Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Tutorial: Scanning for Vulnerable Systems (Hacker's First Steps)

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
5,091
Loading...
Alert icon
Sign in or sign up now!
Alert icon
Ratings have been disabled for this video.

Uploaded by on Oct 19, 2010

This video is designed to help you mitigate port-scans which reveal vulnerabilities. Close all non-essential ports on your firewalls admins!

Protip: also ensure that any necessary TCP/UDP port services have all latest hotfixes, patches, and/or service packs installed. You don't want an SMTP server running with an open relay or a TFTP server with a big fat stack overflow! I am sure you would like to stay in control of those servers!

To start hacking, an attacker typically scans an address or range of addresses looking for alive hosts (responding to ICMP ping requests), looking for open ports (TCP/UDP), then determines the version of any services running on the machine using fingerprinting techniques. For instance, if a system is seen as alive, and also responding to requests on TCP port 80, the attacker will then use fingerprinting and heuristics to determine the precise version of the server software, as well as any other accessible services which are active on the target machine.

Once the version is determined, the attacker can search a vulnerability database such as Bugtraq or CERT to see if the version of software detected is vulnerable to any known exploits or attack vectors. If an exploit is found, often the attacker can use any included "Proof-of-Concept" code contained in the advisory, or build his own custom exploit catered to the system he is attacking. Identify, enumerate, research, and attack. This is a proven process for penetrating a system. It can only takes one vulnerable service to cripple an entire network infrastructure.

This video demonstrates two tools:
-Nmap http://nmap.org and
-THC-Amap http://thc.org/thc-amap/

Nmap has become the de facto standard in port scanning software. Nmap allows you to scan for alive hosts, scan the alive host for open ports using numerous techniques (TCP Connect(), FIN scan, SYN scan, etc), determine the version of service software running on these ports, and even display a map of the communication topology and hops routed through to the destination.

Amap allows a user to fingerprint a particular port on a live host using heuristics and signatures in the hopes of pinpointing the exact version of the software running on the server.

Object Lesson: firewall your ports and apply updates ASAP. Done

Category:

Science & Technology

Tags:

License:

Standard YouTube License

Link to this comment:

Share to:
see all

All Comments (4)

Sign In or Sign Up now to post a comment!

  • can you use this to scan IOS 5 for exploits ?

    pooneliquor 2 months ago

  • thanks mine nice tut

    c4stoners 1 year ago

  • Help I get these

    PORT STATE SERVICE VERSION

    1/tcp unknown tcpmux

    3/tcp unknown compressnet

    4/tcp unknown unknown

    6/tcp unknown unknown

    7/tcp unknown echo

    9/tcp unknown discard

    13/tcp unknown daytime

    and like a whole lot more i dont get no more ip addresses tho

    BloodLionMGO 1 year ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more