SSH and Nmap

SSH and Nmap

By ghost | 8061 Reads |

0     0

• ||Basic Nmap Overview||
• ||Requirements(PuTTY.exe/OpenSSH/*nix)||

¶||Basic Nmap Overview||

Ok, well this is { darkside } and THIS is the first section on this article. An article that will be covering the usage of nmap the best port scanner on earth and using SSH.

Different types of scans. Fun shit.

Nmap is one of the best port scanners you could ever have. It literally does any job you throw at it. Besides ordering pizza and such.

It also will not hack things for you.

You are responsible for coding your own exploits.

It is just a guide. To let you know your victims vulnerabilities.

Ok, so first off lets make sure you have nmap already.

You can download Nmap from Insecure.org or get it straight from DA's "Downloads" section.

You go to the DIR where Nmap is located and click on the app. z0mg it does NOT work.

You must run it via shell/terminal/command prompt.

NOTE: The syntax of an nmap scan is

nmap [Scan Type(s)] [Options] {target specification}

So first lets find a victim.

How about SmashTheStacks > Apfel server?

ONTO REQUIREMENTS!!

¶||Requirements(PuTTY.exe/OpenSSH/*nix)||

Well, first off lets understand what the term "SSH" stands for.

SSH is located on port 22.

SSH means (S)ecure (Sh)ell.

SSH is a network protocol that allows establishing a secure channel between a local and a remote computer.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections. it can transfer files using the associated SFTP(SSH File Transfer Protocol) or SCP(Secure Copy) protocols.

To be able to connect via SSH the remote computer must have port 22 OPEN.

Let us ping a WarGame server from SmashTheStack called APFEL.

C\:> ping apfel.smashthestack.org

Pinging apfel.smashthestack.org [67.99.17.130] with 32 bytes of data:

Reply from 67.99.17.130: bytes=32 time=44ms TTL=54 Reply from 67.99.17.130: bytes=32 time=60ms TTL=54 Reply from 67.99.17.130: bytes=32 time=78ms TTL=54 Reply from 67.99.17.130: bytes=32 time=44ms TTL=54

Ping statistics for 67.99.17.130: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 44ms, Maximum = 78ms, Average = 56ms

[darkside@darkside ~]$ host apfel.smashthestack.org

apfel.smashthestack.org has address 67.99.17.130

To find this we will use this in a very useful program "nmap" found at >> http://insecure.org!

[darkside@darkside ~]$ nmap -v 67.99.17.130

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) Machine 67.99.17.130 MIGHT actually be listening on DNS resolution of 1 IPs took 0.06s. Initiating Connect() Scan against 67.99.17.130 [1680 Discovered open port 25/tcp on 67.99.17.130 Discovered open port 80/tcp on 67.99.17.130 Discovered open port 22/tcp on 67.99.17.130

Let us be more specific. -p: Port Scan Selection <–very useful -sV: Probe open ports to determine service/version info

[darkside@darkside ~]$ nmap -v -sV -p 21,22,23 67.99.17.130

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-05-21 03:11 CDT Machine 67.99.17.130 MIGHT actually be listening on probe port 80 DNS resolution of 1 IPs took 0.02s. Initiating Connect() Scan against 67.99.17.130 [3 ports] at 03:11 Discovered open port 22/tcp on 67.99.17.130 The Connect() Scan took 0.05s to scan 3 total ports. Initiating service scan against 1 service on 67.99.17.130 at 03:11 The service scan took 0.07s to scan 1 service on 1 host. Host 67.99.17.130 appears to be up … good. Interesting ports on 67.99.17.130: PORT STATE SERVICE VERSION 21/tcp closed ftp 22/tcp open ssh OpenSSH 4.2 (protocol 2.0) 23/tcp closed telnet

Nmap finished: 1 IP address (1 host up) scanned in 0.658 seconds

Look for this.

PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.2 (protocol 2.0)

SSH is open.

Let us login to apfel.smashthestack.org.

To do this you will need to open terminal and type the following.

[darkside@darkside]$ ssh -l troll apfel.smashthestack.org /*You are logging in as a user called "troll" */

It will ask for a password.

Use "troll".

It will seem like nothing is happening but it is.

Your password is hidden to ensure security.

From here you are now..

troll@apfel(~):$

In PuTTY it is a bit more simple.

First open PuTTY.exe.

Then in the "Host name" section type the host you want to connect to. In our case this will be "apfel.smashthestack.org".

Select "SSH" and port "22".

Then select "Open" to open an connection.

A black PuTTY screen should appear with the text.

Login as: troll troll@apfel.smashthestack.org's password: troll

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!Congratulations you are in.!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Once you are in apfel. Snoop around. Its a pretty cool place.

troll@apfel():$ cd public_html troll@apfel(/public_html):$ echo "TotcoS was here…" >> index.html

Well, I hope you have found this article quite helpful on learning about SSH and giving you an example.

A live example that you can learn from.

–=[ darkside totcos ]=–

PLEASE COMMENT AND RATE THIS =D