them with information that would help them attack the server. The benefits are minimal, and many servers perform banner scans as part of anti-spam, which has a negative cost. If the banner is masked, the tool will display a warning.


Some incoming mail servers may use mismatched or masked banners to indicate potential spam sources in your rating system, but in most cases, it is the only thing that rejects incoming mail. There is no. If you do not have a PTR record, or if the record does not match your hostname, we recommend that you contact your ISP and ask them to set up a reverse (PTR) record that matches your mail server's hostname.


Traffic probe:

In telecommunications, a probe is typically an action or object used to learn the state of a network. For example, send an empty message to see if the target exists. Ping is a standard utility for sending such probes. A probe is a program or other device inserted into a critical point on your network to monitor or collect data about network activity. From the perspective of computer security on the network, probes are attempts to access a computer and its files through known or possible vulnerabilities in the computer system.


Understanding Port and Services tools:

Datapipe - Datapipe has established partnerships with technology companies. Datapipe provides application management, hosting, professional, and security services for medium to large enterprises.

Fpipe - FPipe natively implements port redirection technology on Windows. It also supports User Datagram Protocol (UDP), which Datapipe does not have. FPipe does not require support DLLs or privileged user access. However, it only runs on NT, 2000, and XP platforms.

WinRelay - WinRelay is another Windows-based port redirection tool. It and FPipe share the same functionality, including the ability to define static source ports for redirected traffic. Therefore, it can be used compatible with FPipe on any Windows platform.


Network Reconnaissance:

Network reconnaissance is a term used to test for potential vulnerabilities in computer networks. This may be a legitimate activity by the network owner/operator trying to protect it or apply its terms of use. It can also be a precursor to external attacks on your network.

Nmap - Nmap is a network scanner developed by Gordon Lyon. Nmap is used to discover hosts and services on your computer network by sending packets and analyzing the response. Nmap provides many features for inspecting your computer networks, such as host discovery and service and operating system discovery.

THC-Amap - Amap is an excellent tool for determining which applications listen on a particular port. Their database isn't as extensive as Nmap uses for version detection, but it's worth it if you get a second opinion or Nmap isn't discovering the service. Amap also knows how to parse the Nmap output file. This is another valuable tool from the great people of THC.


Network Sniffers and Injection tools:

A network sniffer is a tool for monitoring the flow of data packets on your computer network. They are also known as packet sniffing, network analyzer, packet analyzer, gossip, or network probe. Network sniffing can also be performed on a hardware device or another software program. It is primarily used to evaluate network traffic and data packets.

· TCPdump - tcpdump is a computer program for data network packet analysis that runs on the command-line interface. This allows users to view TCP / IP and other packets sent and received over the computer's network. tcpdump is distributed under the BSD license and is free software.

· Windump - WinDump is the Windows version of tcpdump, a command-line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to monitor, diagnose, and dump network traffic to disk according to various complex rules. It can be run on Windows 95, 98, ME, NT, 2000, XP, 2003, and Vista. WinDump captures using the WinPcap library and drivers that you can download for free from the WinPcap.org website. WinDump supports 802.11b / g wireless capture and troubleshooting via the Riverbed AirPcap adapter. WinDump is free and released under the BSD-style license.

· Wireshark - Wireshark is a free open-source packet analyzer. It is used for network troubleshooting, analysis, software and communication protocol development, and training. Originally called Ethereal, the project was renamed Wireshark in May 2006 due to brand issues.

· Ettercap - Ettercap is a free open source network security tool for man-in-the-middle attacks on your LAN. It can be used for computer network log analysis and security audits. It works on various Unix-like operating systems such as Linux, Mac OS X, BSD, Solaris, and Microsoft Windows.

· Hping - Hping is an open-supply packet generator and analyzer for the TCP/IP protocol created with the aid of using Salvatore Sanfilippo (additionally called Antirez). It is one of the not unusual place gear used for safety auditing and checking out of firewalls and networks, and become used to take advantage of the idle test scanning technique (additionally invented with the aid of using the hping author), and now carried out with inside the Nmap Security Scanner. The new edition of hping, hping3, is scriptable using the Tcl language and implements an engine for a string-based, human-readable description of TCP/IP packets so that the programmer can write scripts associated with low stage TCP/IP packet manipulation and evaluation in a brief time.

· Kismet - Kismet is a community detector, packet sniffer, and intrusion detection gadget for 802.11 Wi-Fi LANs. Kismet will paintings with any Wi-Fi card, which helps uncooked tracking mode, and may sniff 802.11a, 802.11b, 802.11g, and 802.11n traffic. The application runs below Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The customer can also run on Microsoft Windows, although, other than outside drones (see below), the simplest one supported Wi-Fi hardware to be had as packet supply. Distributed below the GNU General Public License, Kismet has unfastened software.


Injection Tools:

This is a list of the best and most popular SQL injection tools:

· SQLMap - Automatic SQL Injection And Database Takeover Tool

· jSQL Injection - Java Tool for Automatic SQL Database Injection

· BBQSQL - A Blind SQL Injection Exploitation Tool

· NoSQLMap - Automated NoSQL Database Pwnage

· Whitewidow - SQL Vulnerability Scanner

· DSSS - Damn Small SQLi Scanner

· explo - Human and Machine Readable Web Vulnerability Testing Format

· Blind-Sql-Bitshifting - Blind SQL Injection via Bitshifting

· Leviathan - Wide Range Mass Audit Toolkit

· Blisqy - Exploit Time-based blind-SQL injection in HTTP-Headers(MySQL/MariaDB)

Search Aptipedia