Trinity uses nmap in the film The Matrix Reloaded to hack the city - - PowerPoint PPT Presentation

trinity uses nmap in the film the matrix reloaded to hack
SMART_READER_LITE
LIVE PREVIEW

Trinity uses nmap in the film The Matrix Reloaded to hack the city - - PowerPoint PPT Presentation

Jan 24, 2024 431 likes •713 views

Trinity uses nmap in the film The Matrix Reloaded to hack the city power grid Benjamin uses nmap in Who Am I - No System is Safe to compromise the local power company, causing a brief blackout Lisbeth uses nmap in the film The

slide-1
SLIDE 1
slide-2
SLIDE 2

Trinity uses nmap in the film “The Matrix Reloaded” to hack the city power grid

slide-3
SLIDE 3
slide-4
SLIDE 4

Benjamin uses nmap in “Who Am I - No System is Safe” to compromise the local power company, causing a brief blackout

slide-5
SLIDE 5
slide-6
SLIDE 6

Lisbeth uses nmap in the film “The Girl with the Dragon Tattoo” (just in general)

slide-7
SLIDE 7
slide-8
SLIDE 8

E-Lita explains the nmap functionality in the soft-core porn “HaXXXor Volume 1: No Longer Floppy”

slide-9
SLIDE 9

create your

  • wn exercise

Network Scanning - Advanced Port Scanning with nmap

Marc Müller, Ellen Maeckelburg

9

slide-10
SLIDE 10

Motjvatjon

Master your NMap skills in order to learn more about your network!

10

slide-11
SLIDE 11

Motjvatjon

  • Where is it relevant?

– Security scanning, informatjon gathering, hacking

  • Who uses it?

– Private people, security personnel, hackers

  • Why is it interestjng?

– Discover networks, essentjal skill in IT, awareness

11

slide-12
SLIDE 12

Lecture overview

  • Learning Goals
  • Port scanning basics

– TCP – UDP

  • Difgerent scanning techniques
  • Idle scan
  • Cool NMap features
  • Scan Detectjon

12

slide-13
SLIDE 13

Summary/ Learning Goals

13

The Following Learning Goals are Covered in the Lecture PreLab Lab Understand how port scanning works X Learn difgerent scanning techniques X X Understand and observe how scans are detected by target hosts X X X Firewalls basics X X Mastering the scanning tools NMAP X X Execute fancy stealthy scans and discover running services X

slide-14
SLIDE 14

Port scanning basics

What are ports?

  • Allow difgerent services to use single physical

connectjons

  • Range 0-65535

– Well-known ports 0-1023 – Registered ports 1024-49151 – Ephemeral ports 49151-65535

6

slide-15
SLIDE 15

Port scanning basics

TCP Handshake:

6

A B A B A B SYN SYN SYN/ACK SYN/ACK ACK RST RST Successful Unsuccessful Unexpected (RFC: 793)

slide-16
SLIDE 16

Port scanning basics

UDP:

6

A B A B A B UDP packet UDP packet ICMP error

  • > open

type 3 Code 3,

  • > closed

tpe 3 Code 1,2,9...

  • > filtered

no response

  • > open|filtered

UDP packet UDP packet

slide-17
SLIDE 17

Difgerent scanning techniques

  • TCP

– connect scan – SYN scan – ACK scan – FIN scan – Idle scan

  • UDP scan
  • Host Discovery

7

slide-18
SLIDE 18

Idle scan

source: htups://advancedinternetuechnologies.fjles.wordpress.com/2012/01/ipv4-header.png 7

slide-19
SLIDE 19

Idle scan

9 Scanner Target Idle host 1: SYN / ACK 2: RST (IP Id)

slide-20
SLIDE 20

Idle scan

10 Scanner Target Idle host 3: SYN with src address of Idle host 4: Open: SYN/ACK to Idle host IP Id increased 5: RST

slide-21
SLIDE 21

Idle scan

11 Scanner Target Idle host 6: SYN / ACK 7: RST (IP Id)

slide-22
SLIDE 22

Idle scan

Requirements:

  • can predict IP Id (IP fragmentation identifier)
  • probe Idle host for current sequence number
  • host is truly idle

Conclusions:

  • IP Id increased by 1

Port is closed or filtered

  • IP Id increased by > 1

Port is open

12

slide-23
SLIDE 23

Cool NMap features

Applicatjon & OS version detectjon

6

sudo nmap -A -6 dead:beef:11ab:1:92e2:baff:fe2a:8fc7 sudo nmap -O -sV -6 dead:beef:11ab:1:92e2:baff:fe2a:8fc7 Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-15 08:48 CET Nmap scan report for hrtbrthtz5egd-v6.eduroam.dynamic.rbg.tum.de (dead:beef:11ab:1:92e2:baff:fe2a:8fc7) Host is up (0.000023s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.7 - 4.4 Network Distance: 0 hops Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 6.90 seconds

slide-24
SLIDE 24

Cool NMap features

Host detectjon

  • -sL List Scan

simply list targets to scan

  • -sP Ping Scan

go no further than determining if host is

  • nline

6

slide-25
SLIDE 25

Cool NMap features

Automatjon

  • You can determine how the output of NMap

should look like -> can use it for automatjon

  • oN
  • utput in normal format
  • oX

XML

  • oS

s|<rIpt kIddi3

  • oG

Grepable

6

slide-26
SLIDE 26

Scan detectjon

How to detect port scans?

  • Scan characteristjcs:

– One src IP address, many destjnatjon ports – High volume of difgerent connected ports

13