Info Gathering

Post-Connection Attacks: After you connect to a newtork… the first thing you will likely want to do is know what is out there. Info gathering. Recon.

• Find out what is attached to the network: IP, MAC, OS, Ports, Services…

If you need a practice machine, download a free VM: Win10

• Make sure to create and use a snapshot of that VM so you can reset by creating a new snapshot from the original VM when the time runs out.

Tools: Tools: netdiscover (simple) and nmap (more detailed)

• After you get your feet wet with nmap, read The Book.

netdiscover: quickly discover all devices connected to our network…

netdiscover -r 192.168.0.1/24  # -r sets range, /24 gives entire subnet

Provides:

1. IP Address
2. MAC Address
3. Vendor Info

ZenMap is a GUI frontend for Nmap.

Run: ``zenmap``

• Target: 192.168.1.1/24 (to specify the entire subnet as the range)
• Command: shows you the nmap command that will be excuted when you click “Scan”
• Profile: Several differnt nmap scan set-ups to choose from…
  • Ping scan: very quick & simple (pings every possible IP in the range, similar to netdiscover but more info)
  • Quick scan: Ping + Open Ports on discovered devices
  • Quick scan plus: slower but shows more info (o/s, device type, program and program version running on discovered ports)

Installation Instructions: Zenmap is not being maintained upstream any longer therefore Kali dropped the package. Therefore, do the following…

1. Download the rpm labeled “Optional Zenmap GUI (all platforms)”

2. If you haven't already, install Alien:

apt install alien dpkg-dev debhelper build-essential<\code>

3. Convert the rpm to debian format:

<code>alien packagename.rpm

4. Use dpkg to install the shiny new .deb package:

dpkg -i packagename.deb

This is the mother of all tools… Buy and read The Book.