In this part we will go a step further in to ethical hacking and discuss how to do Penetration testing.
Warning: Proceed only after permission from network owner else it will be treated as hacking. You can try it on your personal systems.
Step 1: Port Scanning
Penetration testing starts with port scanning which allows tester to probe and attempt to discover open ports, services running and OS versions. To do this you can use nmap tools.
Using nmap you can scan both TCP and UDP ports.
Step2: Attack to webserver like apache server.
You can launch some actual attack using Metasploit. Example Apache Range DoS attack which is known as Apache Killer.
Step3: Protocol anomaly
Play with SSH to establish SSH connections to unconventional ports. Security tools should be able to detect SSH protocol anomalies.
So far we have covered 2 tools nmap and Metasploit.
What is nmap?
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Sometime it is also used for network inventory, managing service upgrade schedules and managing host or service uptime.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It is designed to rapidly scan large networks, but works fine against single hosts.
Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
For more details you can visit http://nmap.org
What is Metasploit?
This tool helps test your network to uncover exploitable security gaps and help validate vulnerabilities. It allows you to simulate phishing attacks.
Next we will cover how to use nmap.