ICMP traffic might seem to be an unintuitive way of verifying the exploitability of target systems. However, it actually works very well. The single ICMP echo request leaves no trace of exploitation on the target system, and no excessive overhead is required. Also, the custom TTL value of 15 makes it highly unlikely that a false positive will be generated since nearly all systems begin with a TTL value of 128 or higher.
How it works...
by Justin Hutchens, Michael Hixon
Kali Linux Network Scanning Cookbook - Second Edition
- Preface
- Getting Started
- Introduction
- Configuring a security lab with VMware Player (Windows)
- Configuring a security lab with VMware Fusion (macOS)
- Installing Ubuntu Server
- Installing Metasploitable2
- Installing Windows Server
- Increasing the Windows attack surface
- Installing Kali Linux
- Using text editors (Vim and GNU nano)
- Keeping Kali updated
- Managing Kali services
- Configuring and using SSH
- Installing Nessus on Kali Linux
- Reconnaissance
- Discovery
- Introduction
- Using Scapy to perform host discovery (layers 2/3/4)
- Using Nmap to perform host discovery (layers 2/3/4)
- Using ARPing to perform host discovery (layer 2)
- Using netdiscover to perform host discovery (layer 2)
- Using Metasploit to perform host discovery (layer 2)
- Using hping3 to perform host discovery (layers 3/4)
- Using ICMP to perform host discovery
- Using fping to perform host discovery
- Port Scanning
- Introduction
- UDP port scanning
- TCP port scanning
- Port scanning with Scapy (UDP, stealth, connect, and zombie)
- Port scanning with Nmap (UDP, stealth, connect, zombie)
- Port scanning with Metasploit(UDP, stealth, and connect)
- Port scanning with hping3 (stealth)
- Port scanning with DMitry (connect)
- Port scanning with Netcat (connect)
- Port scanning with masscan (stealth)
- Fingerprinting
- Introduction
- Banner grabbing with Netcat
- Banner grabbing with Python sockets
- Banner grabbing with DMitry
- Banner grabbing with Nmap NSE
- Banner grabbing with Amap
- Service identification with Nmap
- Service identification with Amap
- Operating system identification with Scapy
- Operating system identification with Nmap
- Operating system identification with xprobe2
- Passive operating system identification with p0f
- SNMP analysis with Onesixtyone
- SNMP analysis with SNMPwalk
- Firewall identification with Scapy
- Firewall identification with Nmap
- Firewall identification with Metasploit
- Vulnerability Scanning
- Introduction
- Vulnerability scanning with the Nmap Scripting Engine
- Vulnerability scanning with MSF auxiliary modules
- Creating scan policies with Nessus
- Vulnerability scanning with Nessus
- Vulnerability scanning with OpenVAS
- Validating vulnerabilities with HTTP interaction
- Validating vulnerabilities with ICMP interaction
- Denial of Service
- Introduction
- Fuzz testing to identify buffer overflows
- Remote FTP service buffer-overflow DoS
- Smurf DoS attack
- DNS amplification DoS attacks
- SNMP amplification DoS attack
- SYN flood DoS attack
- Sock stress DoS attack
- DoS attacks with Nmap NSE
- DoS attacks with Metasploit
- DoS attacks with the exploit database
- Working with Burp Suite
- Introduction
- Configuring Burp Suite on Kali Linux
- Defining a web application target with Burp Suite
- Using Burp Suite Spider
- Using Burp Suite Proxy
- Using Burp Suite engagement tools
- Using the Burp Suite web application scanner
- Using Burp Suite Intruder
- Using Burp Suite Comparer
- Using Burp Suite Repeater
- Using Burp Suite Decoder
- Using Burp Suite Sequencer
- Using Burp Suite Extender
- Using Burp Suite Clickbandit
- Web Application Scanning
- Introduction
- Web application scanning with Nikto
- SSL/TLS scanning with SSLScan
- SSL/TLS scanning with SSLyze
- GET method SQL injection with sqlmap
- POST method SQL injection with sqlmap
- Requesting a capture SQL injection with sqlmap
- Automating CSRF testing
- Validating command-injection vulnerabilities with HTTP traffic
- Validating command-injection vulnerabilities with ICMP traffic
- Attacking the Browser with BeEF
- Working with Sparta
- Automating Kali Tools
- Introduction
- Nmap greppable output analysis
- Port scanning with NMAP NSE execution
- Automate vulnerability scanning with NSE
- Automate web application scanning with Nikto
- Multithreaded MSF exploitation with reverse shell payload
- Multithreaded MSF exploitation with backdoor executable
- Multithreaded MSF exploitation with ICMP verification
- Multithreaded MSF exploitation with admin account creation
How it works...
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.