netdiscover
• ‘an active/passive address reconnaissance tool’
• Using ARP, it detects live hosts on a network.
nmap
• Nmap ("Network Mapper") is a free and open source commandline utility for network exploration or security auditing.
• Extremely powerful.
• Simple use:Nmap –v –A‘v’ for verbosity and ‘A’ for OS/version
Detection
ZenmapNmap, but prettier
• Zenmap is a GUI interface for nmap.• Easily detect OS, Services, TCP
sequences and more with a click or two of a button.
Searching for a vulnerability
• exploitDB – ./searchsploit
• Googling • Conveniently Remote Exploit has
included their exploitDB on backtrack.• Since we have a 2003 server lets
search for 2003 vulnerabilities.– ./searchsploit 2003– ./searchsploit 2k3
Exploring and Testing a written Exploit
• ‘cat’ perfect for viewing• Recognizing shellcode, and how the
exploit runs.• Running the exploit– ./7132.py– Finding the usage
Getting the Shell
• ./7132.py 192.168.1.2 2• Noticing that the exploit prints that
the shell is bound to the server on port 4444.
• Netcat- the tool for everything– nc –v 192.168.1.2 4444
Prevention?
• Keep servers and computers up-to-date and patched.
• Use only services that are necessary, and disable the ones unneeded.
• Using the default settings can be dangerous.
More Information
• NetDiscover- http://nixgeneration.com/~jaime/netdiscover/
• Nmap/Zenmap- http://nmap.org/ • http://www.exploit-db.com/• http://www.metasploit.com/• More on the MS08-067 vulnerability-
MS08-067• Background image for PowerPoint found
at- xshock.de