Differences

This shows you the differences between two versions of the page.

--- method_3_scanning [2022/11/25 16:41] – [OpenVAS] gman
+++ method_3_scanning [2022/12/28 00:21] (current) – [Ports] gman
@@ Line 84: / Line 84: @@
 ===== Bash: Ping Sweep =====
+**One-liner:** All failures go to /dev/null and all successful pings are registered on stdout.
+<code>
+for ip in 192.168.56.{101..110}; do ping -c 1 $ip > /dev/null && echo "${ip} is up"; done
+</code>
 Simple sweep of a network for a quick look at what machines are out there (and respond):
@@ Line 96: / Line 102: @@
 </code>
-Note the "&" at the end. This will speed things up a lot.
+Note the **"&"** at the end. This will speed things up a lot.
 ----
 ====== Port Scan Target IPs ======
+===== Ports =====
+Network ports are numbers assigned to specific services running on a computer.
+  * IP address are assigned to devices and they allow messages on the network to go to and from that specific device.
+  * Each device (with its unique IP address) will have several will have multiple port numbers assigned to specific services (small programs) running on that device (usually in the background).
+  * So IP addresses enable messages to go to and from specific devices. Port numbers allow targeting of specific services or applications within those devices.
+  * Port numbers are broken down into three main sections.
+^  Ports           ^  Quantity ^ Description               ^
+|  0 - 65,535      |  65,536   | Total ports               |
+|  0 - 1023        |  1,024    | Well-Known (System) Ports |
+|  1024 - 49,151   |  48,127   | Registered Ports          |
+|  49,152 - 65,535 |  16,384   | Dynamic Ports             |
+^  Port         ^  Protocol  ^ Service ^
+|  20           |  TCP & UDP  | FTP Data  |
+|  21           |  TCP & UDP  | FTP Control  |
+|  22           |  TCP & UDP  | SSH  |
+|  23           |  TCP & UDP  | Telnet  |
+|  25           |  TCP & UDP  | SMTP  |
+|  53           |  UPD        | DNS  |
+|  67           |  TCP & UDP  | DHCP Server  |
+|  68           |  TCP & UDP  | DHCP Client  |
+|  69           |  TCP & UDP  | TFTP  |
+|  80           |  TCP & UDP  | HTTP  |
+|  88           |  TCP & UDP  | Kerberos  |
+|  110          |  TCP & UDP  | POP3  |
+|  111          |  TCP & UDP  | NFS (possibly)  |
+|  123          |  TCP & UDP  | NTP  |
+|  135          |  TCP & UDP  | MS-RPC EPMAP ((**Microsofts's Remote Procedure Call (RPC) Endpoint Mapper (EPMAP):** An RPC is a communication process that allows for executing a subroutine or procedure in another address space.)) |
+|  136-139      |  TCP & UDP  | Net Bios  |
+|  137          |  UDP        | NetBios Name Service  |
+|  138          |  UDP        | NetBios Datagram Service  |
+|  139          |  TCP        | NetBios Session Service, **SMB** ((SMB orignally ran on top of NetBios using port 139. NetBios is an older Transport Layer that allows Windows computers to talk to each other on the same network. SMB currently runs (mostly) on port 445 (TCP, over the Internet).)) |
+|  143          |  TCP        | IMAP  |
+|  161          |  UDP        | SNMP  |
+|  162          |  TCP & UDP  | SNMP Traps  |
+|  389          |  TCP & UDP  | LDAP ((**Lightweight Directory Access Protocol:** Open, vendor-neutral standard application protocol for accessing and maintaining distributed directory information services over an IP network.)) |
+|  443          |  TCP & UDP  | HTTPS  |
+|  445          |  TCP        | Microsoft AD & **SMB** ((SMB used to run on port 139 (NetBios). Later versions of SMB (after Win2K) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the Internet.)) |
+|  500          |  TCP & UDP  | ISAKMP & IKE  |
+|  515          |  TCP        | LDP  |
+|  1433         |  TCP        | Microsoft SQL Server  |
+|  1434         |  TCP & UDP  | Microsoft SQL Monitor  |
+|  1521         |  TCP        | Oracle Database Listener  |
+|  1812 & 1813  |  TCP & UDP  | RADIUS  |
+|  2049         |  TCP & UDP  | NFS (possibly) |
+|  3389         |  TCP        | RDP (Windows)  |
+|  5355         |  TCP & UDP  | LLMNR ((**Link-Local Multicast Name Resolution:** Protocol based on the DNS packet format. Allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link (LAN). Multicast IPv4 address: 224.0.0.252)) |
+----
 ===== Nmap =====
@@ Line 216: / Line 274: @@
 Once installed, run with: ''gvm-start''
-**Note:** gvm stands for Greenbone Vulnerability Management. It's just another name for OpenVAS.
+**Note:** gvm stands for [[https://www.openvas.org/ | Greenbone Vulnerability Management]]. It's just another name for OpenVAS.
 To install OpenVAS on a Kali box:
@@ Line 233: / Line 291: @@
 If you fix something, run the ''gvm-check-setup'' again. Lather. Rinse. Repeat... until everything is shiny and clean.
+**Pay Attention to the Admin Password:**
+  * When you finish fixing all the crap in the ''gvm-check-setup'', the last couple lines will give you the password for the admin account.
+  * Use this password to login as admin or else GVM will not work.
+  * It should look something like this:
+<code>
+[*] Please note the password for the admin user
+[*] User created with password '1e709873-edbb-4b4a-87d3-a038d09e7160'.
+</code>
 **PostgreSQL Error:** If you get the following error (and the actual version numbers don't matter; you just have two and the script wants the latter but your system is configured to use the former):