1. To find out which machine in the target network is available to us. If the machine is not available, we can't continue the target pen-test process, and we need to move on to the next machine.
2. To find out the underlying operation system that is used by the target machin.
To help us in the target discovery process we can utilize tools provided in Backtrack:
Identify live hosts,
OS-Fingerprinting
Identify Live Host
To help us in the target discovery process we can utilize tools provided in Backtrack:
Identify live hosts,
OS-Fingerprinting
Identify Live Host
The tools included in this category are used to identify target machines that are available. However, first we need to know our client's terms and agreements. If the agreements require us to hide pentesting activities, then we need to conceal our penetration testing activities.
Ping
The ping tool is used to check whether a particular host is available. It sends ICMP (Internet Control Message Protocol) request.
(-c counts 5 packet to be sent)
#ping -c 5 192.168.1.88
Arping
The arping tool is used to test whether a particular IP address is in use in the network. It sends ARP (Address Resolution Protocol) request.
Arping2
Can send ARP and/or ICMP request to the target host. When pinging the IP address, it sends ARP request. But when pinging the MAC address instead, it sends ICMP request.
Fping
Fping tool is used to send a ping (ICMP request) to several host at once. It works by monitoring the reply from the network. If the targeted network is replyin, it will gbe noted and removed from the target list. But if it does not respond, it will be marked as unreachable. By default, fping will try to send 3 ICMP packet to each target. To change this, use -r [value] option.
We can also generate the host list automatically and identify them:
Genlist
This tool is used to get a list of host that repond to the ping probes. To print live host on the network 192.168.1.0/24, we use this command:
Hping2
It is used to send custom packet and to display replies from the target. It supports TCP, UDP, ICMP, and RAW-IP protovols. With hping2, you can do these activities:
Firewall rules testing, advanced port scanning, parth MTU discovery, remote OS fingerprinting, etc.
Hping3
All feature in hping2 is available in hping3. The biggest difference is that hping3 has Tcl scripting capabilities. You can use the script interactively or you can use it as a script file.
To access hping3 interactively, open up a console and type hping3. As an example we will send an ICMP ECHO REQUEST packet to IP 10.0.2.100. The following is the appropriate Tcl script:
hping send {ip(daddr=10.0.2.100)+icmp(type=8,code=0)}
To get response, we use:
hping recv eth0
Ping
The ping tool is used to check whether a particular host is available. It sends ICMP (Internet Control Message Protocol) request.
(-c counts 5 packet to be sent)
#ping -c 5 192.168.1.88
ArpingThe arping tool is used to test whether a particular IP address is in use in the network. It sends ARP (Address Resolution Protocol) request.
Arping2
Can send ARP and/or ICMP request to the target host. When pinging the IP address, it sends ARP request. But when pinging the MAC address instead, it sends ICMP request.
Fping
Fping tool is used to send a ping (ICMP request) to several host at once. It works by monitoring the reply from the network. If the targeted network is replyin, it will gbe noted and removed from the target list. But if it does not respond, it will be marked as unreachable. By default, fping will try to send 3 ICMP packet to each target. To change this, use -r [value] option.
To display the cumulative statistic, we use -s option:
Genlist
This tool is used to get a list of host that repond to the ping probes. To print live host on the network 192.168.1.0/24, we use this command:
Hping2
It is used to send custom packet and to display replies from the target. It supports TCP, UDP, ICMP, and RAW-IP protovols. With hping2, you can do these activities:
Firewall rules testing, advanced port scanning, parth MTU discovery, remote OS fingerprinting, etc.
Hping3
All feature in hping2 is available in hping3. The biggest difference is that hping3 has Tcl scripting capabilities. You can use the script interactively or you can use it as a script file.
To access hping3 interactively, open up a console and type hping3. As an example we will send an ICMP ECHO REQUEST packet to IP 10.0.2.100. The following is the appropriate Tcl script:
hping send {ip(daddr=10.0.2.100)+icmp(type=8,code=0)}
To get response, we use:
hping recv eth0
Until this step, you may now know and confirmed that your target is alive and you can also track its associates network.
No comments:
Post a Comment