Tuesday, August 28, 2007

Main2x yuk sama Nmap

Mari bermain dengan Nmap ........


Apa itu Nmap jika anda cukup familiar dengan kata kata ini sebaiknya anda menyimpan dalam hati
karena nmap bukan makanan dan bukan pula masakan ,

Ok, kembali ke context awal | dalam melakukan hacking jarak jauh tahap awalnya adalah mengintip
yap memang tepat kata ini digunakan dalam artikel ini , mengintip sebuah port alias service yang dijalankan oleh target dan server , service yang dijalankan protokol TCP ( transmission control protokol ) .

Port apasih yang kita mau intip ? pertanyaan ini sering diutarakan teman-teman saya
ok kita mau melihat gambaran port yang paling umum :

25 SMTP server
80 Webserver
110 Pop3 Server
dll

Semakin penasaran dengan nmap mari kita menyelam lebih jauh tentang nmap ini

Nmap dirancang untuk melakukan scanning dalam jaringan , melihat operasi yang sedang berjalan
berbagai teknik yang digunakan seperti UDP, TCP , Connect () TCP SYN ( half open ) ftp proxy (bounce attack), Reverse-ident, ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, dan Null scan. , nmap juga menyediakan fitur remote os ( ping sweep ) FIN , ACK Sweep . Xmas Tree SYN Sweep [ bingung dengan istilah ilmiah diatas siapkan kamus anda lalu search digoogle ]

sebagai tools awal saya menggunakan backtrack [ slackware ] dengan Flat 3G

misal target anda :

www.jasakom.com

bt iqbal # nmap -v sS -O www.jasakom.com

Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-29 07:15 GMT
Failed to resolve given hostname/IP: sS. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Initiating Parallel DNS resolution of 1 host. at 07:15
Completed Parallel DNS resolution of 1 host. at 07:15, 0.91s elapsed
Initiating System CNAME DNS resolution of 1 host. at 07:15
Completed System CNAME DNS resolution of 1 host. at 07:15, 0.40s elapsed
Initiating SYN Stealth Scan at 07:15
Scanning web115.discountasp.net (216.177.77.9) [1697 ports]
Discovered open port 21/tcp on 216.177.77.9
Discovered open port 80/tcp on 216.177.77.9
Discovered open port 25/tcp on 216.177.77.9
Discovered open port 443/tcp on 216.177.77.9
Increasing send delay for 216.177.77.9 from 0 to 5 due to 11 out of 29 dropped probes since last increase.
SYN Stealth Scan Timing: About 9.93% done; ETC: 07:20 (0:04:32 remaining)
Stats: 0:00:43 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 14.81% done; ETC: 07:19 (0:03:37 remaining)
Stats: 0:00:59 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 21.71% done; ETC: 07:19 (0:03:14 remaining)
Stats: 0:01:31 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 34.08% done; ETC: 07:19 (0:02:46 remaining)
Stats: 0:01:33 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 34.87% done; ETC: 07:19 (0:02:43 remaining)
Stats: 0:01:36 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 35.50% done; ETC: 07:19 (0:02:44 remaining)
Stats: 0:02:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 49.70% done; ETC: 07:19 (0:02:00 remaining)
Discovered open port 8080/tcp on 216.177.77.9
Discovered open port 1027/tcp on 216.177.77.9
Stats: 0:03:26 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 85.89% done; ETC: 07:19 (0:00:32 remaining)
Stats: 0:03:30 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 88.03% done; ETC: 07:19 (0:00:27 remaining)
Stats: 0:03:53 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 96.62% done; ETC: 07:19 (0:00:07 remaining)
Stats: 0:04:00 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.15% done; ETC: 07:19 (0:00:02 remaining)
Stats: 0:04:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.99% done; ETC: 07:19 (0:00:00 remaining)
Stats: 0:04:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.99% done; ETC: 07:19 (0:00:00 remaining)
Completed SYN Stealth Scan at 07:19, 242.96s elapsed (1697 total ports)
Initiating OS detection (try #1) against web115.discountasp.net (216.177.77.9)
Retrying OS detection (try #2) against web115.discountasp.net (216.177.77.9)
Initiating gen1 OS Detection against 216.177.77.9 at 269.212s
Stats: 0:04:29 elapsed; 0 hosts completed (1 up), 1 undergoing OS Scan
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
Stats: 0:05:08 elapsed; 0 hosts completed (1 up), 1 undergoing OS Scan
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
For OSScan assuming port 21 is open, 1 is closed, and neither are firewalled
Host web115.discountasp.net (216.177.77.9) appears to be up ... good.
Interesting ports on web115.discountasp.net (216.177.77.9):
Not shown: 1684 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
554/tcp filtered rtsp
1027/tcp open IIS
8000/tcp filtered http-alt
8080/tcp open http-proxy
Device type: general purpose|web proxy|broadband router|firewall|WAP
Running (JUST GUESSING) : Microsoft Windows NT/2K/XP|2003/.NET (88%), Blue Coat SGOS (87%), Netopia embedded (86%), ZyXel ZyNOS (86%), Linux 1.X (85%), D-Link embedded (85%)
Aggressive OS guesses: Microsoft Windows XP Home Edition (German) SP2 (88%), Microsoft Windows 2003 Server or XP SP2 (88%), Microsoft Windows XP Pro SP2 (88%), BlueCoat SG4 (87%), Microsoft Windows 2003 Server SP1 (86%), Netopia DSL Router (86%), ZyXel ZyWALL 1 firewall (86%), ZyXel Zywall 10W firewall (86%), Linux 1.3.20 (x86) (85%), D-Link DI-774 WAP (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 19 hops
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Busy server or unknown class

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 360.207 seconds
Raw packets sent: 2050 (94.832KB) | Rcvd: 1908 (89.312KB)

Ada banyak option yang mengatur cara kerja nmap, beberapa yang sering saya gunakan misalnya:

-P0 - tidak melakukan ping ke target, untuk menghindari kita terlihat oleh target.

-f - menggunakan potongan paket kecil-kecil (fragmented) agar sulit di deteksi oleh software pendeteksi penyusup.

-v - verbose mode, untuk melihat hasil antara proses scan pada layar.

-O - mencoba menebak sistem operasi yang digunakan oleh mesin target.

masih penasaran tentang perintah nmap


bt ~ # man nmap

Itulah dasar pondasi dalam hacking , selanjutnya ada dapat berkreasi untuk mencoba menemukan bug
service tersebut , cari source di www.milw0rm.com dll tergantung kreasi anda selamat mencoba

No comments:

Post a Comment