NMap 101: Fun With Firewalls! HakTip 102
ฝัง
- เผยแพร่เมื่อ 12 มิ.ย. 2014
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Shannon Morse shares several commands you can use to evade firewalls and intrusion detection systems on NMap.
Welcome to HakTip -- the show where we breakdown concepts, tools and techniques for hackers, gurus and IT ninjas. I'm Shannon Morse and today we're going to go over evading firewalls in NMap!
Firewalls are put in place because of tools like NMap. NMap has the power to give you a mapping of a network system. You can see everything, from OS versions to open ports. Firewalls and intrusion detection systems are made to prevent NMap and other programs from getting that information. To evade these firewalls, we have several options. Let's take a look.
Type this command: nmap -f 10.73.31.145. Also, you can type: nmap --send-eth -f 10.73.31.145. This command will send smaller 8-byte probes instead of a whole packet. There is also this command: nmap --mtu 8 10.73.31.145. MTU stands for Maximum Transmission Unit, which, although similar to -f, will allow you to specify the transmission. You can use any multiples of 8, so you can change your bytes to 8, 16, 32, 64, etc. I just scanned that target the the --mtu option, and 8-byte packets. You may need to add --send-eth to your command to make it work.
Type this command: nmap -D RND:10 10.73.31.145. This is the decoy option, that lets you scan using multiple decoy IP addresses. NMap will send several packets from several destinations with this command. To the target, it'll look like it's being scanned from several machines all at once, and the one actually doing the attack will be harder to find. You can also specify exact decoys be using this command: nmap -D decoy1,decoy2 RND:10 10.73.31.145.
You may also want to try the Idle Zombie scan, which will exploit an idle system by using it to scan your target. It'll only work if the zombie is actually in an idle state when you run it. This command looks like: nmap -sI 10.73.31.55 10.73.31.145 (where 145 is my target, 55 is my zombie).
Other than specifying the byte size, we can also specify the source port number with: nmap --source-port 54 10.73.31.145. NMap usually picks random ports to send out a probe on. But this will force it to use a specific port. -g will also let you change your source port. We'll be back after this break!
We're back with evading firewalls! Now, lets try this one: nmap --data-length 25 10.73.31.145. This adds random data to probe packets, because some targets look for a specific size of a packet to accept. The size is in bytes and can be any size.
You can also randomize your target scan by using: nmap --randomize-hosts 10.73.31.100-175. This is used to randomize your target scan order. And if you want to spoof a MAC address of an ethernet device, you can use: nmap -sT -PN --spoof-mac 0 10.73.31.145. The 0 means nmap will generate a random MAC address.
Lastly we have sending bad checksums. Use: nmap --badsum 10.73.31.145 to send packets with the incorrect checksums. TCP/IP uses checksums to make sure you are who you say you are. You won't receive anything back though, meaning the system is probably substancially configured right.
And that's it for evading firewalls! What would you like to see next about NMAP? Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
![[TH] VCT Pacific Stage 2 - Week 4 Day 3 // GEN vs TS | PRX vs ZETA](http://i.ytimg.com/vi/nspkjQuZve0/mqdefault.jpg)
Very informative! That's why I love watching Hak5! You and Darren are the awesome!
I like this tutorial, amazing as usually.. keep the great job up !!
Thank for the upload!
great walls of fire!
Shannon Morse = Geek Love :) Great shows!
Thought i would learn nothing, but instead i learnt a lot of things!! TY Hak5
lol.... learnt
quite useful, thanks shannon...
This was a great video :D
Great video!!!
i love this channel
thanks snubs
Gaveen Prabhasara .
Where did you get that tee?
Yeah I want one!
David Biglin Jesse Esquibel I got it from a Yahoo! hackathon that I performed at.
Shannon Morse I was about,to,ask,were u got the shirt , thankfully I,looked,at the comments.
Cool vid! cheers
Thankyou for useful information
Mrs Richards: "I paid for a room with a view !"
Basil: (pointing to the lovely view) "That is Torquay, Madam."
Mrs Richards: "It's not good enough!"
Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically past?..."
Mrs Richards: "Don't be silly! I expect to be able to see the sea!"
Basil: "You can see the sea, it's over there between the land and the sky."
Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction."
Basil: "Why?! Because Krakatoa's not erupting at the moment?"
Great video
Heads up guys this isnt only used for firewall evasion it can also be used if you have a botnet to attack on an open port of an NFO Server or an OVH Server
I think that is the greatest t-shirt I've ever seen in my entire life
I think it’s interesting how nicotinic acetylcholine receptors are important to our muscle control but aren’t in our central nervous systems, only in the peripheral nervous system, and how insects have these receptors only in their central nervous systems. It’s also interesting that hallucinations commonly experienced from anticholinergic drugs (which deactivate acetylcholine receptors) include smoking cigarettes that aren’t real, and insects all over everything, sometimes covering one’s entire view. Thankfully, perhaps, these experiences often seem accompanied by a strong sense that there’s nothing strange or disturbing about them.
@@nightshadegatito Quite interesting, I didn't know that.
A t-shirt that is very well filled..
For making your own hacking software would a, function prop routine/co work as a prop base for commands?
Use sudo !! to run the previous command as root!!!Good video.
its great thank you
Relllyyy good chennel & good contacts well job😌
Could you please make a playlist for tutorials to learn Nmap !
Any help is much appreciated !
Thank you
Please make a video on the packet level analysis (wireshark) of the nmap scans so that even if the output looks similar, the difference can be understood....!
Love you my friend always good content and nice shirt
Is your shirt from hak5?
Thanks dear
The zombie scan works if :
_ the zombie is not communicating with anyone (so that the IPID is not incremented)
_ it should be trusted by the firewall rules of the target
So quite and smart
Any idea if echo can be turned off in CryptCat? Would be cool if the senders text only showed to the receiver. Kinda like encrypted cisco pw's.
I have a question?!
I came across CVE when trying to hacking a website using Nmap (I'm a beginner).... I've watched a lot of videos on what CVE'S are... But there's nothing on how to use it to gain access to the website (hacking it)... Or is the approach wrong? What can I do?
Nice
i love her to much
Can u please make a video on how we can bypass firewall in windows for port scanning using nmap
Hi, what is the best hardware firewall for home and small business??
Hi
1. How to show/prove that those port scanning techniques bypassing firewalls? Block ICMP/pings? Thinking compared to for example a normal scan with -sT option, which do not have firewall evasion.
2. How to know for example that they are efficient and effective?
The stuff shown here is more on decreasing the byte size of packets sent and randomizing the sources of the packets sent. This helps in IDS evasion especially the smaller packet size. Firewall bypass, not so much. On dealing with Machines look for their Web App interfaces and try finding SSRF's to connect to internal hosts.
Yeah i also agree that „Firewall Bypassing“ was the wrong used term there to give the n00bs a good feeling. Cause let‘s be honest: There are Man-Pages where you can read that same information from, okay not a beautiful Lady explains you the things but the Information is there.
How did u make this video? The screen and people together.
Does the firewall evasion trick works for android mobile too? please let me know, Thanks
Hak5 hey I am a noob so can u plz tell me about this packets that u were sending the target what do they contains
thanks
You´re target have to be in the same network or?
“sudo !!” Will run the last command as sudo
Yes
love u
what is best firewall software for pc ?
Shannon is hella bae!!...
I am in a little of a problem here and need your advise, please. I have forgotten or lost the User and Password of a SonicWall for one of my Clients and was wondering if you can direct me in the right direction? Hak5 you Rock!!!!!!!
Heyy can we get evading firewall with Nmap , updated version or a session on ,The story of Michael and Demetris evading a firewall with Nmap scan.
So I was using nmap against my internet router and Everytime I ran it I would get "All 1000 scanned ports on ***.***.**.* Are in ignored states. Not shown: 1000 filtered tcp ports (no response).
Hacked this video! :D shot a load while watching it.
❤
Host based firewall
yeah ok, but any tips on how to find zombies? and would be interesting to see what happens on firewall log of the victim machine while you re scanning
sudo !!
what r u using ? linux ?
does anytone now any attacts
Hey Shannon, are you no longer doing the HackTip episodes???
Dont worry i watched this for educational purposes.
you make the fire wall really hot
do you guys have hacker course for beginners
Shannon do you know about termux
Are u running this commands on nmap in linux or etc..where exactly
You just run it in your normal Terminal and yes it linux. You can run the nmap command without going into a nmap folder location if that is what you're asking
What OS is this based on? I use nmap on windows would this work on that platform?
Simsy learn Linux. 99% of the tools are on Linux.
I like playing with fireballs
How to stop tracking cookies? Shannon,please?
How to find target machine
"Different version of Linux" - What distro are you running?
Mint
cntrl + a > left arrow ;) @ 2:43
How to divert attacks on the network - place Shannon at the gateway - those eyes! I apologise, I don't mean to demean or detract from your skills, or come across as sexist, but I have to look at your neck when I watch these vids or I on't take anything on board. If it helps, great channel. Subscribed
Hi could you help me to find my exter routers IP address? Because the man who changes my IP address he didn't give me that now I have trouble with changing password. Please help to find address.
Fleeeeex....time to have haaaaacks
forget to type "sudo" alot of times, she must be ussually running as root user instead or guest user.. :D
+Anthox Lind el Or neither, and just doesn't need to run sudo a lot. - Shannon
+Hak5 ouch
!!...you shot me down.... !! I hit the ground... !! that awful sound.... !! ....... expand the previously executed command (Bashy Sinatra) (damn, I love !!. Just discovered it two weeks ago. Sweet.)
I # out of habit now, saves time
just a really noobie question but how do you figure out your targets ip ? and what is you target ? the "Computer" or the network ? kinda confused
thanks
Either one can be your target. I found out what my targets are by nmaping 10.73.31.0/24 which would be my whole network and just looking for an interesting target to use for my examples.
find what you default gateway is of the network. Once you find that out, finding other IP's are a breeze. Always try nmap -Pn "ip" if you having trouble
How can one be so perfect
simppp
@@bingovalue simp will win
Yusuf Saka lmao
Jumbo yum-yums
Nice opzz. 😁🤣🤣
Your tutorial is remarkable really i haave learned!!! and im really thankful to you . But i have some questions can you help me????? please tell me
Im the boss here 😎
So, in 2019. How effective is this?
What type os os is she using? Is it linux?
Mint Linux
what did she call this - character? tech? 0:58
Tack is the dash.
I just call it hyphen...
its just a linux user thing
Can i hack devices with nmap too?
Forgetting to use sudo on most of those commands.
My problem is how ARE WE SUPPOSED TO KNOW THE TARGETS IP ADDRESSES?
Use a tool like airmon and set the adp. To monitor mode and see what is near you
What you call hyphen, Tack Tack?? Sounds cool though.
If you hate forgetting to prefix 'sudo' every time, you could do what I do if I'm going to su the crap out of a shell and use "sudo bash" then root at will!
(Or just "su" [enter], obv.)
sudo -i works too...or the almighty sudo !!, to expand the previously executed command with "sudo" prepended. FUn fact: in Italy "sudo" means "I'm sweating"....yep.
sudo -s
I'd seed it
This vid is great, but the spiel at the start is a little bit daft. Love you, Shannon, but I don't want to call myself a ninja.
Mam you very cute I really like you and your knowledge mind blowing
Nmap -hcH two jugs.
dam... of course you are married... pass along the Bravo Bravissimo to your hubby for me plz :]
are most of the stuff you teach us actually legal? just wondering. No matter what the answer to this question might be, thank you for teaching us all those fun stuff.
everything is legal when done on your own network or one that you have been given permission to test.
Christopher Marx some ISP dont like DOSing or nmap. not many, but some
this is my dream girl...
apt-get uplove youu success attack my heart wow kkkkk kiss for you## web star
Does this work on windows I'm a noob
Try Zenmap
The answer is yes."Nmap was originally a Linux-only utility,[3] but it was ported to Microsoft Windows, Solaris, HP-UX, BSD variants (including Mac OS X), AmigaOS, and SGI IRIX.[4] Linux is the most popular platform, followed closely by Windows" -Wikipedia Here if you wanna download nmap.org/download.html
How are
I wonder: How many watching this an know already anything about nmap 😅
very intelegent women resprect dshout
NPC #11919 You must be intolerant.
You look like riley reid
nothing worked
amihay landau lol
haaha :D :D :D
Sudo
nice bbs