NMap 101: Fun With Firewalls! HakTip 102

Показать описание

Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Shannon Morse shares several commands you can use to evade firewalls and intrusion detection systems on NMap.

Welcome to HakTip -- the show where we breakdown concepts, tools and techniques for hackers, gurus and IT ninjas. I'm Shannon Morse and today we're going to go over evading firewalls in NMap!
Firewalls are put in place because of tools like NMap. NMap has the power to give you a mapping of a network system. You can see everything, from OS versions to open ports. Firewalls and intrusion detection systems are made to prevent NMap and other programs from getting that information. To evade these firewalls, we have several options. Let's take a look.
Type this command: nmap -f 10.73.31.145. Also, you can type: nmap --send-eth -f 10.73.31.145. This command will send smaller 8-byte probes instead of a whole packet. There is also this command: nmap --mtu 8 10.73.31.145. MTU stands for Maximum Transmission Unit, which, although similar to -f, will allow you to specify the transmission. You can use any multiples of 8, so you can change your bytes to 8, 16, 32, 64, etc. I just scanned that target the the --mtu option, and 8-byte packets. You may need to add --send-eth to your command to make it work.
Type this command: nmap -D RND:10 10.73.31.145. This is the decoy option, that lets you scan using multiple decoy IP addresses. NMap will send several packets from several destinations with this command. To the target, it'll look like it's being scanned from several machines all at once, and the one actually doing the attack will be harder to find. You can also specify exact decoys be using this command: nmap -D decoy1,decoy2 RND:10 10.73.31.145.
You may also want to try the Idle Zombie scan, which will exploit an idle system by using it to scan your target. It'll only work if the zombie is actually in an idle state when you run it. This command looks like: nmap -sI 10.73.31.55 10.73.31.145 (where 145 is my target, 55 is my zombie).
Other than specifying the byte size, we can also specify the source port number with: nmap --source-port 54 10.73.31.145. NMap usually picks random ports to send out a probe on. But this will force it to use a specific port. -g will also let you change your source port. We'll be back after this break!
We're back with evading firewalls! Now, lets try this one: nmap --data-length 25 10.73.31.145. This adds random data to probe packets, because some targets look for a specific size of a packet to accept. The size is in bytes and can be any size.
You can also randomize your target scan by using: nmap --randomize-hosts 10.73.31.100-175. This is used to randomize your target scan order. And if you want to spoof a MAC address of an ethernet device, you can use: nmap -sT -PN --spoof-mac 0 10.73.31.145. The 0 means nmap will generate a random MAC address.
Lastly we have sending bad checksums. Use: nmap --badsum 10.73.31.145 to send packets with the incorrect checksums. TCP/IP uses checksums to make sure you are who you say you are. You won't receive anything back though, meaning the system is probably substancially configured right.

-~-~~-~~~-~~-~-
Please watch: "Bash Bunny Primer - Hak5 2225"
-~-~~-~~~-~~-~-
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.

Рекомендации по теме

Комментарии

Very informative! That's why I love watching Hak5! You and Darren are the awesome!

phillipromero

Mrs Richards: "I paid for a room with a view !"
Basil: (pointing to the lovely view) "That is Torquay, Madam."
Mrs Richards: "It's not good enough!"
Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically past?..."
Mrs Richards: "Don't be silly! I expect to be able to see the sea!"
Basil: "You can see the sea, it's over there between the land and the sky."
Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction."
Basil: "Why?! Because Krakatoa's not erupting at the moment?"

fredflintstoner

Thought i would learn nothing, but instead i learnt a lot of things!! TY Hak5

jawbreaker

I think that is the greatest t-shirt I've ever seen in my entire life

temudjin

Use sudo !! to run the previous command as root!!!Good video.

Jgomez

Heads up guys this isnt only used for firewall evasion it can also be used if you have a botnet to attack on an open port of an NFO Server or an OVH Server

GameplayORTutorials

Please make a video on the packet level analysis (wireshark) of the nmap scans so that even if the output looks similar, the difference can be understood....!

nithoshitha

Could you please make a playlist for tutorials to learn Nmap !
Any help is much appreciated !

situdesai

Hi
1. How to show/prove that those port scanning techniques bypassing firewalls? Block ICMP/pings? Thinking compared to for example a normal scan with -sT option, which do not have firewall evasion.
2. How to know for example that they are efficient and effective?

rogtxn

Does the firewall evasion trick works for android mobile too? please let me know, Thanks

charanreddy

I have a question?!
I came across CVE when trying to hacking a website using Nmap (I'm a beginner).... I've watched a lot of videos on what CVE'S are... But there's nothing on how to use it to gain access to the website (hacking it)... Or is the approach wrong? What can I do?

lawalbolaji

Love you my friend always good content and nice shirt

miguitarrayyo

Shannon Morse = Geek Love :) Great shows!

lukeowen

“sudo !!” Will run the last command as sudo

Angry.Hippie

Hi, what is the best hardware firewall for home and small business??

Martin-otxj

Can u please make a video on how we can bypass firewall in windows for port scanning using nmap

harpreetsingh-prhk

Hey Shannon, are you no longer doing the HackTip episodes???

davidr.flores

So I was using nmap against my internet router and Everytime I ran it I would get "All 1000 scanned ports on ***.***.**.* Are in ignored states. Not shown: 1000 filtered tcp ports (no response).

waffle

forget to type "sudo" alot of times, she must be ussually running as root user instead or guest user.. :D

anthoxel

I like this tutorial, amazing as usually.. keep the great job up !!

kirasan

NMap 101: Fun With Firewalls! HakTip 102

NMap 101: Fun With Firewalls! HakTip 102

Nmap Tutorial to find Network Vulnerabilities

AttackDefense.com: Nmap Firewall Challenge

NMap 101: Port Scanning Options, HakTip 98

Nmap - Firewall Evasion (Decoys, MTU & Fragmentation)

#9 Nmap Decoy Scan Bypass Firewalls | What Is Firewall | Bypassing Firewall using Nmap

09 Firewall identification with Nmap

Creating Firewall Rules to Bypass with nmap

Network Scanning - Firewall Detection using nmap

NMap 101: Scanning Networks For Open Ports To Access, HakTip 94

Firewall Evasion with NMAP

Nmap - Firewall Detection (ACK Probing)

Advanced Nmap Bypass Firewall to find open ports & services

Nmap Firewalk Script

by pass firewall by nmap

AVG Internet Security - Firewall Test! Quick Nmap Scan

NMap 101: Scanning Networks Using Alternative Packets, Haktip 95

NMap 101: The Zenmap Interface, HakTip 106

NMap 101: Operating System Detection, Haktip 99

NMAP Scanning-Part 4- Firewall and IDS Evasion techniques

Nmap full tutorial | Nmap bypass firewall | Nmap commands |nmap firewall detection

Nmap Firewall Detection | Bug bounty

NMap 101: NDiff and Your Tips! HakTip 108

nmap advance : detect waf firewall (deep scan)