Nmap Hacking Theory
Following are the states that ports are available in1. Open Closed
2. Filtered Unfiltered
3 .Open / filtered Closed/unfiltered
Scanning through Nmap gives you list of ports that are opened or filtered. Most of closed ports are not disclosed as there are almost 65000 ports in a computer for communication.
(Filtered packet : It means the data packets that are sent or received are filtered by firewall to secure it.)
Ok, So ready to hack with Nmap,
There are three types of basic scans you can perform on ports which is as follows :
SYN Scan : It is the most simple & common scan that is used to scan for ports. The scan results are very faster compared to other types , but it gives generalized results.
FIN Scan : FIN scan can detect if any kind of filtered packets or weak firewalls, and warns attacker to create stealth for attacking the victim network.
ACK Scan : Filtered and unfiltered ports can be scanned with this type of port scan. It is the most advanced scanning done with nmap.
Hacking With Nmap
So let us start with commands of Nmap operation in Linux:SYN scan :
For scanning www.sampledomain.com
Type in your terminal of linux:
#nmap -sS -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
Result will be having three tables :
Port State Service
This will give you port number its state open?filtered like that & services will give you what is service running on that ports.
FIN Scan :
#nmap -sF -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
Live host & filtered ports are found out with this method
ACK Scan :
#nmap -sA -T4 www.sampledomain.com (replace domain or IP you wish to scan at sampledomain.com)
All closed ports are eliminated with this ACK scan. And you’ll only see ports that are up for attack.
So this was a basic Nmap hacking or port scanning tutorial. You can also find OS running, web server & mail server scanning & this data can be used as Passive attack gathering stage which we have discussed in pre attack stages.
