Ethical Hacking Scanning Techniques

Questions and Answers

What is the primary purpose of scanning in ethical hacking?

• To gain unauthorized access to target systems
• To identify potential vulnerabilities and entry points in target systems (correct)
• To map the entire network topology and all connected devices
• To test the speed and bandwidth of the target network

What is the purpose of port scanning?

• To test the firewall configuration of the target system
• To determine what services are running on each server (correct)
• To map the physical layout of the network
• To identify the operating system of the target host

How many available port numbers are there for applications to use on a computer?

• 8,192
• 32,768
• 16,384
• 65,535 (correct)

Which of the following statements about determining the operating system of a target host is NOT true?

Analyzing the network traffic patterns can reliably determine the operating system of the target host (D)

What is the significance of understanding the services running on a target system and the ports they are using?

It helps identify potential vulnerabilities for hacking (C)

What is the purpose of detailed host scanning?

To identify the operating system and available services on the target host (D)

Which of the following tools is mentioned in the lecture for fingerprinting (i.e. to determine OS version and services etc.) the target system?

Nmap (B)

What is the purpose of banner grabbing?

To identify the operating system of the target host (C)

Which of the following statements about scanning is true?

Scanning is crucial for both hacking and protecting systems (D)

What tool was used to find the IP address of the website www.usman.cloud?

nslookup (A)

Based on the lecture, what can be inferred when port 22 (SSH) and port 80 (HTTP) are identified as open?

The server is running both a web server and secure shell services. (D)

Which tool was used to probe port 22 (SSH) to identify the software version running as OpenSSH 8.9?

telnet (C)

What information was obtained by banner grabbing on port 22?

Operating System details (D)

In the context of network security, what does DMZ stand for?

Demilitarized Zone (B)

What type of scanning involves using tools like Burp Suite, and Nessus to detect system weaknesses?

Vulnerability Scanning (A)

Which protocol is commonly used for control messages in networks and includes the ping command for testing network connectivity?

ICMP (A)

Match the network protocol with its primary usage in the context of scanning:

ICMP = Control messages and ping command for network connectivity TCP = Transmission of data in a reliable and ordered manner UDP = Connectionless data transmission without error-checking

Match the following types of scanning with their descriptions:

Network scan = Identifying other computers or servers on the same IP range Port scanning = Determining what services are running on each server Detailed host scanning = Determining the operating system, software versions, and available services on the target host Banner grabbing = Analyzing the banners or responses from a server to gather information about the operating system

Match the following tools with their functions in ethical hacking:

Burp Suite = Detecting system weaknesses Nessus = Detecting system weaknesses nmap = Fingerprinting to identify OS version and services Ping command = Testing network connectivity using control messages in networks

Match the following methods with their purposes in ethical hacking:

Direct banner grabbing = Gathering specific information about the operating system directly from server responses Direct OS identification = Identifying the exact operating system version without guesswork Indirect OS analysis = Deriving clues about the operating system through non-direct methods Detailed host scanning importance = Critical for thorough assessment of target systems including software versions and available services

Study Notes

• Scanning is a crucial phase in ethical hacking to gather information about target systems, networks, or resources like web servers, email servers, file servers, etc.
• It helps identify potential vulnerabilities, entry points, and weaknesses in the system, aiding in both hacking and protecting the system.
• Scanning involves various types such as Network scan to identify other computers or servers on the same IP range and Port scanning to determine what services are running on each server.
• Each computer on a network has an IP address for location and multiple applications running, differentiated by port numbers (65,535 available ports).
• Understanding what services are running on a target system and which ports they are using is crucial to identifying potential vulnerabilities for hacking.
• Detailed host scanning is important to determine the operating system, software versions, and available services on the target host.
• Tools like nmap are used for fingerprinting, which helps in identifying the operating system based on variations in network message responses.
• Indirect ways of determining the operating system include analyzing how the system responds to login attempts, providing clues about the OS in use.
• Banner grabbing is a direct method that involves analyzing the banners or responses from a server to gather information about the operating system.
• Scanning plays a vital role in the overall hacking process, complementing earlier phases like OS int, reconnaissance, and footprinting.- The speaker explains how they conducted an NS lookup to find the IP address of a website, usb.Cloud, and used a DNS tool called dig to gather more information about the DNS.
• By utilizing the nmap command with the IP address, they discovered that ports 22 (SSH) and 80 (HTTP) were open on the network, indicating the presence of a web server and a secure shell for logging into the server.
• They probed port 22 using telnet and identified that the software running was SSH version 2.0, specifically OpenSSH 8.9, providing clues for potential vulnerabilities to exploit.
• The speaker performed banner grabbing on port 22 to determine the operating system (Linux 5.x 2.0) running on the server and confirmed it by using nmap to identify it as Amazon Web Services.
• Through nmap, they also received probabilities of the operating system being Linux 5.x 2.0 based on responses without connecting directly, showcasing advanced reconnaissance techniques.
• In exploring port 80 of the website, they discovered it was running on an Nginx server version 1.18 on Ubuntu Linux through header requests and further research on the web server.
• By utilizing tools like telnet and curl with specific commands, the speaker was able to gather detailed information about the network, services, and operating systems present, demonstrating effective information gathering techniques in ethical hacking.- The speaker discusses using tools like Curl, nmap, talet, and Curl for host scanning and network scanning.
• Vulnerability scanning involves tools like nmap, burp Suite, and nasus to detect weaknesses and vulnerabilities in systems.
• Tools like nmap, WireShark, and air crack NG are commonly used for network analysis and security testing.
• ICMP protocol is used for control messages in networks, including the ping command for testing network connectivity.
• The speaker explains how to perform a ping sweep using nmap to check multiple IP addresses for network connectivity.
• Different scanning tools like SQL map, ncto, and Snort are used for specific security testing purposes.
• The speaker emphasizes the importance of understanding network protocols like TCP, UDP, and ICMP for effective scanning and analysis.
• The lecture covers the concept of DMZ (Demilitarized Zone) in network security architecture.
• Vulnerability scanning tools like nasus and burp Suite are essential for identifying system weaknesses and known vulnerabilities.
• The speaker demonstrates how to use ping and nmap for basic network scanning and testing.
• Tools like John the Ripper are used for password cracking, while tools like nmap are used for network mapping.
• The speaker warns against unauthorized scanning of systems without consent and highlights the legal implications of such actions.

Description

Explore the essential phase of scanning in ethical hacking, including network and port scanning, fingerprinting, banner grabbing, and advanced reconnaissance techniques. Learn the use of tools like nmap, telnet, Curl, and DNS tools for information gathering and vulnerability identification. Understand network protocols, DMZ, and the legal implications of unauthorized scanning.