Oblasti, naše knjige

Java, JavaScript, JScript, Perl

C++ Visual C++ C#

Apple - MAC OS X

Visual Basic .NET, VBA, V. Studio

Web design

Android

PHP I MYSQL

Python programiranje

WordPress

AutoCad, ArchiCAD, SolidWorks, Catia, Pro/Engineer

Mašinsko učenje

Access

Animacija

Audio, Multimedia, Video

Baze podataka

Cloud

CSS

Delphi

Digitalna fotografija

Django

E-komerc

ECDL

GOOGLE

Grafika, Dizajn, Štampa

Hardver

Internet

Joomla

jQuery

Mreže

MS Office

Obrada teksta

OFFICE 2013

Programiranje

Raspberry PI

Rečnici

Robotika

Sertifikati

SQL Server

Statistika

Tabele

Telekomunikacije

Unix, Linux

Windows

Windows 7

Windows 8

Zaštita i sigurnost

 

Oblasti, drugi izdavači

Alternativna učenja

Antropologija

Arheologija

Arhitektura

Astrologija

Astronomija

Audio kursevi + knjige

Autobiografija

Automobili

Bajke

Biografija

Biološke nauke

Botanika

Dečije knjige

Dizajn

Domaće pripovetke

Domaći roman

Drama

E-knjiga

Ekologija

Ekonomija

Elektrotehnika

Enciklopedija

Esejistika

Etika

Fantastika

Film

Filologija

Filozofija

Fizika

Fotografija

Geografija

Geologija

Građevinarstvo

Hemija

Hidrotehnika

Hobi

Horor

Humor

Intervju

Istorija

Istorija i teorija književnosti

Istorija umetnosti

Istorijski roman

Knjiga posle posla - Beletristika i ostala izdanja

Knjižare i naše knjige

Književna kritika

Kuvari, hrana i piće

Leksikografija

Lingvistika

Ljubavni roman

logo

Magija

Marketing

Mašinstvo

Matematika

Medicina

Memoari

Menadžment

Modeliranje podataka

Monografija

Muzika

Nagrađivanje knjige

Naučna fantastika

OpenOffice.org

Operativni sistemi

Oracle

Organizacione nauke

Pedagogija

Pisci u medijima

Ples

Poezija

Politika

Poljoprivreda

Popularna medicina

Popularna nauka

Popularna psihologija

Posao

Pozorište

Pravo

Pravoslavlje

Primenjene nauke

Pripovetke

Prirodne nauke

Priručnik

Psihologija

Publicistika

Putopis

Religija

Roman

Satira

Saveti

Slikarstvo

Socijalna mreža - Facebook

Sociologija

Sport

Sport i hobi

Strip

Tableti

Tehnologija

Triler

Turizam

Twitter

Udžbenici

Umetnost

Urbanizam

UX DIZAJN

 

Unix, Linux

 

Kali Linux Network Scanning Cookbook

 

Kali Linux Network Scanning Cookbook

Autor: Justin Hutchens
Broj strana: 452
ISBN broj: 9781783982141
Izdavač: PACKT PUBLISHING
Godina izdanja: 2015.

Pregleda (30 dana / ukupno): 125 / 2786

Predlog za prevod

  • Twitter
  • Facebook
  • Google plus
  • Linkedin
  • Pinterest
  • Email

 

 

About This Book

  • Learn the fundamentals behind commonly used scanning techniques
  • Deploy powerful scanning tools that are integrated into the Kali Linux testing platform
  • A step-by-step guide, full of recipes that will help you use integrated scanning tools in Kali Linux, and develop custom scripts for making new and unique tools of your own

Who This Book Is For

"Kali Linux Network Scanning Cookbook" is intended for information security professionals and casual security enthusiasts alike. It will provide the foundational principles for the novice reader but will also introduce scripting techniques and in-depth analysis for the more advanced audience. Whether you are brand new to Kali Linux or a seasoned veteran, this book will aid in both understanding and ultimately mastering many of the most powerful and useful scanning techniques in the industry. It is assumed that the reader has some basic security testing experience.

What You Will Learn

  • Develop a network-testing environment that can be used to test scanning tools and techniques
  • Understand the underlying principles of network scanning technologies by building custom scripts and tools
  • Perform comprehensive scans to identify listening on TCP and UDP sockets
  • Examine remote services to identify type of service, vendor, and version
  • Evaluate denial of service threats and develop an understanding of how common denial of service attacks are performed
  • Identify distinct vulnerabilities in both web applications and remote services and understand the techniques that are used to exploit them

In Detail

Kali Linux Network Scanning Cookbook will introduce you to critical scanning concepts. You will be shown techniques associated with a wide range of network scanning tasks that include discovery scanning, port scanning, service enumeration, operating system identification, vulnerability mapping, and validation of identified findings. You will learn how to utilize the arsenal of tools available in Kali Linux to conquer any network environment. You will also be shown how to identify remote services, how to assess security risks, and how various attacks are performed. This immersive guide will also encourage the creation of personally scripted tools and the development of skills required to create them.

 

 

Read an extract of the book

UDP scanning with Scapy

Scapyis a tool that can be used to craft and inject custom packets into a network. In this specific recipe, Scapy will be used to scan for active UDP services. This can be done by sending an empty UDP packet to destination ports and then identifying the ports that do not respond with an ICMP port-unreachable response.

Getting ready

To use Scapy to perform UDP scanning, you will need to have a remote system that is running network services over UDP. In the examples provided, an instance of Metasploitable2 is used to perform this task. Additionally, this section will require a script to be written to the filesystem using a text editor, such as VIM or Nano.

How to do it…

Using Scapy, we can quickly develop an understanding of the underlying principles behind how UDP scanning works. To positively confirm the existence of a UDP service on any given port, we will need to solicit a reply from that service. This can prove to be very difficult, as many UDP services will only reply to service-specific requests. Knowledge of any particular service can make it easier to positively identify that service; however, there are general techniques that can be used to determine, with a reasonable amount of accuracy, whether a service is running on a given UDP port. The technique that we will use with Scapy is to identify closed UDP ports with ICMP port-unreachable replies. To send a UDP request to any given port, we first need to build layers of that request. The first layer that we will need to construct is the IP layer:

root@KaliLinux:~# scapy Welcome to Scapy (2.2.0) >>> i = IP() >>> i.display() ###[ IP ]###   version= 4   ihl= None   tos= 0x0   len= None   id= 1   flags=    frag= 0   ttl= 64   proto= ip   chksum= None   src= 127.0.0.1   dst= 127.0.0.1   \options\ >>> i.dst = "172.16.36.135" >>> i.display() ###[ IP ]###   version= 4   ihl= None   tos= 0x0   len= None   id= 1   flags=    frag= 0   ttl= 64   proto= ip   chksum= None   src= 172.16.36.180   dst= 172.16.36.135   \options\

To build the IP layer of our request, we need to assign the IP object to the variable i. By calling the display function, we can identify the attribute configurations for the object. By default, both the sending and receiving addresses are set to the loopback address, 127.0.0.1. These values can be modified by changing the destination address, by setting i.dst to be equal to the string value of the address that we wish to scan. On calling the display function again, we see that not only has the destination address been updated, but Scapy also automatically updates the source IP address to the address associated with the default interface. Now that we have constructed the IP layer of the request, we can proceed to the UDP layer:

>>> u = UDP() >>> u.display() ###[ UDP ]###   sport= domain   dport= domain   len= None   chksum= None >>> u.dport 53

To build the UDP layer of our request, we use the same technique that we used for the IP layer. In the example provided, the UDP object was assigned to the u variable. As mentioned previously, the default configurations can be identified by calling the display function. Here, we can see that the default value for both the source and destination ports are listed as domain. As you might likely suspect, this is to indicate the Domain Name System (DNS) service associated with port 53. DNS is a common service that can often be discovered on networked systems. To confirm this, one can call the value directly by referencing the variable name and attribute. This can then be modified by setting the attribute equal to the new port destination value as follows:

>>> u.dport = 123 >>> u.display() ###[ UDP ]###   sport= domain   dport= ntp   len= None   chksum= None

In the preceding example, the destination port is set to 123, which is the Network Time Protocol (NTP) port. Now that we have created both the IP and UDP layers, we need to construct the request by stacking these layers:

>>> request = (i/u) >>> request.display() ###[ IP ]###   version= 4   ihl= None   tos= 0x0   len= None   id= 1   flags=    frag= 0   ttl= 64   proto= udp   chksum= None   src= 172.16.36.180   dst= 172.16.36.135   \options\ ###[ UDP ]###      sport= domain      dport= ntp      len= None      chksum= None

We can stack the IP and UDP layers by separating the variables with a forward slash. These layers can then be set equal to a new variable that will represent the entire request. We can then call the display function to view the configurations for the request. Once the request has been built, it can be passed to the sr1 function so that we can analyze the response:

>>> response = sr1(request) Begin emission: ......Finished to send 1 packets. ....* Received 11 packets, got 1 answers, remaining 0 packets >>> response.display() ###[ IP ]###   version= 4L   ihl= 5L   tos= 0xc0   len= 56   id= 63687   flags=    frag= 0L   ttl= 64   proto= icmp   chksum= 0xdfe1   src= 172.16.36.135   dst= 172.16.36.180   \options\ ###[ ICMP ]###      type= dest-unreach      code= port-unreachable      chksum= 0x9e72      unused= 0 ###[ IP in ICMP ]###         version= 4L         ihl= 5L         tos= 0x0         len= 28         id= 1         flags=          frag= 0L         ttl= 64         proto= udp         chksum= 0xd974         src= 172.16.36.180         dst= 172.16.36.135         \options\ ###[ UDP in ICMP ]###            sport= domain            dport= ntp            len= 8            chksum= 0x5dd2 

This same request can be performed without independently building and stacking each layer. Instead, we can use a single, one-line command by calling the functions directly and passing them the appropriate arguments as follows:

>>> sr1(IP(dst="172.16.36.135")/UDP(dport=123)) ..Begin emission: ...*Finished to send 1 packets.  Received 6 packets, got 1 answers, remaining 0 packets >>>

Note that the response for these requests includes an ICMP packet that has type indicating that the host is unreachable and code indicating that the port is unreachable. This response is commonly returned if the UDP port is closed. Now, we should attempt to modify the request so that it is sent to a destination port that corresponds to an actual service on the remote system. To do this, we change the destination port back to port 53 and then send the request again, as follows:

>>> response = sr1(IP(dst="172.16.36.135")/UDP(dport=53),timeout=1,verbose=1) Begin emission: Finished to send 1 packets.  Received 8 packets, got 0 answers, remaining 1 packets

When the same request is sent to an actual service, no reply is received. This is because the DNS service running on the system's UDP port 53 will only respond to service-specific requests. Knowledge of this discrepancy can be used to scan for ICMP host-unreachable replies, and we can then identify potential services by flagging the nonresponsive ports:

#!/usr/bin/python  import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR)  from scapy.all import * import time import sys  if len(sys.argv) != 4:    print "Usage - ./udp_scan.py [Target-IP] [First Port] [Last Port]"    print "Example - ./udp_scan.py 10.0.0.5 1 100"    print "Example will UDP port scan ports 1 through 100 on 10.0.0.5" sys.exit()  ip = sys.argv[1] start = int(sys.argv[2]) end = int(sys.argv[3])  for port in range(start,end):     ans = sr1(IP(dst=ip)/UDP(dport=port),timeout=5,verbose=0)     time.sleep(1) if ans == None:    print port else:     pass

The provided Python script sends a UDP request to each of the first hundred ports in sequence. In the case that no response is received, the port is identified as being open. By running this script, we can identify all of the ports that don't return an ICMP host-unreachable reply:

root@KaliLinux:~# chmod 777 udp_scan.py root@KaliLinux:~# ./udp_scan.py Usage - ./udp_scan.py [Target-IP] [First Port] [Last Port] Example - ./udp_scan.py 10.0.0.5 1 100 Example will UDP port scan ports 1 through 100 on 10.0.0.5 root@KaliLinux:~ # ./udp_scan.py 172.16.36.135 1 100 53 68 69

A timeout of 5 seconds is used to adjust for latent responses that result from ICMP hostunreachable rate limiting. Even with this rather large response acceptance window, scanning in this fashion can still be unreliable at times. It is for this reason that UDP probing scans are often a more effective alternative.

How it works…

In this recipe, UDP scanning is performed by identifying the ports that do not respond with ICMP port-unreachable responses. This process can be highly time consuming as ICMP port-unreachable responses are often throttled. It can also, at times, be an unreliable approach as some systems do not generate these responses, and ICMP is often filtered by firewalls. An alternative approach is to use service-specific probes that attempt to solicit a positive response.

Authors

Justin Hutchens

Justin Hutchens currently works as a security consultant and regularly performs penetration tests and security assessments for a wide range of clients. He previously served in the United States Air Force where he worked as an intrusion detection specialist, network vulnerability analyst and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He currently holds a Bachelor’s degree in Information Technology and multiple professional information security certifications, to include CISSP (Certified Information Systems Security Professional), OSCP (Offensive Security Certified Professional), eWPT (eLearnSecurity Web-Application Penetration Tester), GCIH (GIAC Certified Incident Handler), CNDA (Certified Network Defense Architect), CEH (Certified Ethical Hacker), ECSA (EC-Council Certified Security Analyst) and CHFI (Computer Hacking Forensic Investigator). He was also the writer and producer of the Packt eLearning video course “Kali Linux - Backtrack Evolved”.

Table of Contents

Chapter 1: Getting Started
Chapter 2: Discovery Scanning
Chapter 3: Port Scanning
Chapter 4: Fingerprinting
Chapter 5: Vulnerability Scanning
Chapter 6: Denial of Service
Chapter 7: Web Application Scanning
Chapter 8: Automating Kali Tools

 

Komentari

 

• Lucky
Jedva cekam ovu knjigu, kad ce u prodaji?

• Kali
Hoce li biti na srpskom?

 

Ostavite komentar Ostavite komentar

 

Preporučujemo

 

Skok u Linux

1. Skok u Linux

Naučite Linux kroz desetine fokusiranih, malih primera, od kojih je svaki dizajniran tako da se nadograđuje na ono što ste već ranije naučili. Ako su vam potrebna specifična rešenja, ova knjiga je za vas.

Cena 990 RSD

Naša cena 900 RSD

Više o knjizi Više o knjizi

 

Red Hat Linux - Zvanični priručnik za korisnike

2. Red Hat Linux - Zvanični priručnik za korisnike

Prihvatite Red Hat Linux kao novu, zanimljivu alternativuWindowsu ili Mac OS-u! U ovom priručniku nalaze se najpotpunije informacije koje mogu zatrebati korisniku - počev od utvrđivanja sistemskih zahteva do konfigurisanja mreže.

Cena 990 RSD

Više o knjizi Više o knjizi

 

Mastering Kali Linux for Web Penetration Testing

3. Mastering Kali Linux for Web Penetration Testing

Master the art of exploiting advanced web penetration techniques with Kali Linux 2016. 2

Predlog za prevod

Više o knjizi Više o knjizi