Differences

This shows you the differences between two versions of the page.

--- security [2022/07/03 11:19] – jotasandoku
+++ security [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 **NETCAT (NC) NC NOTES**
+  # for tcp
   nc -kl {port}    # for the host to listen on the specified port
-  nc -v 192.168.2.119 37657 <-- Alternatively we can use telnet 192.168.2.119 37657
+  nc -zv 19.168.2.119 37657 <-- Alternatively we can use telnet 192.168.2.119 37657
   nc -z -v -w1 google.es 443
+  # for udp. You need to type some text and see if it appears on the receiver
+  nc -luk 192.168.0.112 7777    # listens on UDP
+  nc -uv 192.168.0.112 7777    # opens terminal so we can send datagrams
+  while true; do dd if=/dev/urandom bs=1400 | pv -L 10M | nc 10.80.8.1 4444; done    # to generate traffic. We can omit the pv bit
@@ Line 17: / Line 22: @@
   nmap -O 192.168.2.1 <-- To determine the OS (this uses stack fingerprint!. No really open ports are required)
   nmap -vv host.target.com    # port scan
-  nmap -sP 10.0.0.0/24 # will scan the 256 hosts
+  nmap -sP 10.0.0.0/24 # will scan the 256 hosts for reachability
+  nmap <IP>    # scan for open ports
 SCRIPTS:
@@ Line 41: / Line 47: @@
 ----
 HPING NOTES:
-\\
+[[https://ravi73079.medium.com/attacks-to-be-performed-using-hping3-packet-crafting-98bc25584745]] ; For all flags check [[https://www.kali.org/tools/hping3/|this]]
   hping3 --help
+  hping3 -c 15000 --icmp --flood --rand-source 192.168.100.3    # classical icmp flood
+  hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.100.3  # big flood p80  based. We can set the rate by removing 'flood' and doing '-i u1000'
+  hping3  --fast  -d 0 -L 0 -S -w 64 -p 80  10.68.0.2    # note d 0 is payload (then + 20B TCP + 20B IP)
   hping3 -S -p 443 -c 3 google.com    # RTT for (web) sites where icpm is filtered (-S is just to set SYN flag)
   # volumetric attacks
   hping3 --flood --spoof <spoofed-ip> --udp -p 53 <victim-ip>
+  hping3 --syn --flood <spoofed-ip> --udp -p 53 <victim-ip>    # SYN attack
+  hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source # SYN-flood (datagram 120B)
 ----
@@ Line 52: / Line 64: @@
 **KALI LINUX**\\
   * [[https://www.kali.org/tools/yersinia/|Yersinia]] is tool for L2 attacks
+  * [[https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon|LOIC] : low orbit ion cannon)
   * [[https://www.firewall.cx/general-topics-reviews/network-protocol-analyzers/1224-performing-tcp-syn-flood-attack-and-detecting-it-with-wireshark.html]]
-  *
 ----
 **CURIOUS SOURCE PORTS**
@@ Line 60: / Line 74: @@
 Not a comprehensive list but source ports are useful to understand what vulnerability has been exploited in the reflection network.
   * (19) chargen [[https://www.incibe-cert.es/en/blog/chargen-cyberattacks-based-chargen-protocol|External Link]]
+  * (1985) hsrp

dokucama

User Tools

Site Tools

Differences

Page Tools