From manual: -D decoy Causes a decoy scan to be performed, which makes it appear to the remote host that the host(s) you specify as decoys are scanning the target network *too*. It should be mentioned that decoy doesn't really hide your IP; it just makes the target's task difficult to figure out which one of the IPs is doing scanning. Otherwise how would your host receive SYN-ACK.
Most modern IDS, especially one on a firewall you have to traverse, will look at ARP data and see the packets coming from a different host and will either alarm on spoofing or completely block (and alarm). You’re far better off reducing the number of ports scanned (don’t scan all 65,535, only what you need) and going low and slow to evade IDS and SIEM traffic flow detections. Which, also brings up a point, it’s not just firewall IDS you must avoid, there are also the SIEM traffic flow monitors to watch out for and they’re often more sensitive than the firewall based IDS.
ARP data matters only if you scanning in the same network segment. If you're scanning across different networks (ie. from the outside) ARP data will always point to the ingress router port for ALL packets that enter the target network, be it a malicious or regular traffic.
P4nz9R correct, in most of the video they refer to same LAN so I pointed that out. Wildfire will alert on it if the source is on one interface and the dest is on an interface on the same firewall.
It would be great to show proof of purpose and reasons to perform any of this in a real world scenario where networks aren't flat and ports aren't always open. Otherwise, this is just punching in commands just for fun and proving theory. The decoy is exactly what it means, a "decoy". Not to be confused with spoofing which I felt was how it was sold here. The original source still appeared in Wireshark (10.x IP) whether it is changed to random decoys or assigned. It would be great if the video showed port scanning that shows up as closed or filtered, and then show us how to bypass that Firewall/IDS filtered state given the decoy and the fragmentation methods to the point Nmap eventually show an open port by using those methods. Just a suggestion!
Can you further explain why Fragmentation would be useful here? Since what we try to do is a Syn Scan, meaning we dont actually have to have application data encapsulated. Fragmentation leaves the Ethernet and IP/TCP Headers intact for each packet and only fragments aplpication data inside. How would that evade a firewall which only works on IP/TCP level?
Thank you for this video. Please make a new refreshed guide as to installing kali onto a usb as well as testing. I’ve advised my students to be careful due to people forgetting how dangerous testing can be. FYI*
Great video and explenations as always! I am just unsure of 1 thing, why do you write --send-eth on the decoy and fragmenting scan you do? What does --send-eth mean or do?
I am running Kali Linux in the cloud. When I use Wireshark to analyse the nmap output, it has the [PSH] phrase with purple colour coding around it and does not display the output above. Really frustrating!
Hey HackerSploit, can you make a video on how to split and switch between terminals on the kali 2020 which supports this features out of the box without the need of tmux.
If I use the Decoy command with an ip which is in my local network, to be more 'discreet' I also need to change my MAC address? Because the source in Wireshark is my MAC adress.
I have a small doubt, when using Decoy, we can also see your host ip 10.0.0.X along with other Decoy IPs sending SYN probes to the target. Why is that? Is there anyway to completely avoid them?
Depends on the school and the coursework, modern CS programs generally use Java, back when I took it we used C++. Real world, especially in security, we use Python a LOT though Go and Rust are both becoming popular.
I have a generated 8 charset wordlist named by me hackd.txt, my OS is kali rolling 2020 edition so my default Linux password was previously kali, my default username is oc course kali, instead of root. Quotation marks don't appear in terminal when drag and droping a wordlist file into the terminal....so if your kali is an old previous version before 2020 edition version then drag and droped files may show quotation marks on yours, but for me it doesn't. I tried THC Hydra but it only works with small wordlists instead of large long ones. Got any great recommendations that will work crack online web accounts with large generated wordlists? Your vids are very educational and helpful by the way....I noticed.
@hackersploit Hey! I just have a little doubt. Is this whole playlist in the order in which a beginner should learn things. I went through the playlist and certain videos that (i think) are in middle which should be in the beginning. Please help
Why does - -send-eth change the fragmentation size, the manual only says it’s used to send frames instead of packets? Can somebody clarify that for me.
I’ll answer my own question, this happens because nmap only supports fragmentation features on raw packets. So if you don’t specify - -send-eth option it will not fragment those packets because they are IP packets as opposed to layer 2 frames
I doubt this works nowadays as the attacker needs the zombie to send IP packets with predictable ids. And not, that technique is different it uses another computer (the zombie) to scan the target for you. You check the IP's id to know if the zombie has replied to the target, for instance when the target sends back to the zombie a SYN-ACK packet.
Hi sir, I have a doubt. I had asked my friend to give me his IP(both public and private). We both live in different states. When I had searched about the public IP of his network by using whois command, it gave me same info as when I had searched about my public IP address. Why? Then I had switched to his private IP, I got nothing from it but when I searched the entire subnet then I was shocked that it gave me my info (my laptop, mobile, and virtual box), this makes me confused. I was using Nmap.
Hmm i thought when u scan your frnd private IP hmm then u will get nothing from that IP about your frnd because his private IP is work in only his network so for scanning your frnd private ip address u should under your frnd ip address
This is exactly what is so frustrating about trying to learn this stuff. Being a complete novice and just getting started. i find it difficult to understand the piont in spending so much time learning an outdated method of doing things. You say its so important but then in the same video say its basically obsolete. What is the beneficial takeaway of this?
according to nmap docs "Decoys do not work with version detection or TCP connect scan." i dunno how he was successful with the -sV command... i'm able to excute the command with out -sV cmd
Isn't the MTU the Ethernet's payload? If so, when you specify --mtu 24, why it doesn't show as a fragmented packet? the IP header is 20 bytes long (without options) and then you have 20 more bytes of TCP header, which should be cut off into five chunks of 4 bytes. Does anybody know why it didn't work here? BTW nice video ;-)
I will answer myself, I've just seen the nmap manual and the --mtu is applied after the IP header. So, when you use 24 the TCP header (20 bytes long) was complete, but when you use 16 the TCP header was divided into a 16-byte chunk and a 4-byte one.
Just thought I’d let you know man. I tried to press the notification bell but it says I’m unable to because your channel is “for children” ? No idea how that happened but yeah ..
From manual: -D decoy
Causes a decoy scan to be performed, which makes it appear to the remote host that the host(s) you specify as decoys are scanning the target network *too*.
It should be mentioned that decoy doesn't really hide your IP; it just makes the target's task difficult to figure out which one of the IPs is doing scanning. Otherwise how would your host receive SYN-ACK.
HI bro how we can use proxychains with nmap ??
@@iliaschannel3646 Yep but it's pretty slow
Most modern IDS, especially one on a firewall you have to traverse, will look at ARP data and see the packets coming from a different host and will either alarm on spoofing or completely block (and alarm). You’re far better off reducing the number of ports scanned (don’t scan all 65,535, only what you need) and going low and slow to evade IDS and SIEM traffic flow detections.
Which, also brings up a point, it’s not just firewall IDS you must avoid, there are also the SIEM traffic flow monitors to watch out for and they’re often more sensitive than the firewall based IDS.
ARP data matters only if you scanning in the same network segment. If you're scanning across different networks (ie. from the outside) ARP data will always point to the ingress router port for ALL packets that enter the target network, be it a malicious or regular traffic.
P4nz9R correct, in most of the video they refer to same LAN so I pointed that out. Wildfire will alert on it if the source is on one interface and the dest is on an interface on the same firewall.
It would be great to show proof of purpose and reasons to perform any of this in a real world scenario where networks aren't flat and ports aren't always open. Otherwise, this is just punching in commands just for fun and proving theory. The decoy is exactly what it means, a "decoy". Not to be confused with spoofing which I felt was how it was sold here. The original source still appeared in Wireshark (10.x IP) whether it is changed to random decoys or assigned. It would be great if the video showed port scanning that shows up as closed or filtered, and then show us how to bypass that Firewall/IDS filtered state given the decoy and the fragmentation methods to the point Nmap eventually show an open port by using those methods. Just a suggestion!
You are 100% right i try the same thing and it always show our real IP address in Wireshark
yesss more nmap
Hello Sir , I really like your Tutorials, Videos . thank you 🔥🔥🔥🔥
❤️❤️❤️❤️ From INDIA
धन्यवाद 🙏🙏🙏🙏
Can you further explain why Fragmentation would be useful here? Since what we try to do is a Syn Scan, meaning we dont actually have to have application data encapsulated. Fragmentation leaves the Ethernet and IP/TCP Headers intact for each packet and only fragments aplpication data inside. How would that evade a firewall which only works on IP/TCP level?
Yes! I was literally looking for a video like this on your channel this past weekend.
Why did we get two ports opened after using a differnt addresss in 7:00 - 7:57
The vid quality is mad heat congrats man u really deserve it ❤️
He said RST means the port is open. Which is literally the opposite... ._. RST means it's closed.
Just got the notification, took a cup of coffee, enjoying the video and then ..
thanks sir for your support....from india
Thank you for this video. Please make a new refreshed guide as to installing kali onto a usb as well as testing. I’ve advised my students to be careful due to people forgetting how dangerous testing can be. FYI*
thank you very much , good job full of useful information .
Thank you for so much details explained
Thank you ❤️
this is a very helpful video
Great video and explenations as always! I am just unsure of 1 thing, why do you write --send-eth on the decoy and fragmenting scan you do? What does --send-eth mean or do?
I have a question. Since we spoofed the ip, how come we stil receive the response? since the server will send a packet with the fake ip that we used
is there a way to scan a windows 10 host with a firewall because it displays that all ports are filtered
thx bro, how can we get the mac address of the victim with this method, because when there is a firewall it is not easy?
When the host gives you a RST it doesn't mean the port is open... I means it's closed... It literally means "Reset".
Yeah I also thinks the same. RST means port is closed.
I m huge fan sir ❤️❤️❤️❤️😇😇
what is that 10.0.0.4 of? can someone explain? 6:36
I am running Kali Linux in the cloud. When I use Wireshark to analyse the nmap output, it has the [PSH] phrase with purple colour coding around it and does not display the output above. Really frustrating!
Hey HackerSploit, can you make a video on how to split and switch between terminals on the kali 2020 which supports this features out of the box without the need of tmux.
Very nice
Please put the example of bug bounty from starting to finish that how to start how to submit report all
شكرا مقطع جميل جدا اتمنى لك التقدم⚘⚘⚘✋🏻
please make video on IDS and honeypot evasion also!
Why do we use "send eth"?
Thank you.
I dont understanding where are these random ip using RND in decoy scan comming from ?
Sir.Please Make videos of Buffer overflow.
Nice video
what kind of zsh theme you use
Hello, is this how we avoid the filter because only tcp or udp header present on the first fragment?
Can we use list of Decoy IPs ???
Why nano/etc/proxyserver.config showing an empty terminal space
If I use the Decoy command with an ip which is in my local network, to be more 'discreet' I also need to change my MAC address? Because the source in Wireshark is my MAC adress.
No video on webscraping? Hackersploit
What will happen if i put the ip of the scanned machine itself?
Nice
I have a small doubt, when using Decoy, we can also see your host ip 10.0.0.X along with other Decoy IPs sending SYN probes to the target. Why is that? Is there anyway to completely avoid them?
no dude we can't. we should use either a proxy or tor or something to hide our ip.
Which one is good c++ or python....I am a student and looking forward in cs field
Depends on the school and the coursework, modern CS programs generally use Java, back when I took it we used C++. Real world, especially in security, we use Python a LOT though Go and Rust are both becoming popular.
Learn C and python
Hello,... question. What online password attack tool will use long and large generated wordlist without need of proxy.txt file?
I have a generated 8 charset wordlist named by me hackd.txt, my OS is kali rolling 2020 edition so my default Linux password was previously kali, my default username is oc course kali, instead of root. Quotation marks don't appear in terminal when drag and droping a wordlist file into the terminal....so if your kali is an old previous version before 2020 edition version then drag and droped files may show quotation marks on yours, but for me it doesn't. I tried THC Hydra but it only works with small wordlists instead of large long ones. Got any great recommendations that will work crack online web accounts with large generated wordlists? Your vids are very educational and helpful by the way....I noticed.
@hackersploit Hey! I just have a little doubt. Is this whole playlist in the order in which a beginner should learn things. I went through the playlist and certain videos that (i think) are in middle which should be in the beginning. Please help
Why does - -send-eth change the fragmentation size, the manual only says it’s used to send frames instead of packets? Can somebody clarify that for me.
I’ll answer my own question, this happens because nmap only supports fragmentation features on raw packets. So if you don’t specify - -send-eth option it will not fragment those packets because they are IP packets as opposed to layer 2 frames
Sir, Is there any tool like Lazagne that works in Android?
Yh great.
Why your Udemy course are not available now??
is this similar to zombie scan? nmap -Pn -sI
I doubt this works nowadays as the attacker needs the zombie to send IP packets with predictable ids. And not, that technique is different it uses another computer (the zombie) to scan the target for you. You check the IP's id to know if the zombie has replied to the target, for instance when the target sends back to the zombie a SYN-ACK packet.
Yes, ma Babe Is back... LOl
thx
Fabulous
i really wonder what happens when you use 127.0.0.1 as decoy :D
and can you use target IP as decoy?
yes u could use both the loopback and the target IP. It would look like the attacks came from these IPs too along with your real IP.
Hi sir, I have a doubt. I had asked my friend to give me his IP(both public and private). We both live in different states. When I had searched about the public IP of his network by using whois command, it gave me same info as when I had searched about my public IP address. Why?
Then I had switched to his private IP, I got nothing from it but when I searched the entire subnet then I was shocked that it gave me my info (my laptop, mobile, and virtual box), this makes me confused. I was using Nmap.
Hmm i thought when u scan your frnd private IP hmm then u will get nothing from that IP about your frnd because his private IP is work in only his network so for scanning your frnd private ip address u should under your frnd ip address
This is exactly what is so frustrating about trying to learn this stuff. Being a complete novice and just getting started. i find it difficult to understand the piont in spending so much time learning an outdated method of doing things. You say its so important but then in the same video say its basically obsolete. What is the beneficial takeaway of this?
It's possible you still if it's part of your career you will run across old systems,
@@paultidwell8799 the more and more people turn to the cloud. The less and less likely this is unfortunately.
Macbook air 2017 is good for hacking aur not ????
Alexis man..!!! i love you..!!!
finally! been waiting for this for so long!
Why were you waiting?🤔
@@prakharmishra3000 thats because he would make one on this topic and he is pretty much the best teacher there is on you tube on ethical hacking
@@lonedragon255 you were waiting for this topic or a video from this channel?
If you were waiting for this topic, why
@@prakharmishra3000 was waiting for the topic... im learning offensive security on my own as of right now. this channel has helped me a lot
Sir make tutorials about pwncat
Thanks bro
Why do you use Linux?
less resource intensive, open source, and Kali provides several pre-installed tools for vulnerability scanning, exploitation, etc.
Please,
Make a video on javascript.
I think it's hackersploit, not freecodecamp.
There's a good video on freecodecamp (3-4)hours, full course, no ads go watch it.
he said we can find out which ip is a admin on a certain network using wireshock, how?
Make video on owasp top 10 or sans 25 series.
Please make a tutorial on ss7
random decoy doesnt work for me. is anyone getting the same error?
according to nmap docs
"Decoys do not work with version detection or TCP connect scan."
i dunno how he was successful with the -sV command... i'm able to excute the command with out -sV cmd
Kali is not running properly in virtualbox
images.offensive-security.com/virtual-images/kali-linux-2020.2a-vbox-amd64.ova
Isn't the MTU the Ethernet's payload? If so, when you specify --mtu 24, why it doesn't show as a fragmented packet? the IP header is 20 bytes long (without options) and then you have 20 more bytes of TCP header, which should be cut off into five chunks of 4 bytes.
Does anybody know why it didn't work here?
BTW nice video ;-)
I will answer myself, I've just seen the nmap manual and the --mtu is applied after the IP header. So, when you use 24 the TCP header (20 bytes long) was complete, but when you use 16 the TCP header was divided into a 16-byte chunk and a 4-byte one.
#NotificationSquad
if it doesnt work nowadays why to cover it ?
Just thought I’d let you know man. I tried to press the notification bell but it says I’m unable to because your channel is “for children” ? No idea how that happened but yeah ..
Hello Bro Burpsuite “ full” tutorial gives please thanks bro
Scorpion Hackers - Black Devil oki thank Bro
Bro need android AV evasion video clearly!!!
why dont you write all this up to a forum post aswell and provide link like a good youtuber would?
Hi
Sec c
Coda wilsono help record my lost account
First comments
first view
Are you an Indian?
FIRSTTTT HAHAH
Halp me bro
Nice
Nice