Legal Disclaimer
Hacking-For-Beginners-a-beginners-guide-for-learning-ethical-hacking
Hacking-For-Beginners-a-beginners-guide-for-learning-ethical-hacking
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Hacking For Beginners – Manthan Desai 2010<br />
There are two very popular methods for acquiring and distributing Linux: FTP and CD-ROM. Most of the major Linux<br />
distributions (Red Hat, Debian, Slackware, Caldera) are available for free download from several popular sites. Though<br />
time consuming, it does not cost anything beyond connection charges.<br />
Linux is one of the more stable operating systems available today. This is due in large part to the fact that Linux was<br />
written by programmers who were writing for other programmers and not for the corporate system. There are currently<br />
two mature program packaging standards in the Linux world - SuSE and Mandrake. Debian and Red Hat each have their<br />
own packaging systems; both will check dependencies, both can upgrade an entire running system without a reboot. This<br />
makes it easy to upgrade parts or all of a system, as well as add new software, or remove unwanted software.<br />
Scanning Networks<br />
<br />
<br />
<br />
<br />
Once the IP address of a target system is known, an attacker can begin the process of port scanning, looking for<br />
holes in the system through which the attacker can gain access.<br />
A typical system has 2^16 -1 port numbers and one TCP port and one UDP port for each number.<br />
Each one of these ports are a potential way into the system.<br />
The most popular Scanning tool for Linux is Nmap.<br />
Scanning helps one to know what services are running on a machine. This will show the open ports on which services are<br />
listening for connections. Once the targets are identified, an intruder is able to scan for listening ports.<br />
Port scanning is the process of connecting to TCP and UDP ports on the target system to determine what services are<br />
running or in a listening state. Identifying listening ports is essential to determine the type of operating system and<br />
application in use on the system.<br />
Types of port scanning:<br />
1. TCP connect scan: This type of scan connects to the target port and completes a full three-way handshake (SYN,<br />
SYN/ACK and ACK).<br />
2. TCP SYN scan: This is also called half-open scanning because it does not complete the three-way handshake,<br />
rather a SYN packet is sent and upon receiving a SYN/ACK packet it is determined that the target machines port is<br />
in a listening state and if an RST/ACK packet is received , it indicates that the port is not listening.<br />
3. TCP FIN scan: This technique sends a FIN packet to the target port and based on RFC 793 the target system should<br />
send back an RST for all closed ports.<br />
4. TCP Xmas Tree scan: This technique sends a FIN, URG and PUSH packet to the target port and based on RFC 793<br />
the target system should send back an RST for all closed ports.<br />
5. TCP Null scan: This technique turns off all flags and based on RFC 793, the target system should send back an RST<br />
for all closed ports.<br />
6. TCP ACK scan: This technique is used to map out firewall rule sets. It can help determine if the firewall is a simple<br />
packet filter allowing only established connections or a stateful firewall performing advance packet filtering.<br />
7. TCP Windows scan: This type of scan can detect both filtered and non-filtered ports on some systems due to<br />
anomaly in the way TCP windows size is reported.<br />
8. TCP RPC scan: This technique is specific to UNIX systems and is used to detect and identify Remote Procedure Call<br />
(RPC) ports and their associated program and version number.<br />
9. UDP scan: This technique sends a UDP packet to the target port. If the target ports responds with an "ICMP port<br />
unreachable" message, the port is closed, if not then the port is open. This is a slow process since UDP is a<br />
connectionless protocol; the accuracy of this technique is dependent on many factors related to utilization of<br />
network and system resources.<br />
w w w . h a c k i n g t e c h . c o . t v Page 86