Tìm Hiểu Và Sử Dụng NMap

Sinh vin thc hin: Hong Mnh Tun Nguyn Th Trung Gio vin hng dn:Nguyn Mu uyn

Tm Hiu V S Dng NMapTm hiu v Scanning vi cng c Nmap

Ni dng bi vit bao gm 1. Nguyn tc truyn thng tin TCP/IP 2. Cc Nguyn tc v Phng thc Scan Port 3. S dng phn mm Nmap Scan Port

I. Nguyn tc truyn thng tin TCP/IP 1. Cu to gi tin TCP

Trong bi vit ny ti ch ch trng ti cc thit lp Flag trong gi tin TCP nhm mc ch s dng Scan Port: - Thng s SYN yu cu kt ni gia hai my tnh - Thng s ACK tr li kt ni gia hai my c th bt u c thc hin - Thng s FIN kt thc qu trnh kt ni gia hai my - Thng s RST t Server ni cho Client bit rng giao tip ny b cm (khng th s dng) - Thng s PSH s dng kt hp vi thng s URG - Thng s URG s dng thit lp u tin cho gi tin ny. Tht ra ton b cc thng s ny trong gi tin n ch th hin l 1 hoc 0 nu l 0 th gi tin TCP khng thit lp thng s ny, nu l 1 th thng s no c thc hin n s ln lt trong 8 bits trong phn Flag. 2. Khi Client mun thc hin mt kt ni TCP vi Server u tin:

+ Bc I: Client bn n Server mt gi tin SYN + Bc II: Server tr li ti Client mt gi tin SYN/ACK + Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v qu trnh trao i thng tin gia hai my bt u. 3. Khi Client mun kt thc mt phin lm vic vi Server

+ Bc I: Client gi n Server mt gi tin FIN ACK + Bc II: Server gi li cho Client mt gi tin ACK + Bc III: Server li gi cho Client mt gi FIN ACK + Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v Client c thc hin. II. Nguyn tc Scan Port trn mt h thng. 1. TCP Scan Trn gi TCP/UDP c 16 bit dnh cho Port Number iu c ngha n c t 1 65535 port. Khng mt hacker no li scan ton b cc port trn h thng, chng ch scan nhng port hay s dng nht thng ch s dng scan t port 1 ti port 1024 m thi. Phn trn ca bi vit ti trnh by vi cc bn nguyn tc to kt ni v ngt kt ni gia hai my tnh trn mng. Da vo cc nguyn tc truyn thng tin ca TCP ti c th Scan Port no m trn h thng bng nhng phng thc sau y: - SYN Scan: Khi Client bn gi SYN vi mt thng s Port nht nh ti Server nu server gi v gi SYN/ACK th Client bit Port trn Server c m. Nu Server gi v cho Client gi RST/SYN ti bit port trn Server ng. - FIN Scan: Khi Client cha c kt ni ti Server nhng vn to ra gi FIN vi s port nht nh gi ti Server cn Scan. Nu Server gi v gi ACK th Client bit Server m port , nu Server gi v gi RST th Client bit Server ng port . - NULL Scan Sure: Client s gi ti Server nhng gi TCP vi s port cn Scan m khng cha thng s Flag no, nu Server gi li gi RST th ti bit port trn Server b ng. - XMAS Scan Sorry: Client s gi nhng gi TCP vi s Port nht nh cn Scan cha nhiu thng s Flag nh: FIN, URG, PSH. Nu Server tr v gi RST ti bit port trn Server b ng.

- TCP Connect: Phng thc ny rt thc t n gi n Server nhng gi tin yu cu kt ni thc t ti cc port c th trn server. Nu server tr v gi SYN/ACK th Client bit port m, nu Server gi v gi RST/ACK Client bit port trn Server b ng. - ACK Scan: dng Scan ny nhm mc ch tm nhng Access Controll List trn Server. Client c gng kt ni ti Server bng gi ICMP nu nhn c gi tin l Host Unreachable th client s hiu port trn server b lc. C vi dng Scan cho cc dch v in hnh d b tn cng nh: - RPC Scan: C gng kim tra xem h thng c m port cho dch v RPC khng. - Windows Scan tng t nh ACK Scan, nhng n c th ch thc hin trn mt s port nht nh. - FTP Scan: C th s dng xem dch v FTP c c s dng trn Server hay khng - IDLE cho php kim tra tnh trng ca my ch. 2. UDP Scan. Nu nh gi tin truyn bng TCP m bo s ton vn ca gi tin s lun c truyn ti ch. Gi tin truyn bng UDP s p ng nhu cu truyn ti d liu nhanh vi cc gi tin nh. Vi qu trnh thc hin truyn tin bng TCP k tn cng d dng Scan c h thng ang m nhng port no da trn cc thng s Flag trn gi TCP. Cu to gi UDP

Nh ta thy gi UDP khng cha cc thng s Flag, cho nn khng th s dng cc phng thc Scan port ca TCP s dng cho UDP c. Tht khng may hu ht h thng u cho php gi ICMP. Nu mt port b ng, khi Server nhn c gi ICMP t client n s c gng gi mt gi ICMP type 3 code 3 port vi ni dung l "unreachable" v Client. Khi thc hin UDP Scan bn hy chun b tinh thn nhn c cc kt qu khng c tin cy cao. III. Scan Port vi Nmap. Nmap l mt tool scan port rt mnh v ni danh t lu c gii hacker tin dng. N h tr ton b cc phng thc scan port, ngoi ra n cn h tr cc phng thc scan hostname, service chy trn h thng . Nmap hin gi c c giao din ho v giao din command line cho ngi dng, chy trn c mi trng .NIX v Windows. Nmap Scan a. Cc dng Scan nmap h tr. Nmap sT: trong ch s l Scan, cn ch T l dng TCP scan

Nmap sU: l s dng UDP Scan Nmap sP: s dng Ping scan Nmap sF: s dng FIN Scan Nmap sX: s dng phng thc XMAS Scan Nmap sN: s dng phng thc NULL Scan Nmap sV: s dng Scan tn cc ng dng v version ca n Nmap SR /I RPC s dng scan RPC b. Cc option cao cp kt hp vi cc dng Scan trong Nmap. - O: s dng bit h iu hnh chy trn my ch v nh ta dng Nmap s dng phng thc scan l XMAS Scan v on bit h iu hnh ca: www.gocthuthuat.net ta dng cu lnh: nmap sX o www.gocthuthuat.net. - P: gii port s dng scan - F: Ch nhng port trong danh sch scan ca Nmap - V: S dng Scan hai ln nhm tng tin cy v hiu qu ca phng thc scan no ta s dng. - P0: khng s dng ping Scan nhm mc ch gim thiu cc qu trnh qut ngn chn scan trn cc trang web hay my ch. V nh ti mun Scan trang web www.gocthuthuat.net bng phng thc UDP Scan s port ti s dng l t 1 ti 1024 v s dng hai ln nng cao hiu qu, khi scan s khng ping ti trang ny: Nmap sU P 1-1024 V P0 www.gocthuthuat.net Ngoi ra nmap cn h tr tnh nng scan n nhm trnh nhng qu trnh qut trn server nh s dng: -Ddecoy_host1, decoy2 s n qu trnh Scan. -6: Scan IPv6 Ngoi ra nmap cn cho chng ta nhng options output kt qu ra nhiu nh dng file khc nhau.

IV. Kt lun. Scan port l mt trong nhng bc u tin tn cng vo mt h thng, hiu c cc phng thc scan chng ta c th dng nmap thc hin. Sau cch chng ta cm Scan l s dng cc thit b chuyn dng nh IPS, IDS detect v ngn chn tn cng

Hng dn s dng Nmap

Nmap = Network exploration tool and s ecurity scanner (cng c thm d mng v qut an ninh mng) N Scan tt c nhng g th Scan c trn Network. Mt Scanner a chc nng v cung cp lun c OS

giao din ca Nmap sau khi ci t

Cu trc lnh ca Nmap Nmap [Scan Type(s)] [Options] 1 s Scan Type c bn *-sT TCP connect Scan :y l ki u qut n gin nht ca qu trnh qut giao thc TCP. Kt ni gi h thng ,h iu hnh ca bn cung cp c s dng open mt kt ni ti mt s port trn h thng.nu port ang trng thi lng nghe,th kt ni s thnh cng,v ngc li kt ni s tht bi.

* -sS TCP SYN Scan : y l k thut qut c gii thiu ti nh l k thut qut half open.c dng trong trng hp bn khng th m kt ni TCP y .Bn gi 1 SYN packet ,trong khi nu bn mun m 1 kt ni thc t v bn ang i 1 s p li.mt SYH|ACK ch bo port ang lng nghe.mt RST biu th trng thi khng lng nghe.mt RST biu th trng thi khng lng nghe.nu SYN|ACK nhn c,1 RST c gi xung kt ni.bt li trong k thut qut ny l bn cn phi c nhiu c quyn xy dng nhng SYN packet *-sF -sX sN Stealth FIN,Xmas Tree, Null scan modes: c dng khi khng cc c quyn s dng k thut SYN scan.Mt vi firewall v b lc packet gim st cc SYN hn ch cc port, v nhng chng tr nh nh SYNlogger v Countey sn sang pht hin ra cc hnh ng Scan ca bn.Li th ca kiu Scan ny l c th Scan xuyn qua cc Fire v b lc Packet m t b tr nga,ngn cn. tng ng cc port v yu c u tr li ti packet thm d ca bn vi 1 RST *-sP ping scanning :k thut ny c dng trong trng hp bn ch mun bit c bao nhiu host hin ang online trn 1 network no .Nmap c th thc hin iu ny bng cch send nhng fois ICMP yu c u i li n cc a ch IP trn mng. Tuy nhin cng c 1 s host c th chn li cc ICMP packet phn hi.nh vy Nmap c th send packet TCP n port 80(mc nh,c th i port) *-sU UDP Scan:k thut ny c s dng xc nh xem port UDP no ang open trn host.Nmao s send UDP pcket c dung lng 0 byte n mi port trn mc tiu. Nu chng ta nhn c thng bo khng th kt ni n Port ICMP,sau port s b ng.trng hp khc,gi thit n m port ,mt vi ngi thng ngh rng k thut UDP Scan khng hiu qu *-sA ACK Scan:k thut ny c s dng thu thp cc thng tin v h thng t bn ngoi Firewall.c bit n c th xc nh xem cc firewall c ph i l 1 Firewall theo ng ngha hay ch l mt b lc packet SYN t bn ngoi.k thut ny c th send nhng ACK packet n nhng port c ch r.nu mt RST tr li th iu c ngha l cc port khng c ch c nng lc SYN packet v ngc li. *sW windown Scan:k thut tng t nh ACK Scan.ch c iu bn pht hin c nhng port open vi b lc,cng nh khng vi b lc c ch nh dng nh cc OS nh:AIX,Amiga,BeOS,Cray,Tru64,UNIX,DG.UX,OpenVMS,Digtal UNIX,FreeBSD,HP-UX,OS/2,IRX,MacOs,NETBSD,OpenBSDmOpenStep

*-sRRPC Scan :k thut ny s lm ly tt c cc Port UDP/TCP ang Open sau lm ngp chng vi chng trnh SunPRC,v hiu ha nhng lnh xc nh n c phi l Port PRC hay khng.

1 S options: *-O : S dng du vn tay TCP / IP on h iu hnh t xa. *-p: cng qut. V d khong: '1 -1024,1080,6666,31337 ' *-F: Ch qut cc cng c lit k trong nmap *-v Verbose s dng ca n c khuyn khch. S dng hai ln cho hiu qu ln hn. *-P0 Khng ping host (cn thit qut www.microsoft.com v nhng ngi khc). *Ddecoy_host1,decoy2[,...] Hide qut bng cch s dng cc vt nghi nhiu. *-T Tng thi gian chnh sch. *-n/-R Khng bao gi lm DNS phn gii / Lun lun gii quyt [default: i khigii quyt] * -oN/-oM Kt qu bnh thng / qut my parsable ng nhp. *-Il mc tiu t tp tin, s dng '-' cho thit b nhp chun. *-S / e Ch nh a ch ngun hoc giao din mng.

sau y l 1 vi v d c th: 1. Qut Port (Scan Port) Mc ch l xem port no ang open,t chng ta c th bit c target ang Run nhng Sever g.Bn c cu hnh,them bt nh ngha cc Port file Namp-services. thc hin cng vic trn bn g: #nmap -sT 192.168.1.1 Nu bn thch kn o bn c th dng ty chn Scan SYN #nmap -sT 192.168.1.1 o info.text

Ty chn o file name lu kt qu ra 1 file cho php ta c li sau

Hnh nh thc hin v kt qu:

2.qut ping: Mc ch tng t nh qut ICMP,mc ch ca qut l s ht phn lp D ca 1 h thng mng no t cho ta bit hin trong phn lp hin ang c bao nhiu host ang online cng nh ang open 1 port no do ta t.lnh sau s ping cc host ang open port 80 #nmap -sP -PT80 192.168.1.0/24

Hnh nh hin th v kt qu

3.Scan Indent Mc ch:tng t nh quet port ,nhng quet Indent s cho bn bit c cc service ny thuc qun s hu ,quyn hn ca ai,.. thng c dng trn cc OS Unix/BSD/Solaris/Linux/AIX/HP -UX,... Lnh #nmap -sS -I 192.168.1.1

Hnh nh v kt qu :

4.Scan OS and Banner Mc ch :cho php ta xc nh xem 192.168.1.1 hin ang dng h OS g,hoc xc nh thng tin v software or hardware ca cc thit mng.v d scan OS ta dng lnh: #nmap -sS -O 192.168.1.1

Hnh nh v kt qu hin th

Documents

Tìm Hiểu Và Sử Dụng NMap