Академический Документы
Профессиональный Документы
Культура Документы
com :
www.parstech.org :PDF
()
!
"# Hacker
)
( ) ... (
:
( ! )
) (
) bug
. (
. patch ( )
( ) (Wbemasters)
. download
...
:$%&'
() *+,-.
: = Hacker
...
:() Wacker
( )
:() Cracker
( ) .
( ) : Preaker
. ...
;-)
2+,3. 01
:
:( )-
! , Sub 7 :
:( )-
! ... Bomb Mail Box :
:( ) -
.
: -
. ...
5 ( 4"
: 89: 5
,. "6 # 7 1
: Server
.
: Client
.
: Server
: .
( FreeBSD, Linux, Sun Solaris ) Unix
OsMac
: .
... , AIX, IRIS, DEC10, DEC20
:
RedHat Linux Win2000 . Win2000, Unix(Linux)
.
. Win2000 , Linux -
. C -
( ) . TCP/IP -
-
%;< 7 1 5 ( 4"
Sub7 )
ip (
)
.(
:5 ( 4"
.=<
t Speak
:
0
<= O
1 <= L; I
2
<= Z
<= E
<= A
<= S
6 <= G
<= T
<= B
| <= L; I
@ <= at (duh)
$
<= S
)( <= H
}{ <= H
/\/ <= N
\/\/ <= W
/\/\ <= M
|> <= P; D
|< <= K
ph <= f
z
<= s
: he Speaks
}{3 $|>34|< z
.
.
> (+ 5 , ,"
4"?,.
) -
. (
) -
. (
. ip . Footprinting (Victim)
( ) .
.
. -
password username
Shell superuser (administrator)
( ... ) Account
.
.
. -
( )
.
) -
login .(...
.
:
Selection -> FootPrinting -> Penetration -> [Changings] -> Cleaning
IP
( ) .
(Dial Up)
ISP .
.
: ) (
) xxx xxx.xxx.xxx.xxx
.(
www.yahoo.com .
. IP
... xxx IP
xxx Dial Up
( ).
.
command prompt IPCONFIG IP
( ) .
Port
.
.
.
.
Email .
. ()
. Email
:
Port Num Service
-------- -------
Why it is phun!
----------------------------------------
echo
discard
Dev/null
11
systat
13
daytime
15
netstat
19
chargen
21
ftp
23
telnet
25
smpt
Forge email
37
time
Time
39
rlp
43
whois
53
domain
Nameserver
70
gopher
79
finger
80
http
Web server
110
pop
Incoming email
119
nntp
443
shttp
512
biff
513
rlogin
Remote login
who
514
shell
syslog
Resource location
Info on hosts and networks
Mail notification
520
route
10
") RFC
.
( ) txt
) .
(.
(U
V?,U?P S
W#
RFC 5
S+ T
RFC RFC
:
http://www.ietf.org/rfc/xxxxxxx.txt
rfc791 . rfc xxxxxxx
:
http://www.ietf.org/rfc/rfc791.txt
RFC X+,.Y Z[ !
+General Information
RFC1360 IAB Official Protocol Standards
RFC1340 Assigned Numbers
RFC1208 Glossary of Networking Terms
RFC1180 TCP/IP Tutorial
RFC1178 Choosing a Name for Your Computer
RFC1175 FYI on Where to Start:
A Bibliography of Inter-networking Information
RFC1173 Responsibilities of Host and Network Managers:
A Summary of the Oral Tradition of the Internet
11
"\
12
+Lower Layers
RFC1236 IP to X.121 Address Mapping for DDN
RFC1220 Point-to-Point Protocol Extensions for Bridging
RFC1209 Transmission of IP Datagrams over the SMDS Service
RFC1201 Transmitting IP Traffic over ARCNET Networks
RFC1188 Proposed Standard for the Transmission of IP Datagrams
over FDDI Networks
RFC1172 Point-to-Point Protocol Initial Configuration Options
RFC1171 Point-to-Point Protocol for the Transmission of
Multiprotocol Datagrams over Point-to-Point Links
RFC1149 Standard for the Transmission of IP Datagrams on Avian
Carriers
RFC1055 Nonstandard for Transmission of IP Datagrams over
Serial Lines: SLIP
RFC1044 Internet Protocol on Network System"s HYPERchannel:
Protocol Specification
RFC1042 Standard for the Transmission of IP Datagrams over
IEEE 802 Networks
RFC1027 Using ARP to Implement Transparent Subnet Gateways
RFC903 Reverse Address Resolution Protocol
RFC895 Standard for the Transmission of IP Datagrams over
Experimental Ethernet Networks
RFC894 Standard for the Transmission of IP Datagrams over
Ethernet Networks
RFC893 Trailer Encapsulations
13
+Bootstrapping
RFC1084 BOOTP Vendor Information Extensions
RFC951 Bootstrap Protocol
RFC906 Bootstrap Loading Using TFTP
+Mail
RFC1341 MIME (Multipurpose Internet Mail Extensions) Mechanisms for
Specifying and Describing the Format of Internet Message
14
Bodies
RFC1143 Q Method of Implementing Telnet Option Negotiation
RFC1090 SMTP on X.25
RFC1056 PCMAIL: A Distributed Mail System for Personal Computers
RFC974 Mail Routing and the Domain System
RFC822 Standard for the Format of ARPA Internet Text Messages
RFC821 Simple Mail Transfer Protocol
+Routing Protocols
RFC1267 A Border Gateway Protocol 3 (BGP-3)
RFC1247 OSPF version 2
RFC1222 Advancing the NSFNET Routing Architecture
RFC1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
RFC1164 Application of the Border Gateway Protocol in the Internet
RFC1163 Border Gateway Protocol (BGP)
RFC1136 Administrative Domains and Routing Domains:
A Model for Routing in the Internet
RFC1074 NSFNET Backbone SPF-Based Interior Gateway Protocol
RFC1058 Routing Information Protocol
RFC911 EGP ateway under Berkeley UNIX 4.2
RFC904 Exterior Gateway Protocol Formal Specification
RFC888 STUB Exterior Gateway Protocol
RFC827 Exterior Gateway Protocol (EGP)
RFC823 DARPA Internet Gateway
15
+Terminal Access
RFC1205 Telnet 5250 Interface
RFC1198 FYI on the X Window System
RFC1184 Telnet Linemode Option
RFC1091 Telnet Terminal-Type Option
RFC1080 Telnet Remote Flow Control Option
RFC1079 Telnet Terminal Speed Option
RFC1073 Telnet Window Size Option
RFC1053 Telnet X.3 PAD Option
RFC1043 Telnet Data Entry Terminal Option: DODIIS Implementation
RFC1041 Telnet 3270 Regime Option
RFC1013 X Window System Protocol, version 11: Alpha Update
RFC946 Telnet Terminal Location Number Option
RFC933 Output Marking Telnet Option
RFC885 Telnet End of Record Option
RFC861 Telnet Extended Options: List Option
RFC860 Telnet Timing Mark Option
RFC859 Telnet Status Option
RFC858 Telnet Suppress Go Ahead Option
RFC857 Telnet Echo Option
RFC856 Telnet Binary Transmission
RFC855 Telnet Option Specifications
RFC854 Telnet Protocol Specification
RFC779 Telnet Send-Location Option
16
+Other Applications
RFC1196 Finger User Information Protocol
RFC1179 Line Printer Daemon Protocol
RFC1129 Internet Time Synchronization: The Network Time Protocol
RFC1119 Network Time Protocol (version 2) Specification
and Implementation
RFC1057 RPC: Remote Procedure Call Protocol Specification: Version 2
RFC1014 XDR: External Data Representation Standard
RFC954 NICNAME/WHOIS
RFC868 Time Protocol
RFC867 Daytime Protocol
RFC866 Active Users
RFC865 Quote of the Day Protocol,
RFC864 Character Generator Protocol
RFC863 Discard Protocol
RFC862 Echo Protocol
Network Management
RFC1271 Remote Network Monitoring Management Information Base
RFC1253 OSPE version 2: Management Information Base
RFC1243 Appletalk Management Information Base
RFC1239 Reassignment of Experimental MIBs to Standard MIBs
17
RFC1238 CLNS MIB for Use with Connectionless Network Protocol (ISO
8473) and End System to Intermediate System (ISO 9542)
RFC1233 Definitions of Managed Objects for the DS3 Interface Type
RFC1232 Definitions of Managed Objects for the DS1 Interface Type
RFC1231 IEEE 802.5 Token Ring MIB
RFC1230 IEEE 802.4 Token Bus MIB
RFC1229 Extensions to the Generic-Interface MIB
RFC1228 SNMP-DPI: Simple Network Management Protocol Distributed
Program Interface
RFC1227 SNMP MUX protocol and MIB
RFC1224 Techniques for Managing Asynchronously Generated Alerts
RFC1215 Convention for Defining Traps for Use with the SNMP
RFC1214 OSI Internet Management: Management Information Base
RFC1213 Management Information Base for Network Management of
TCP/IP-based Internets: MiB-II
RFC1212 Concise MIB Definitions
RFC1187 Bulk Table Retrieval with the SNMP
RFC1157 Simple Network Management Protocol (SNMP)
RFC1156 Management Information Base for Network Management of
TCP/IP-based Internets
RFC1155 Structure and Identification of Management Information for
TCP/IP-Based Internets
RFC1147 FYI on a Network Management Tool Catalog: Tools for
Monitoring
and Debugging TCP/IP Internets and Interconnected Devices
RFC1089 SNMP over Ethernet
+Tunneling
RFC1241 Scheme for an Internet Encapsulation Protocol: Version 1
18
+OSI
RFC1240 OSI Connectionless Transport Services on Top of UDP:
Version 1
RFC1237 Guidelines for OSI NSAP Allocation in the Internet
RFC1169 Explaining the Role of GOSIP
+Security
RFC1244 Site Security Handbook
RFC1115 Privacy Enhancement for Internet Electronic Mail:
Part III Algorithms, Modes, and Identifiers [Draft]
RFC1114 Privacy Enhancement for Internet Electronic Mail:
Part II Certificate-Based Key Management [Draft]
RFC1113 Privacy Enhancement for Internet Electronic Mail: Part I
Message Encipherment and Authentication Procedures [Draft]
RFC1108 Security Options for the Internet Protocol
+Miscellaneous
RFC1251 Who"s Who in the Internet: Biographies of
IAB, IESG, and IRSG Members
RFC1207 FYI on Questions and Answers: Answers to Commonly
Asked "Experienced Internet User
19
20
Y Z)
. ( ) Command Prompt
:
: -
Start > Programs > Accessories > Command Prompt
cmd command : Run -
(Y ,? ip oP,#
1P
!+ ?
+ ip oP,#
"p
:
. Enter Internet Explorer (IE) -
ip Status Bar
) .
Ctrl+V ( Print Screen
(-; ] .
: www.yahoo.com
. www.yahoo.com ip
. .
21
. whois -
: .
http://www.samspade.org/t/ipwhois?a=xxxxxx
sazin.com . xxxxxx
:
http://www.samspade.org/t/ipwhois?a=sazin.com
22
http://www.samspade.org/t/ipwhois?a=www.sazin.com
:
whois -h magic 63.148.227.65
sazin.com resolves to 63.148.227.65
: yahoo
: ping <- <==== www.yahoo.com
<==== yahoo.com
: whois <- <==== www.yahoo.com ...
<==== yahoo.com
. whois
ip 5
qYP 5 ( 4"
E A ip
: (C,B,A )
23
ip xxx.yyy.yyy.yyy ip :A -
backbone . xxx
ip . ip domain
. / .
. xxx ip :B -
. / .
. xxx ip :C -
) dial-up ISP
. ip dial-up .(.
. /
B A xxx
.
. localhost
!1,U(+
y.
- o .P z ip oPY
!?P
:
: . ipconfig -
Windows 2000 IP Configuration
24
command netstat -n -
: . prompt
Active Connections
Foreign Address
State
TCP
217.66.198.116:2469
64.58.76.177:80
ESTABLISHED
TCP
217.66.198.116:2471
66.163.175.130:80
ESTABLISHED
TCP
217.66.198.116:2473
212.73.194.143:80
ESTABLISHED
TCP
217.66.198.116:2474
212.73.194.143:80
ESTABLISHED
TCP
217.66.198.116:2476
212.73.194.136:80
SYN_SENT
ip . ip Local Address
.
yahoo messenger
chat
{(
|,} ip oP,#
"p
: U81
dial-up
. chat
. ip
pm yahoo messenger
. . ip
.
:
netstat -n
netstat
ip
.
: netstat -n
Active Connections
25
Foreign Address
State
TCP
195.219.176.126:1296 66.163.173.77:5050
TCP
195.219.176.126:1341 66.218.75.149:80
TCP
195.219.176.126:1325 212.234.112.74:5101
ESTABLISHED
LAST_ACK
SYN_SENT
Foreign Address
State
TCP
TCP
artawill...:1298 dl3.yahoo.com:http
TCP
artawill...:1325 Majid:5101
TIME_WAIT
SYN_SENT
ip
dial- ) ip
(. up
. netstat -n . pm
:
Active Connections
Foreign Address
State
TCP
195.219.176.126:1296 66.163.173.77:5050
TCP
195.219.176.126:1344 64.58.77.197:80
26
ESTABLISHED
ESTABLISHED
TCP
195.219.176.126:5101 212.234.112.74:3735
ESTABLISHED
TCP
195.219.176.126:5101 194.225.184.95:1460
ESTABLISHED
. pm
27
4W(p
") Whois
Whois whois
.( ip domain whois ) .
) domain ip
. ( irib.com
... , domain
. ( ) database .
:
-
. whois
. ( Xwhois )
.
whois ) whois -
SamSpade Netscan tools (. C
. .
-
.
PY P P
V+
!+ ? ) YP whois 5
datebase
:
whois.internic.net (The InterNIC)
whois.onlinenic.com (The OnLineNIC)
whois.arin.net (American Registry for Internet Numbers)
whois.ripe.net (European IP Address Allocations)
whois.apnic.net (European IP Address Allocations)
whois.nic.mil (US Military)
28
SazinNetWork
2nd.Floor,Bldg#116,Mollasadra Ave.
Tehran, TEH 14358
IR
Administrative Contact:
29
DNS.SAZIN.COM
80.78.134.221
S1.SAZIN.COM
63.148.227.63
S2.SAZIN.COM
63.148.227.64
.
... Admin ISP
.
30
whois
:internic.net -
museum , int , info , coop , biz , arpa, aero . edu , org , net , com
.
http://www.internic.net/whois.html
:
whois_nic=xxxxxxxx&http://www.internic.net/cgi/whois?type=domain
far30.com : xxxxxxxx
: nic.ir -
. ir
http://whois.nic.ir/
31
: www.tv -
. cc , info , biz , tv
: http://www.tv/
tld=zzzz&http://www.tv/en-def-8e33e8cf5e3c/cgi-bin/whois.cgi?domain=yyyyyy
zzzz hack yyyyy whois hack.tv
tv
: domainpeople.com -
. info , org , net , com , name , biz
http://whois.domainpeople.com/
nslookup
32
C:\>nslookup
:
*** Can"t find server name for address 192.168.20.3: Non-exi...
*** Can"t find server name for address 192.168.20.1: Non-exi...
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.20.3
>
. <
: > -
> server dns_server
. DNS Server dns_server
: far30.com
> server s1.sazin.com
:
Default Server: s1.sazin.com
Address: 63.148.227.63
DNS
. far30.com whois Server
: -
> set type=any
: -
> ls -d site_name .
: far30.com
>ls -d far30.com.
33
(dot)
: .
[s1.sazin.com]
far30.com.
SOA
s1.sazin.com admin.sazin.com.
far30.com.
NS
s1.sazin.com
far30.com.
NS
s2.sazin.com
far30.com.
MX
10 mail.far30.com
far30.com.
MX
15 far30.com
CNAME far30.com
mail
www
far30.com.
63.148.227.65
ftp
A
63.148.227.65
CNAME far30.com
SOA
s1.sazin.com admin.sazin.com.
34
4[:
") UDP
TCP
TCP/IP
host2host
: UDP TCP
: TCP (Transmission Control Protocol) -
UDP
. .
: User Datagram Protocol) UDP) -
. TCP overflow
. UDP TCP
.
Z1 >Y ;: 5 Y
Y p 5 ( 4"
: . 5
Y p -
.
.
: . 5
Y p -
( Netscape Navigator Internet Explore )
Cute-FTP WS-FTP ) FTP ( Edura Outlook ) E-mail
) random (
(
.
. register .
35
: . 5
Y p -
.
. ( Hack ) trojan
trojan
.
Y p!
"\ S";8.
.
. .
.
Ports TCP/UDP
------ -------
Service or Application
----------------------------------------
tcp
echo
11
tcp
systat
19
tcp
chargen
21
tcp
ftp-data
22
tcp
ssh
23
tcp
telnet
25
tcp
smtp
42
tcp
nameserver
43
tcp
whois
49
udp
tacacs
53
udp
dns-lookup
53
tcp
dns-zone
66
tcp
oracle-sqlnet
69
udp
tftp
79
tcp
finger
36
80
tcp
http
81
tcp
88
tcp
109
tcp
pop2
110
tcp
pop3
111
tcp
sunrpc
118
tcp
sqlserv
119
tcp
nntp
135
tcp
ntrpc-or-dec
139
tcp
netbios
143
tcp
imap
161
udp
snmp
162
udp
snmp-trap
179
tcp
bgp
256
tcp
snmp-checkpoint
389
tcp
ldap
396
tcp
netware-ip
407
tcp
timbuktu
443
tcp
https/ssl
445
tcp
ms-smb-alternate
445
udp
ms-smb-alternate
500
udp
ipsec-internet-key-exchange (ike)
513
tcp
rlogin
513
udp
rwho
514
tcp
rshell
514
udp
syslog
515
tcp
printer
515
udp
printer
520
udp
router
37
524
tcp
netware-ncp
799
tcp
remotely possible
1080
tcp
socks
1313
tcp
bmc-patrol-db
1352
tcp
notes
1433
tcp
ms-sql
1494
tcp
citrix
1498
tcp
sybase-sql-anywhere
1524
tcp
ingres-lock
1525
tcp
oracle-srv
1527
tcp
oracle-tli
1723
tcp
pptp
1745
tcp
winsock-proxy
2000
tcp
remotely-anywhere
2001
tcp
cisco-mgmt
2049
tcp
nfs
2301
tcp
compaq-web
2447
tcp
openview
2998
tcp
realsecure
3268
tcp
ms-active-dir-global-catalog
3268
udp
3300
tcp
bmc-patrol-agent
3306
tcp
mysql
3351
tcp
ssql
3389
tcp
ms-termserv
4001
tcp
cisco-mgmt
4045
tcp
nfs-lockd
5631
tcp
pcanywhere
5800
tcp
vnc
ms-active-dir-global-catalog
38
6000
tcp
xwindows
6001
tcp
cisco-mgmt
6549
tcp
apc
6667
tcp
irc
8000
tcp
web
8001
tcp
web
8002
tcp
web
8080
tcp
web
9001
tcp
cisco-xremote
12345
tcp
netbus
26000
tcp
quake
31337
udp
32771
tcp
32780
udp
43188
tcp
reachout
65301
tcp
pcanywhere-def
backorifice
rpc-solaris
snmp-solaris
4"(# Telnet
Y p
1 {)
) . Telnet
prompt command telnet (.
:
telnet hostname portnum
portnum ip hostname
.
: www.iums.ac.ir
telnet iums.ac.ir 13
telnet iums.ac.ir daytime
.
39
.
.
40
4U3
Scanning 7 1
: Scanning
: Port Scanning -
IP IP
.
: IP Scanning -
down up ip
) ip .
ISP IP ( !
) . (up)
(
1 + !?
Y p o%T 4"+ {
# P :V Y , , TCP 9.Y
+ 1 {)
TCP connect
TCP Port Scanning . scan
TCPs 3-way
. connect
:handshake
SYN packet -
.
SYN/ACK packet -
.
. ACK packet -
. TCP SYN scan
(TCP connect scan)
. TCP SYN scan
41
SYN/ACK !
. RST/ACK
UDP scan, TCP Window scan, TCP ACK
Scan scan, TCP Null, TCP Xmas Tree, TCP FIN
PP
W1 Y Port scanning S; o .V
1 {)
) .
(
Scanning Port
:
: NMapWin v1.3.0 Y T ,1 -
.( nmap) nmap
nmap
. ...
(-;
: NetScanTools Pro 2000 -
CD
.
: WinScan -
. . (UDP ) TCP
: ipEye v1.2 -
. http://www.ntsecurity.nu
TCP . ip xp
.
42
Y p 5 , ipEye
1 {)
Usage:
ip .
:
43
1-20 [drop]
21 [open]
22 [closed or reject]
23-24 [drop]
25 [open]
26-52 [drop]
53 [open]
54-79 [drop]
80 [open]
81-109 [drop]
110 [open]
111-142 [drop]
143 [open]
144-200 [drop]
201-65535 [not scanned]
Reject Closed
firewall Drop firewall
. Open
. telnet
.
44
o .P z ,. "6 #
Y p X""-.
.
:
netstat -an
netstat -a
. echo .
: netstat -an
Active Connections
Foreign Address
State
TCP
0.0.0.0:7
0.0.0.0:0
LISTENING
TCP
0.0.0.0:9
0.0.0.0:0
LISTENING
TCP
0.0.0.0:13
0.0.0.0:0
LISTENING
TCP
0.0.0.0:17
0.0.0.0:0
LISTENING
TCP
0.0.0.0:19
0.0.0.0:0
LISTENING
TCP
0.0.0.0:21
0.0.0.0:0
LISTENING
TCP
0.0.0.0:25
0.0.0.0:0
LISTENING
TCP
0.0.0.0:53
0.0.0.0:0
LISTENING
TCP
0.0.0.0:80
0.0.0.0:0
LISTENING
TCP
0.0.0.0:119
0.0.0.0:0
LISTENING
TCP
0.0.0.0:135
0.0.0.0:0
LISTENING
TCP
0.0.0.0:143
0.0.0.0:0
LISTENING
TCP
0.0.0.0:443
0.0.0.0:0
LISTENING
TCP
0.0.0.0:445
0.0.0.0:0
LISTENING
TCP
0.0.0.0:515
0.0.0.0:0
LISTENING
TCP
0.0.0.0:563
0.0.0.0:0
LISTENING
45
TCP
0.0.0.0:1025
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1026
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1033
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1037
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1040
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1041
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1043
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1755
0.0.0.0:0
LISTENING
TCP
0.0.0.0:1801
0.0.0.0:0
LISTENING
TCP
0.0.0.0:3372
0.0.0.0:0
LISTENING
TCP
0.0.0.0:3389
0.0.0.0:0
LISTENING
TCP
0.0.0.0:6034
0.0.0.0:0
LISTENING
TCP
0.0.0.0:6666
0.0.0.0:0
LISTENING
TCP
0.0.0.0:7007
0.0.0.0:0
LISTENING
TCP
0.0.0.0:7778
0.0.0.0:0
LISTENING
TCP
0.0.0.0:8181
0.0.0.0:0
LISTENING
TCP
127.0.0.1:1039
0.0.0.0:0
LISTENING
TCP
127.0.0.1:1433
0.0.0.0:0
LISTENING
TCP
127.0.0.1:2103
0.0.0.0:0
LISTENING
TCP
127.0.0.1:2105
0.0.0.0:0
LISTENING
TCP
127.0.0.1:2107
0.0.0.0:0
LISTENING
UDP
0.0.0.0:7
*:*
UDP
0.0.0.0:9
*:*
UDP
0.0.0.0:13
*:*
UDP
0.0.0.0:17
*:*
UDP
0.0.0.0:19
*:*
UDP
0.0.0.0:68
*:*
UDP
0.0.0.0:135
*:*
UDP
0.0.0.0:161
*:*
46
UDP
0.0.0.0:445
*:*
UDP
0.0.0.0:1030
*:*
UDP
0.0.0.0:1036
*:*
UDP
0.0.0.0:1038
*:*
UDP
0.0.0.0:1042
*:*
UDP
0.0.0.0:1075
*:*
UDP
0.0.0.0:1434
*:*
UDP
0.0.0.0:1645
*:*
UDP
0.0.0.0:1646
*:*
UDP
0.0.0.0:1755
*:*
UDP
0.0.0.0:1812
*:*
UDP
0.0.0.0:1813
*:*
UDP
0.0.0.0:3456
*:*
UDP
0.0.0.0:3527
*:*
UDP
127.0.0.1:53
*:*
UDP
127.0.0.1:1028
*:*
UDP
127.0.0.1:1029
*:*
UDP
127.0.0.1:1035
*:*
UDP
127.0.0.1:1044
*:*
UDP
127.0.0.1:1045
*:*
UDP
127.0.0.1:1100
*:*
.
-an .
: - -
:
Proto
Local Address
Foreign Address
47
State
48
4U[
NMapWin
nmap VT,-
footprinting
. nmap
. NMapWin
! .
. dial-up
. xp
footprinting
. (OS detection)
:
1, ,
49
V?Y,
:
: Network Section -
.Host ip ip
. Scan ip
: . ip
ip .*.*
- .
.
: Option Folder -
.
. ... , Option , Discover , Scan
: Log Output -
. .
: bar Status -
:
nmap
.( NMapWin nmap )
Option Folder
.
.
.
NMapWin
Y # 7 ,:
. far30.com
. Host () ip
. Scan Option Folder
: Log Output
50
State
Service
21/tcp
open
ftp
25/tcp
open
smtp
31/tcp
open
msg-auth
53/tcp
open
domain
80/tcp
open
http
110/tcp
open
pop-3
135/tcp
open
loc-srv
143/tcp
open
imap2
443/tcp
open
https
445/tcp
open
microsoft-ds
1025/tcp open
NFS-or-IIS
1026/tcp open
LSA-or-nterm
1050/tcp open
java-or-OTGfileshare
1433/tcp open
ms-sql-s
3372/tcp open
msdtc
3389/tcp open
ms-term-serv
6666/tcp open
irc-serv
7007/tcp open
afs3-bos
51
Folder Option !;
Scan , V?Y,
:
: Mode
:
TCP connect scan : Connect .
- . : SYN Stealth . : Null Scan , Xmas tree , FIN Stealth . udp : UDP Scan ip ip scanning : Ping Sweep .
. ip Ping Sweep : List Scan . : ACK Scan ACK Scan : Window Scan . : RCP Scan : Scan Options
:
: : Port Range m n ) n-m
. m n (
Option Folder !;
Discover , V?Y,
:
. : TCP Ping
() : TCP+ICMP
. : Don"t Ping
52
Option Folder !;
Options , V?Y,
:
: Options
. : Debug
. : Verbose
. : Very Verbose
Folder Option !;
Timing , V?Y,
:
: Throttle
detection
Normal . ( )
.
: Timeouts
53
. ip : Host Timeout
. probe : Max RTT
( )
. probe : Min RTT
. ip : Initial RTT
acw_spscan : Parallelism
.( simple )
.
.
. : Scan Delay
Folder Option !;
Files , V?Y,
:
: Input
.
.
: Output
Normal .
. ( ) All XML ( ) Grep ( )
Option Folder !;
Service , V?Y,
... ip
( )
Folder Option !;
Win32 , V?Y,
54
. : No IP HLP Api
. Raw Socket : No Raw Sockets
. Socket Raw : Force Raw Socket
. Win32 : Win Trace
S 4U
>P 3U?
If you know what OS is running on it, see) for host No exact OS matches
.(http://www.insecure.org/cgi-bin/nmap-submit.cgi
. nmap
. up ip
:
55
1 {)
Options
ip . detection
nmap .
: CMD
56
57
4Z1
IP Scanning
: IP Scanning
ICMP ip ICMP ECHO -
. up ip ECHO REPLAY
:
: .() ping (
ping xxx.xxx.xxx.xxx
:
ping 63.148.227.65
: ip
Reply from 63.148.227.65: bytes=32 time=1402ms TTL=105
Reply from 63.148.227.65: bytes=32 time=941ms TTL=105
Reply from 63.148.227.65: bytes=32 time=1402ms TTL=105
Reply from 63.148.227.65: bytes=32 time=941ms TTL=105
:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
ip
.
58
ip gping (
.
. Pinger (
ip ping Pinger .
.
. ping ip ip To From
ip . up ip Ping
up ip C
. ping .
Scan . NMapWin (
ICMP Ping Discover . Ping Sweep Mode
ip . Detection OS Options
59
. ip Host
:
Scan . C / /
.
Host (195.219.176.0) seems to be a subnet broadcast address ...
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Host (195.219.176.1) appears to be up.
Host (195.219.176.3) appears to be up.
Host (195.219.176.5) appears to be up.
Host (195.219.176.7) appears to be up.
Host (195.219.176.9) appears to be up.
Host (195.219.176.11) appears to be up.
Host (195.219.176.12) appears to be up.
Host (195.219.176.13) appears to be up.
Host (195.219.176.14) appears to be up.
Host H-GVSVY95KXINRJ (195.219.176.15) appears to be up.
Host (195.219.176.16) appears to be up.
Host (195.219.176.17) appears to be up.
Host (195.219.176.18) appears to be up.
Host (195.219.176.19) appears to be up.
Host KERYASBA (195.219.176.20) appears to be up.
Host MARYAM (195.219.176.22) appears to be up.
Host (195.219.176.23) appears to be up.
Host (195.219.176.24) appears to be up.
Host FFX-L2XA0ZM87Q3 (195.219.176.25) appears to be up.
Host (195.219.176.26) appears to be up.
Host (195.219.176.27) appears to be up.
Host (195.219.176.28) appears to be up.
,...
60
. ip
. ICMP -
. ICMP
: ! IP
61
4 P
") ping
domain ip ping
. (Active)
. tcp/ip
:
ping ip-or-domain
. ( ) domain ip ip-or-domain
. ping ( sazin.com ) ip
time ) .
ip ping .(
: ping
Pinging 63.148.227.65 with 32 bytes of data:
62
") tracert
63
.
. footprinting
:
tracert ip-or-domain
. sazin.com
:
tracert sazin.com
tracert 63.148.227.65
:
Tracing route to sazin.com [63.148.227.65]
over a maximum of 30 hops:
2324 ms 217.218.77.1
195.146.32.134
64
882 ms 64.156.25.74
Trace complete.
. sazin.com
) . ...
( ....
: switch tracert
<== -d
. ip
tracert sazin.com -d :
<== -max-hops h
. .
tracert sazin.com -h :
.
telnet
. footprinting telnet
. version
( )
.
,
65
!+ ?
+ V?Y,
> : U3 \ & 5 ( ;
: www.iums.ac.ir
: ip
ip
. ...
Name whois.nic.ir whois ir domain
. Server
: nslookup Name Server
iums.ac.ir.
SOA
iums.ac.ir.
NS
sina.iums.ac.ir
iums.ac.ir.
NS
ns1.nic.ir
iums.ac.ir.
MX
10 sina.iums.ac.ir
smtp.iums.ac.ir.
sina.iums.ac.ir.
sina.i........0 345600)
195.146.34.181
sina.iums.ac.ir.
MX
sina.iums.ac.ir.
194.225.184.20
sina.iums.ac.ir.
195.146.34.181
sun.iums.ac.ir.
CNAME sina.iums.ac.ir
cisco.iums.ac.ir.
CNAME router.iums.ac.ir
webmail.iums.ac.ir.
linux.iums.ac.ir.
linux.iums.ac.ir.
A
A
10 sina.iums.ac.ir
195.146.34.181
194.225.184.19
mta.iums.ac.ir.
195.146.34.181
pop3.iums.ac.ir.
CNAME sina.iums.ac.ir
localhost.iums.ac.ir.
proxy.iums.ac.ir.
CNAME arvand.iums.ac.ir
127.0.0.1
66
www.iums.ac.ir.
195.146.34.180
atrak.iums.ac.ir.
ns1.iums.ac.ir.
CNAME sina.iums.ac.ir
arvand.iums.ac.ir.
router.iums.ac.ir.
router.iums.ac.ir.
iums.ac.ir.
A
A
194.225.184.14
194.225.184.13
194.225.184.1
sina.iu.......3456000 345600)
HIFNO .
: .
sina.iums.ac.ir.
. HIFNO
. Sun-SuperSPARC5/75 UNIX-Solaris-2.6 sina.iums.ac.ir
:
:
..master.iums.ac.ir Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at
Version:
:
+OK Microsoft Exchange 2000 POP3 server version 6.0.5762.3 (master.iums.ac.ir) ready.
67
4 P
. Social Engineering
user .
Client Hacking ...
.Server Hacking Administer
.
. ( ) user
Social Engineering
.
V ;U
V? (Z
V+
. Social Endineering
.
.
;-) . user
: oP X3 . -
.
.
Mitnick Kevin ( )
.
:S+ T
?Y 5 , oP -
!
.
Social engineering ( )
.
68
:4"(#V
"p o . , Y "
zV
;: # V
# E-mail PY
"1 E-mail
5 , -
:
E-mail "
E-mail . E-mail E-mail
" .
.
E- E-mail .
. mail
: "(#
Y E-mail
(attached) ;"; S+ T -
. attach E-mail
. attach
: login !? zYP
Y Z[ 5
!+ ?
"9: 3'
+ XUz ? -
id login
. password
69
4 P
netcat Y T ,1
Y # 7 ,:
footprinting
!! . nmap
nc ) nc netcat .
nc .( DOS nc
"Knife TCP/IP Swiss Army" "Pocket Knife of network utilities" .
.( ) nc
telnet Scanning
. ( )
) NT .
. (Windows XP Windows2000
:
nc -help
:
[v1.10 NT]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound:
options:
-d
-e prog
-g gateway
-G num
-h
70
-i secs
-l
-L
-n
-o file
-p port
-r
-s addr
-t
-u
UDP mode
-v
-w secs
-z
port scanning 5 , nc
>P 3U?
nc . nmap NMapWin
port (. nmap )
: nc scanning
nc -v -z host pornum
portnum . ( ) ( ip ) ip host
-z . verbose -v . ( )
. scanning nc
ip
:
nc -v -z 217.66.195.181 1-200
:
71
72
P
Y p
73
Y#
4 P"?
Y p
Y # 7 ,:
.
)
.(
.
.( )
)
. (
.
ip
. ( )
(remote )
.
. ( )
)
(
telnet . nc telnet
. nc
: telnet
>P 3U? -
: ip
74
telnet 194.225.184.13 25
.
: nc
>P 3U? -
: netcat
nc -v 194.225.184.13 25
.
4"(# !9'
Y p
. daytime
. .
) .
.(
. ip
:
telnet 194.225.184.13 13
nc -v 194.225.184.13 13
. daytime
:
11:35:33 AM 10/5/2002
.
)
. .(
4"(# !9'
Y p
. echo
ip .
. nc
telnet 194.225.184.13 7
nc -v 194.225.184.13 7
75
Ali1000 .
. ... Ali1000 Enter
. Ctrl+C
76
4 PY Z)
")
Y p
. finger
)
.(
request
) on account
finger server .( login
. Finger Deamon
.
4"(# !9'
Y p
. nc telnet
finger
.
. router2.iums.ac.ir
:
telnet router2.iums.ac.ir 79
nc -v router2.iums.ac.ir 79
finger .@router2.iums.ac.ir
. finger
: .
Line
User
33 tty 33 whgh
Host(s)
Idle Location
Async interface
35 tty 35 sadf
Async interface
77
36 tty 36 abokho
Async interface
38 tty 38 whgh
Async interface
Async interface
0
0
44 tty 44 arbks
Async interface
48 tty 48 whgh
* 66 vty 0
Interface User
Async interface
idle
Mode
0 217.218.84.58
(username) .
... login
username .
... whghnajahan .
. login
.
.
.
PY z PYP )
%} X+
78
)
username !(
. Enumeration username
Enumeration
.( )
. finger
finger .
) login
logout finger
(!
!
.
79
4 P1 p
")
Y p
( ) .
.
)
-
.( HTML
4"(# !9'
Y p
.nc telnet
hotmail.com ) () connection
:(
telnet www.hotmail.com 80
nc -v www.hotmail.com 80
nc .
.
.
(nc ) .
.
Enter GET / HTTP/1.0 : -
. GET / .
: . header
HTTP/1.0 302 Moved Temporarily
Server: Microsoft-IIS/5.0
Date: Thu, 05 Dec 2002 12:02:51 GMT
Location: http://lc2.law5.hotmail.passport.com/cgi-bin/login
X-Cache: MISS from cache5.neda.net.ir
80