NMAP:

nmap -sP 10.81.100.0/24 ==> shows all the PCs running

T = Tcp connect

nmap -sT -p 80,443 10.81.100.0/24

-p = port

See if website on port 80 or 443

 

3 ways handshake TCP client/server:

Client 1/3 syn Server 2/3 syn ack Client 3/3 ack

 

-T = full open scan

-S = stealthy half open [only 2 ways handshake not 3 ways (ack missing). So firewall can or cannot detect] & connection is open.

nmap -sT 10.81.102.122 (scan any single IP address). Shows all the ports open.

RST is reset = end of conversation TCP:

1-syn, 2- syn ack, 3 ack, 4-RST

Manual: man nmap

See which OS is running on a machine:

sudo nmap -O 10.81.102.122

(capital o).

sudo nmap -A 10.81.102.122

Find SSH keys distnace from HOP Os & protocols

sudo nmap -sS -D 10.81.102.128 10.81.102.122

10.81.102.122 is the real PC IP address

10.81.102.128 is a decoy (leurre) IP address.

So there are 2 syn send from client. 1 from decoy PC & 1 from real PC

NMAP Scripting Engine Website vuln (vulnerabilities)

https://nmap.org/nsedoc/categories/vuln.html

Common Vulnerabilities & Exposure

https://www.itpro.tv/

Youtube NetworkChuck channel:

https://www.youtube.com/channel/UC9x0AN7BWHpCDHSm9NiJFJQ

Download a hacked machine (KIOPTRIX) for your tests here:

https://www.vulnhub.com/series/kioptrix,8/

 

 

 

Social Engineering:

Twitter hack in July 2020:

2 infos from NYT & Vice

@a

@b

@ogusers.com

https://ogusers.com/

 

SIM Hijacking

SIM Swapping

Credential Harvester Attack (free tools) see here:

https://medium.com/@kaviru.mihisara/credential-harvester-attack-73335c4a5bb8

See Darknet Diary Podcast episode N°69, see here:

https://darknetdiaries.com/episode/69/

 

Media Access Control MAC

Content Addressable Memory CAM in switches. Not in hub & wifi access.

Wifi access react like hub

Wifi access Version 6 react like switch.

 

 

Scroll Up