Network Scanning using NMAP (Beginner Guide)

Basic Scanning Techniques

So here I will show the basic techniques for scanning network/host. But before that, you should know some basic stuff regarding Nmap status after scanning.

Port Status: After scanning, you may see some results with a port status like filtered, open, closed, etc. Let me explain this.

·         Open: This indicates that an application is listening for connections on this port.

·         Closed: This indicates that the probes were received but there is no application listening on this port.

·         Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering.

·         Unfiltered: This indicates that the probes were received but a state could not be established.

·         Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state.

·         Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state.

Open kali linux terminal and type nmap to serach all nmap commands

Find All Connected PC (Ping Scan)

The -Sp option for a ping only scan. It will be more useful when you have a group of IP addresses and you don’t know which one is reachable.

nmap -sP -T4 192.168.0.1/24

Note:

-T : Used to change speed of scan. Slow scan yields Better results

Multiple IP Scan

nmap -sn 192.168.0.1/24

TCP Ports Scan

TCP connect scan is the default TCP scan type when SYN scan is not an option. It will show you all open TCP ports in Remote PC.

Sinlge IP Scan

nmap -sT 192.168.0.102

Multiple IP Scan

nmap -sT 192.168.0.1/24

Detect Service Version

In this scan you can find the version of the service that is running on each open port. This is done using multiple techniques like banner grabbing, reading server headers and sending specific requests.

Single Host Service Scanning

nmap -sV 192.168.0.102

Multiple Hosts Scanning

nmap -sV -T4 192.168.0.1/24

Detect Operating System

In this scan you can find the Installed Operating System in the Network PC.

Single Host Scanning

nmap -O 192.168.0.102

Multiple Hosts Scanning

nmap -O -T4 192.168.0.1/24

Detect Protocol

In this scan you can find the PROTOCOL, STATE, SERVICE in the Network PC.

nmap -sO -T4 192.168.0.1/24

Aggressive Scan (Also Work for Trace route)

For Single Host

The aggressive scan selects most commonly used options  it is simple alternative to writing long strings. It will also work for traceroute, etc.

nmap -A 192.168.0.102

Multiple Hosts Scanning

nmap -A -T4 192.168.0.1/24

UDP Ping Scan

The UDP scan only on udp ping scans on the target. . It will show you all open UDP ports in Remote PC.

nmap -sU -T4 192.168.0.102

Syn Scan

Complete 2 step in 3 way handshake. No chance of closing or crashing target. Undetected by older System. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls.

nmap –sS 192.168.0.113

Exploit Remote Windows PC using HTA Attack with Net Tools

open your kali Linux terminal and type the following command

 git clone git://git.code.sf.net/p/netoolsh/opensource-kali netoolsh-opensource-kali

Open terminal and type ./netool.sh and press enter to continue

Now it will ask you for your choice press 8 now a pop up will open click on yes

You can see lots of attacking option choose 4 Powershell (Relik)

Now a pop up will open choose a powershell payload (powershell.hta) then click OK.

again a pop up will open Enter IP address of your kali Linux pc And click OK.

Now it will ask for port no. Enter the port no.  Such as 4444 and click OK.

Entering the Target IP Address and click and press enter

Click on yes to start a Listner

Now it will execute TCP handler on 192.168.0.103 and start the payload handler.

When Victim Machine browsing to your link  it will download launcher.hta file when victim click on it you will get the meterpreter session .

Now the session has opened type sysinfo to get system information, then type shell to enter into Victims command prompt

Find the Vulnerable Router on Internet using RouterhunterBR

The RouterhunterBR is an automated security tool that finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger on home routers.

The script explores four vulnerabilities in routers

01 - Shuttle Tech ADSL Modem-Router 915 WM / Unauthenticated Remote DNS Change Exploit

reference: http://www.exploit-db.com/exploits/35995/

02 - D-Link DSL-2740R / Unauthenticated Remote DNS Change Exploit

reference: http://www.exploit-db.com/exploits/35917/

03 - LG DVR LE6016D / Unauthenticated users/passwords disclosure exploitit

reference: http://www.exploit-db.com/exploits/36014/

04 - D-Link DSL-2640B Unauthenticated Remote DNS Change Exploitx

reference: http://1337day.com/exploit/23302/

Open your kali Linux terminal and type the following command

./routerhunter.py  --range ‘182.75.*.*’ --dns1  8.8.8.8 --dns2 8.8.4.8

Legal disclaimer: Usage of RouterHunterBR for attacking targets without prior mutual consent is illegal.

It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

2 ways to Hack Windows 10 Password Easy Way

In this article, you will learn the multiple ways to recover/reset/crack the password when you don't have access to the machine or you forgot the login password of window 10.

Security is importanat for everyone, so people use passwords to protect their data or machine. But many times users forgot their password and try multiple combinations of alphabets and numbers to remember the password and to log in the PC. Don’t waste time, get the easy way to crack the window10 password.

Table Of Content

·         Prerequisites to crack window10 password

·         Create a bootable USB of window 10

·         Crack window10 password via replacing cmd .exe with Ease of Access App (on Screen Keyboard .exe)

·         Crack Window10 Password via replacing cmd .exe with Ease of Access App (Utilman .exe)

·         Crack window10 password via WinGreek Ultimate tool

Prerequisites to crack window 10 password

Either you should have already bootable USB having window10 image or you can first boot the drive before the password crack activity.

You should have an ISO image of window 10 or can download from https://www.microsoft.com/en-in/software-download/windows10 that contains all setup files. Secondly, you should have a CD/DVD or USB drive with at least 8 GB (for the 64-bit operating system). And make it bootable from an ISO image of window 10.

Create Bootable USB of window10

There are multiple ways to boot the USB drive but the method we mostly used either by RUFUS or by Universal USB-Installer. Below are the steps as follows:

1.       Download the latest version of RUFUS from https://rufus.ie/

2.       Click on select and browse the ISO image of window10.

3.       Select partition Scheme either MBR or GPT and File system FAT32 or NTFS as per compatibility.

4.       Click on start and makes the USB bootable.

Crack Window10 Password via replacing cmd.exe with Ease of Access App (osk .exe)

In window10, the Ease of Access button is on the bottom right corner of the login screen. Through the boot media, you can replace the Ease of Access applications with cmd.exe to open an elevated command prompt without logging in. There is much Ease of access app you can select as per your choice. But here we will show by using two utilities(on-screen keyboard and utility icon).

Ease of Access Utilities

                                                                                

Name	.exe filename
On-screen keyboard	osk.exe
Magnifier	magnify.exe
Narrator	narrator.exe
Sticky Key	sethc.exe
DisplaySwitch	displayswitch.exe
Utility	utilman.exe
app switcher	Atbroker.exe

Let’s start the easy way to crack the window10 password.

Start your computer and enter into Bios Setup (computers of different brands have their boot menu and BIOS key ). You can choose boot preferences (CD/DVD or USB ) devices that you want to boot from.

Click next

In the lower-left corner of windows setup, click on "Repair your computer".

Now, choose to troubleshoot as an option, to see the advanced options

Click on Advanced options

Now click on command prompt

Command prompt will elevate, and then you’ll copy the command prompt executable (cmd.exe) over top of the On-Screen keyboard executable. (Must know the path of system32 drive)

copy d:\windows\system32\cmd.exe d:\windows\system32\osk.exe

Type yes for overwrite option.

Now Reboot the PC. 

After reboot, PC will start and once you will reach on the login page, in the right bottom corner of the login screen click on Ease of Application (middle one), after that once you will click on On-Screen Keyboard immediately CMD prompt as an administrator mode will elevate

Now you can reset the password, either by changing the existing user password or by adding a new user (permissions should be as an administrator)

Syntax: net user account name *

Example: net user raj * and press enter.

Set any password for that account.

Crack Window10 Password via replacing cmd .exe with Ease of Access App (Utilman .exe)

Follow the above steps mentioned in the first procedure until the command prompt elevation not opened to replace the cmd.exe with Utilman.exe (Ease of App utility). 

Then copy the command prompt executable (cmd.exe) over top of utility manager executable. (Must know the path of system32 drive)

copy d:\windows\system32\cmd.exe d:\windows\system32\osk.exe

Type yes for overwrite option.

Now Reboot the PC. 

After reboot, PC will start and once you will reach on the login page, in the right bottom corner of the login screen click on Ease of Application (middle one) icon, once you will click on it immediately CMD prompt as an administrator mode will open.

Now you can reset the password, either by changing the existing user password or by adding a new user (permissions should be as an administrator)

Syntax: net user account name *

Example: net user raj * and press enter.

Set any password for that account.

Crack window10 password via WinGeeker Tool

This method is the most user-friendly approach to hacking a Windows 10 password. It’s highly effective and doesn’t require any expertise to use. The simple three-step process will ensure that any Windows user or admin account is immediately accessible. The most reliable aspect of this utility, called TunesBro WinGeeker, is that it does not touch your data in any way.

 Download TunesBro WinGeeker to a different PC then use the built-in ISO burning utility to burn the ISO file and create a boot disk or boot drive. This is your password reset disk.

 When the disk or drive is ready, remove it and insert it into the locked PC. You will now need to go into the BIOS menu and change the boot priority so the system boots from your password reset disk instead of the Windows installation files that are on your hard drive.

 Once you see the TunesBro WinGeeker interface, you need to select the right Windows version and the user account that is locked. Click on ‘Reset Password’ to hack and blank the Windows 10 password. Now click on ‘Reboot’ and the job is done.

Denial of Service Attack on Network PC using SET Toolkit

First open your kali Linux application tab in Exploitation Tools and then chose SET Toolkit

Now press enter

Now choose option 2, “Fast-Track Penetration Testing” and enter

Then choose option 2, “Custom Exploits” and Enter

After that choose option 4, “RDP use after free –Denial of Service” and Enter

Now Enter the IP address of remote pc you want to be crash