Differences

This shows you the differences between two versions of the page.

--- method_3_scanning [2022/11/25 01:16] – [OpenVAS] gman
+++ method_3_scanning [2022/12/28 00:21] (current) – [Ports] gman
@@ Line 84: / Line 84: @@
 ===== Bash: Ping Sweep =====
+**One-liner:** All failures go to /dev/null and all successful pings are registered on stdout.
+<code>
+for ip in 192.168.56.{101..110}; do ping -c 1 $ip > /dev/null && echo "${ip} is up"; done
+</code>
 Simple sweep of a network for a quick look at what machines are out there (and respond):
@@ Line 96: / Line 102: @@
 </code>
-Note the "&" at the end. This will speed things up a lot.
+Note the **"&"** at the end. This will speed things up a lot.
 ----
 ====== Port Scan Target IPs ======
+===== Ports =====
+Network ports are numbers assigned to specific services running on a computer.
+  * IP address are assigned to devices and they allow messages on the network to go to and from that specific device.
+  * Each device (with its unique IP address) will have several will have multiple port numbers assigned to specific services (small programs) running on that device (usually in the background).
+  * So IP addresses enable messages to go to and from specific devices. Port numbers allow targeting of specific services or applications within those devices.
+  * Port numbers are broken down into three main sections.
+^  Ports           ^  Quantity ^ Description               ^
+|  0 - 65,535      |  65,536   | Total ports               |
+|  0 - 1023        |  1,024    | Well-Known (System) Ports |
+|  1024 - 49,151   |  48,127   | Registered Ports          |
+|  49,152 - 65,535 |  16,384   | Dynamic Ports             |
+^  Port         ^  Protocol  ^ Service ^
+|  20           |  TCP & UDP  | FTP Data  |
+|  21           |  TCP & UDP  | FTP Control  |
+|  22           |  TCP & UDP  | SSH  |
+|  23           |  TCP & UDP  | Telnet  |
+|  25           |  TCP & UDP  | SMTP  |
+|  53           |  UPD        | DNS  |
+|  67           |  TCP & UDP  | DHCP Server  |
+|  68           |  TCP & UDP  | DHCP Client  |
+|  69           |  TCP & UDP  | TFTP  |
+|  80           |  TCP & UDP  | HTTP  |
+|  88           |  TCP & UDP  | Kerberos  |
+|  110          |  TCP & UDP  | POP3  |
+|  111          |  TCP & UDP  | NFS (possibly)  |
+|  123          |  TCP & UDP  | NTP  |
+|  135          |  TCP & UDP  | MS-RPC EPMAP ((**Microsofts's Remote Procedure Call (RPC) Endpoint Mapper (EPMAP):** An RPC is a communication process that allows for executing a subroutine or procedure in another address space.)) |
+|  136-139      |  TCP & UDP  | Net Bios  |
+|  137          |  UDP        | NetBios Name Service  |
+|  138          |  UDP        | NetBios Datagram Service  |
+|  139          |  TCP        | NetBios Session Service, **SMB** ((SMB orignally ran on top of NetBios using port 139. NetBios is an older Transport Layer that allows Windows computers to talk to each other on the same network. SMB currently runs (mostly) on port 445 (TCP, over the Internet).)) |
+|  143          |  TCP        | IMAP  |
+|  161          |  UDP        | SNMP  |
+|  162          |  TCP & UDP  | SNMP Traps  |
+|  389          |  TCP & UDP  | LDAP ((**Lightweight Directory Access Protocol:** Open, vendor-neutral standard application protocol for accessing and maintaining distributed directory information services over an IP network.)) |
+|  443          |  TCP & UDP  | HTTPS  |
+|  445          |  TCP        | Microsoft AD & **SMB** ((SMB used to run on port 139 (NetBios). Later versions of SMB (after Win2K) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the Internet.)) |
+|  500          |  TCP & UDP  | ISAKMP & IKE  |
+|  515          |  TCP        | LDP  |
+|  1433         |  TCP        | Microsoft SQL Server  |
+|  1434         |  TCP & UDP  | Microsoft SQL Monitor  |
+|  1521         |  TCP        | Oracle Database Listener  |
+|  1812 & 1813  |  TCP & UDP  | RADIUS  |
+|  2049         |  TCP & UDP  | NFS (possibly) |
+|  3389         |  TCP        | RDP (Windows)  |
+|  5355         |  TCP & UDP  | LLMNR ((**Link-Local Multicast Name Resolution:** Protocol based on the DNS packet format. Allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link (LAN). Multicast IPv4 address: 224.0.0.252)) |
+----
 ===== Nmap =====
@@ Line 213: / Line 271: @@
 ===== OpenVAS =====
+Once installed, run with: ''gvm-start''
+**Note:** gvm stands for [[https://www.openvas.org/ | Greenbone Vulnerability Management]]. It's just another name for OpenVAS.
 To install OpenVAS on a Kali box:
@@ Line 220: / Line 282: @@
 apt install openvas openvas-scanner gvm gvmd -y
 </code>
-**Note:** gvm stands for Greenbone Vulnerability Management. It's just another name for OpenVAS.
 Once you get the above installed, run this and fix what it tells you to fix how it tells you to fix it:
@@ Line 231: / Line 291: @@
 If you fix something, run the ''gvm-check-setup'' again. Lather. Rinse. Repeat... until everything is shiny and clean.
+**Pay Attention to the Admin Password:**
+  * When you finish fixing all the crap in the ''gvm-check-setup'', the last couple lines will give you the password for the admin account.
+  * Use this password to login as admin or else GVM will not work.
+  * It should look something like this:
+<code>
+[*] Please note the password for the admin user
+[*] User created with password '1e709873-edbb-4b4a-87d3-a038d09e7160'.
+</code>
 **PostgreSQL Error:** If you get the following error (and the actual version numbers don't matter; you just have two and the script wants the latter but your system is configured to use the former):
@@ Line 268: / Line 338: @@
 chmod 666 /var/log/gvm/openvas.log
-# The run your check again:
+# Then run your check again:
 gvm-check-setup
 # If that goes well, you may need to stop gvm:
 gvm-stop
-# And then start gvm, and everything should be fine:
-gvm-start
 </code>
-Once it's finished and happy and error free, you run OpenVAS with:
+Once it's all finished and happy and error free, you run OpenVAS with:
 <code>gvm-start</code>