Ethical Hacking & Penetration Testing Lecture 2
16 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary goal of port scanning in ethical hacking?

  • To exploit vulnerabilities in open ports
  • To conduct a Denial of Service (DoS) attack
  • To create a backdoor for unauthorized access
  • To discover open ports and services listening on them (correct)

Which of the following port scanning tools is known for its speed?

  • Zenmap
  • Rustscan
  • Masscan (correct)
  • Nmap

What happens when a scanner sends a SYN packet to an open port during a TCP SYN port scan?

  • The target sends a RST packet
  • The target ignores the packet
  • The target sends an ICMP type 3 packet
  • The target sends a SYN-ACK packet (correct)

What would an nmap scan return if a port is closed?

<p>Closed (B)</p> Signup and view all the answers

Why is it essential to obtain authorization before conducting a port scan?

<p>To avoid legal issues (D)</p> Signup and view all the answers

What is the purpose of the TCP 3-way handshake?

<p>To establish a connection between two hosts (A)</p> Signup and view all the answers

What happens when a scanner receives a RST-ACK packet during a TCP SYN port scan?

<p>The port is closed (D)</p> Signup and view all the answers

Why is it important to use port scanning tools responsibly?

<p>To avoid legal issues (D)</p> Signup and view all the answers

What type of scan is being performed when an ICMP type 0,1,2,9, or 13 is sent to the target?

<p>ICMP Ping Sweep (A)</p> Signup and view all the answers

What is the purpose of the vulners.nse script in NSE?

<p>To scan for vulnerabilities using the vulners.com database (C)</p> Signup and view all the answers

What is the characteristic of UDP port scanning?

<p>It is connectionless (D)</p> Signup and view all the answers

What is the purpose of the Nmap Scripting Engine (NSE)?

<p>To enable automation of many network tasks with simple scripts (A)</p> Signup and view all the answers

What is the result of a TCP SYN Port Scan when the target does not respond?

<p>The port is filtered (A)</p> Signup and view all the answers

What is the purpose of the payload scanning technique in UDP port scanning?

<p>To craft a datagram to elicit a response from a specific service (B)</p> Signup and view all the answers

What is the name of the Linux netfilter?

<p>All of the above (D)</p> Signup and view all the answers

What is the purpose of the ACK Scan?

<p>To detect firewall rules (A)</p> Signup and view all the answers

Study Notes

Port Scanning

  • Discover open ports and services listening on them
  • Other ways to discover open ports exist, instead of scanning from the attacker's host
  • Scanning can get you blocked if noisy, and it's essential to ensure authorization

Port Scanning Tools

  • Nmap
  • Zenmap (Nmap with GUI)
  • Masscan (Fast)
  • Rustscan
  • hping3
  • In the absence of tools, sometimes rolling your own using Python or PowerShell is possible

TCP 3-Way Handshake

  • SYN packet sent by Host X to Host Y
  • SYN-ACK packet sent by Host Y to Host X
  • ACK packet sent by Host X to Host Y

Open, Closed & Filtered Port

  • An nmap scan returns open, closed, or filtered based on the response
  • TCP SYN Port Scan can determine the port status

TCP SYN Port Scan

  • Used to be considered stealthy
  • Response scenarios:
    • SYN-ACK: open port
    • RST-ACK: closed port
    • ICMP type 3: filtered port
    • ICMP type 0,1,2,9,10 or 13: filtered port
    • no response: filtered port

Firewall

  • Linux netfilter: iptables, nftables, firewalld, ufw
  • Windows: netsh advfirewall

Other TCP Port Scan

  • Connect Scan
  • Xmas Scan
  • NULL Scan
  • FIN Scan
  • ACK Scan
  • Idle Scan

UDP Port Scanning

  • UDP is connectionless, making scans slower and harder
  • Some important services run on UDP (e.g., DNS, DHCP, SNMP, TFTP)
  • Common techniques:
    • Negative scanning (infer open ports based on ICMP unreachable response for closed port)
    • Payload scanning (craft datagram to elicit response from specific service, e.g., DNS)

Other Scanning

  • ICMP (Ping) Sweep: scan large block of IP to discover active hosts in subnet
  • IPv6 Scanning
  • SCTP: provide transport of telephony data over IP

Nmap Scripting Engine (NSE)

  • Powerful and flexible
  • Enables automation of many network tasks with simple scripts
  • Categories of built-in scripts:
    • Auth, DoS, Malware, Broadcast, Exploit, Safe, Brute, External, Vuln, Default, Discovery, Fuzzer, Intrusive

NSE Vulnerability Scanner

  • Vulners.nse script uses the database in vulners.com to scan for vulnerability
  • Other projects exist, such as https://github.com/scipag/vulscan
  • One can write custom NSE script to scan for vulnerability not currently supported by existing scripts

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Learn about port scanning in ethical hacking and penetration testing. This lecture covers the techniques and knowledge required for ethical hacking.

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser