Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "how to use Nmap in Kali Linux". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Nmap allows administrators to quickly and thoroughly understand a system on a network, hence the name, Network Mapper or NMAP. Nmap can quickly find the active host and the services associated with that host.

System requirements

1.Kali Linux

two。 Another computer.

How do I find Live Hosts on my network?

In this example, both machines are private 192.168.56.0 / 24 networks. The Kalimachine has the IP address of 192.168.56.101 and the IP address of 192.168.56.102 of the Metasploitable machine to be scanned. I Fast nmap scanning can help determine what exists on a particular network. This scan is called a "simple list" scan, so-sL is passed to the NMAP command argument.

# nmap-sL 192.168.56.0 Universe 24

Nmap-Live Hosts that scans the network

Sadly, this initial scan did not return any live hosts. Sometimes this is the way some operating systems handle a factor in port scanning of network traffic.

Find and Ping all Live Host on my network

Don't worry, there are some tricks that nmap can try to find these machines. The next step will tell NMAP to simply try to ping all addresses of 192.168.56.0 Universe 24 network.

# nmap-sn 192.168.56.0 Universe 24

Nmap-Ping all connected active network hosts

At this time nmap returns some potential hosts for scanning! In this command,-sn forbids the attempt to scan the host by port, and the default behavior of nmap is that NMAP tries to ping the host.

Find the open port on the host

Let's try to have the nmap port scan these specific hosts and see what happens.

# nmap 192.168.56.1100-102

Wow! This time nmap hit a gold mine. This special host has a considerable number of open network ports. These ports indicate some kind of listening service on this particular machine. From an early review, the IP address of 192.168.56.102 was assigned to the machine with metasploitable vulnerabilities, so why are there so many open ports on this host. Opening this port on most machines is very abnormal, so it may be a wise idea to investigate this machine a little close. Administrators can track physical machines on the network and view them locally, but this won't be interesting, especially if nmap can do it faster!

Find the port on the service listening host

This next scan is a scan of a service and is often used to try to determine which machine can listen to the service on a specific port. Nmap will probe all open ports and try to grab information from the services running on each port.

# nmap-sV 192.168.56.102

Note that this time nmap provides some suggestions that nmap ideas might run on this particular port (highlighted in the white box). In addition, NMAP is also trying to determine information about the operating system running on this machine and its hostname (with great success! ). Viewing this output should attract some attention from the network administrator. First of all, the first line states that vsftpd version 2.3.4 runs on this machine! This is a real old version of VSftpd. Through ExploitDB search, a serious vulnerability was discovered as early as 2011 in this special version (ExploitDB ID-17491).

Look for anonymous FTP login on the host

Let's let nmap take a closer look at this particular port and see what can be determined.

# nmap-sC 192.168.56.102-p 21

Using this command, NMAP is instructed to run on the FTP port (- p 21) on the host, and its default script (- sC). Although it may or may not be a problem, NMAP and find out that anonymous FTP logins are allowed on this particular server.

Check for vulnerabilities on the host

This pairing with previous knowledge about VSftd with old vulnerabilities should cause some concern. Let's see if there are any scripts in nmap that try to check for VSftpd vulnerabilities.

# locate .nse | grep ftp

Nmap-scan for VSftpd vulnerabilities

Please note that nmap has built a NSE script for vsftpd backdoor problems! Let's try running this script on this host and see what happens, but it may be important to know how to use the script first.

# nmap-script-help=ftp-vsftd-backdoor.nse

Learn about Nmap NSE script usage

Through the reading of this manual, it is clear that this script can be used to try to see that this particular machine is vulnerable to previously identified ExploitDB problems. Let's run the script and see what happens.

# nmap-- script=ftp-vsftpd-backdoor.nse 192.168.56.102-p 21

Nmap-scan for vulnerable hosts

Yikes! Nmap's script returned some dangerous messages. This machine may be a good candidate to conduct a serious investigation. This does not mean that the machine is compromised or used for terrible / terrible things, but it should bring some attention to the network / security team. Nmap has high selectivity and equivalent ability. Most attempts have been made so far to keep nmap's network traffic moderately quiet, but scanning personally owned networks in this way can be time-consuming. Nmap has the ability to do a more active scan, which tends to produce most of the same information, but in one command rather than a few. Let's take a look at a positive scan output (to-do-an active scan can set off an intrusion detection / prevention system! ).

# nmap-A 192.168.56.102

Nmap-complete the network scan on the host

Note that this time, using a command, nmap returns a lot of information about the open ports, services, and configurations running on this particular machine. Much of this information can be used to help determine how to protect the machine and evaluate which software can be on the network. This is just a short list of many useful things that nmap can use to find on hosts or network segments. We strongly urge individuals to continue to use nmap to try to be personally owned on the network in a controlled manner.

Don't practice by scanning other entities!

This is the end of the content of "how to use Nmap in Kali Linux". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.