NMAP version 7 comes equipped with a ton of new scripts you can use to do everything from DoSing targets to exploiting them (with written permission, of course). The scripts cover the following categories
Auth: Use to test whether you can bypass authentication mechanism
Broadcast: Use to find other hosts on the network and automatically add them to scanning que.
Brute: Use for brute password guessing.
Dos: Use to test whether a target is vulnerable to DoS
Exploit: Use to actively exploit a vulnerability
Intrusive: Use to perform more intense scans that pose a much higher risk of being detected by admins.
Malware: Use to test target for presence of malware
Vuln: Use to find vulnerabilities on the target
For this tutorial, I will show you how to scan a target for vulnerabilities, actively try and exploit any vulnerabilities, test whether the target is vulnerable to DoS, and then finally launch a DoS attack.
Step 1Download NMAP
Download nmap from https://nmap.org/download.html and follow the installation instructions for your particular Operating System. NMAP works easily on both Windows and Linux. After installing you will have NMAP and ZENMAP on your computer.ZENMAP and NMAP are the same thing except ZENMAP provides you with a graphical user interface. For the rest of this tutorial you can chose to either run NMAP from your command line, or launch ZENMAP and enter the commands in the GUI.
Step 2Run NMAP
Now that we've got NMAP installed, it's time to scan our target for vulnerabilities. As mentioned there is an entire category of scripts dedicated to finding vulnerabilities on a target. Invoking the following command will run all of the scripts against your target.*I always throw a -Pn in there just in case the target blocks ping probes, although it's optional.
Step 3Review Results

Use NMAP to Actively Exploit Detected Vulnerabilities
As mentioned, you can also use NMAP's exploit script category to have NMAP actively exploit detected vulnerabilities by issuing the following command:nmap --script exploit -Pn <target.com or ip> <enter>
Use NMAP to Brute Force Passwords
Nmap contains scripts for brute forcing dozens of protocols, including http-brute, oracle-brute, snmp-brute, etc. Use the following command to perform brute force attacks to guess authentication credentials of a remote server.Use NMAP to Test if Target Is Vulnerable to Dos
Use the following command to check whether the target is vulnerable to DoS:nmap --script dos -Pn <target.com or ip> <enter>

Use NMAP to Perform DOS Attack
Use the following command to perform an active DoS attack against a target for an indefinite period of time:nmap --max-parallelism 750 -Pn --script http-slowloris --script-args http-slowloris.runforever=true
On a side note, this week I was tasked with identifying vulnerabilities in a company's server as apart of the interview process Thanks to NMAP, I was able to identify, and then successfully verify, their server had the POODLE issue. This was something (shockingly) the company was not aware of. Nessus, Openvas, Acunetix, and BurpSuite did not identify the vulnerability and it did prove legit.
 

No comments:
Post a Comment