EvilZone

Hacking and Security => Beginner's Corner => : blackrat September 24, 2015, 07:08:54 PM

: What to look for in a nmap scan ?
: blackrat September 24, 2015, 07:08:54 PM

Hello i am woundering what to look for in a nmap scan (What do you guys look for). I like to belive that i have an understanding of networks in general and nmap. I have read the tutorial on nmap on their website. And i know that i should look for open ports and services. But is there anything in particular that i should look for first. Srry for bad english not my native :)

Thanks.

: Re: What to look for in a nmap scan ?
: blindfuzzy September 24, 2015, 07:10:22 PM

: blackrat  September 24, 2015, 07:08:54 PM

Hello i am woundering what to look for in a nmap scan (What do you guys look for). I like to belive that i have an understanding of networks in general and nmap. I have read the tutorial on nmap on their website. And i know that i should look for open ports and services. But is there anything in particular that i should look for first. Srry for bad english not my native :)

Thanks.

Use Google. Find a list of services-of-interest.

: Re: What to look for in a nmap scan ?
: white-knight September 24, 2015, 08:01:10 PM

Basically you want to scan the network to see what machines have what ports open and what services are running on the open ports & what operating system the machine is running .

You want to find what versions of the services that are running, then you can move on further .

So if you find say a old version of FTP, SMB ,SSH and so on then you can google to see what exploits are available for that version of the service.

You can also google the port that is open for know vulnerabilities    http://www.enigmagroup.org/exploits/rport/135/

There are also lots on nmap scripts to help gather more information in the usr/share/nmap/scripts  directory ..  https://nmap.org/nsedoc/

The more information you gather the more luck you will have finding a vulnerability.

: Re: What to look for in a nmap scan ?
: proxx September 26, 2015, 01:06:02 AM

White-knight pretty much said it.
Be sure to check the uncommon ports, often forgotten , Nmap doesn't scan for them by default , mostly because it takes forever.
If you combine that with a fingerprint scan you might be suprised how frequent you can find stuff that is 'put away'.
Also most people seem to pretend that UDP does not exist, all they ever talk about is somewhere TCP and up, there many interesting protocols running UDP, they are harder to scan though.

: Re: What to look for in a nmap scan ?
: x41r3d October 05, 2015, 04:22:12 AM

do nmap -sV http://targeturl.com. that will give you output of ports, services and their version number.

after that search these services + version numbers in exploit-db etc.

: Re: What to look for in a nmap scan ?
: lolwut October 05, 2015, 10:11:05 AM

The main thing is to look at what ports are open, and what ports are not open.

This can give you an idea of what sort of person has configured the machine - if it seems that FTP, SSH, TELNET are all open on one internet facing machine on a interesting target you might either have an extremely incompetent admin or more likely looking at a honeypot.

: Re: What to look for in a nmap scan ?
: ram1r3z0 October 07, 2015, 09:34:39 PM

It depends what you are looking.
The start
nmap -sV -O target
is good one