dokucama

User Tools

Site Tools

Trace: security
security

This is an old revision of the document!

NETCAT (NC) NC NOTES 

nc -kl {port}    # for the host to listen on the specified port
nc -v 192.168.2.119 37657 <-- Alternatively we can use telnet 192.168.2.119 37657
nc -z -v -w1 google.es 443

ncat is the version bundled in the nmap bundle
For port scanning: 

nc -v -z -w2 IP 100-200
echo '<14>sourcehost jaime' | nc -v -u -w 1 89.145.95.14 10514 # simulaten syslog client, check destination as there's no 'connected' when dealing with udp

socat can be considered ad advanced version of netcat

NMAP NOTES 

nmap -O 192.168.2.1 <-- To determine the OS (this uses stack fingerprint!. No really open ports are required)
nmap -vv host.target.com    # port scan
nmap -sP 10.0.0.0/24 # will scan the 256 hosts

SCRIPTS: 

nmap --script ssh2-enum-algos 192.168.0.250 -p22  # to sjow all the above algorithms
nmap -sn 10.8.8.150 --script ip-forwarding --script-args='target=www.google.com'  # check the ip is not forwarding (ie: mgmt address shouldn't) see: https://isc.sans.edu/forums/diary/Do+you+have+rogue+Internet+gateways+in+your+network+Check+it+with+nmap/16198/
nmap -sU -p 123 --script ntp-info <IP>
for i in {1..4} ;do (ping -c 1 LDZOOBLL2$i | grep "bytes from" &) ;done    # simple ping sweep
nmap -sU -p53 4.2.2.2/30    # UDP sweep
nmap -Pn -p80 -oG logs/pb-port80scan-%D.gnmap 216.163.128.0/20   # tcp sweep

More information for simple ping tools https://github.com/jotasantos/python-net/tree/main/tools

NMAP IN WINDOWS:

# In C:\Users\me\.ssh\config
## then with 'ssh myhos' I can ssh to panda from wherever I am creating the socks proxy with putty
Host myhost
  User pi
  HostName panda314159.duckdns.org
  ProxyCommand ncat --proxy 127.0.0.1:1080 --proxy-type socks5 %h %p

HPING NOTES: 

hping3 --help
hping3 -S -p 443 -c 3 google.com    # RTT for (web) sites where icpm is filtered (-S is just to set SYN flag)
# volumetric attacks
hping3 --flood --spoof <spoofed-ip> --udp -p 53 <victim-ip>

—-

KALI LINUX
TODO, simulate syn flood attack
https://www.firewall.cx/general-topics-reviews/network-protocol-analyzers/1224-performing-tcp-syn-flood-attack-and-detecting-it-with-wireshark.html

CURIOUS SOURCE PORTS
Not a comprehensive list but source ports are useful to understand what vulnerability has been exploited in the reflection network.

security.1656845639.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki