{"id":532,"date":"2018-09-09T12:28:50","date_gmt":"2018-09-09T12:28:50","guid":{"rendered":"https:\/\/d1m0.com\/?p=532"},"modified":"2018-09-09T12:45:19","modified_gmt":"2018-09-09T12:45:19","slug":"nmap-basics-pt3","status":"publish","type":"post","link":"https:\/\/d1m0.com\/?p=532","title":{"rendered":"Nmap basics pt3"},"content":{"rendered":"<p><code>nmap -v 95.111.13.111  -sU -p 1000-1200<\/code><\/p>\n<p>Starting Nmap 7.70 ( https:\/\/nmap.org ) at 2018-09-09 07:24 CDT<br \/>\nInitiating Ping Scan at 07:24<br \/>\nScanning 95.111.13.111 [4 ports]<br \/>\nCompleted Ping Scan at 07:24, 0.03s elapsed (1 total hosts)<br \/>\nInitiating UDP Scan at 07:24<br \/>\nScanning d1m0.com (95.111.13.111) [201 ports]<br \/>\nDiscovered open port 1194\/udp on 95.111.13.111<br \/>\nNot shown: 200 closed ports<br \/>\nPORT     STATE SERVICE<br \/>\n1194\/udp open  openvpn<\/p>\n<p><strong>Spoofing &#038; Decoy Scan<\/strong><\/p>\n<p>When we are scanning machines that are not ours, we often want to hide our IP (our identity). Obviously, every packet must contain our source address or else the response from the target system will not know where to return to. Nmap allows us to use decoy IP addresses so that it looks like many IP addresses are scanning the target.<\/p>\n<p>We can do this by using the -D switch, such as:<\/p>\n<p><code>nmap -sS 192.168.89.191 -D 10.0.0.1,10.0.0.2,10.0.0.4<\/code><\/p>\n<p><strong>Evading Firewalls<\/strong><\/p>\n<p>Many firewalls and routers block or drop the ICMP (echo request, echo reply) ping. This is meant to obscure the presence of the hosts behind the firewall and protect against a possible DoS using the ping packet.To get around firewalls and routers that block or drop the ping, we need to suppress nmap&#8217;s default behavior of sending out that initial ping and get past the firewall that is blocking us. We can do this by using the -P0 switch:<\/p>\n<p><code>nmap -sS -P0 192.168.3.10<\/code><\/p>\n<p><strong>Reason<\/strong><\/p>\n<p>Note in the output from the UDP scan above that some ports are reported as open\/filtered. This indicates that nmap cannot determine whether the port is open or it is filtered by a device such as a firewall.<\/p>\n<p><code>nmap -sU --reason 192.168.3.10<\/code><\/p>\n<p><strong>Using a List<\/strong><\/p>\n<p>Many times we want to scan a list of IP addresses and not an entire subnet. We can use any text editor and create a list of IP addresses and &#8220;feed&#8221; it to nmap. Here, I am using Leafpad, which is built into Kali (any text editor will work), to put together a list of IP addresses I want to scan.<br \/>\n<code><br \/>\nnmap -iL scanlist.txt<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>nmap -v 95.111.13.111 -sU -p 1000-1200 Starting Nmap 7.70 ( https:\/\/nmap.org ) at 2018-09-09 07:24 CDT Initiating Ping Scan at 07:24 Scanning 95.111.13.111 [4 ports] Completed Ping Scan at 07:24, 0.03s elapsed (1 total hosts) Initiating UDP Scan at 07:24 Scanning d1m0.com (95.111.13.111) [201 ports] Discovered open port 1194\/udp on 95.111.13.111 Not shown: 200 closed &#8230;<\/p>\n<p><a href=\"https:\/\/d1m0.com\/?p=532\" class=\"more-link\">Continue reading &lsquo;Nmap basics pt3&rsquo; &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,4],"tags":[],"class_list":["post-532","post","type-post","status-publish","format-standard","hentry","category-linux","category-networking"],"_links":{"self":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts\/532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=532"}],"version-history":[{"count":5,"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts\/532\/revisions"}],"predecessor-version":[{"id":537,"href":"https:\/\/d1m0.com\/index.php?rest_route=\/wp\/v2\/posts\/532\/revisions\/537"}],"wp:attachment":[{"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/d1m0.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}