Welcome back, my novice hackers! Is one of the most important preparatory steps to hacking. As I have emphasized many times before here on Null Byte, you must know the operating system, the ports, the services, the applications, and sometimes even the language of the target to be effective. If you haven't taken the time to gather this info, then you are likely wasting your time. In an, I had shown you the most widely-used and valuable reconnaissance tool in the hacker's toolbox, nmap. There are a number of that are also helpful such as and, but nmap is the standard by which all others are judged. I STRONGLY recommend that you master nmap if you are to truly call yourself a hacker.

Oct 28, 2010 - The easy way to get software on the host is to FTP it. Where the host/target only has port 80 (or 443) open it is not such a good choice. To clarify earlier answers, the HTTP protocol is 'registered' with port 80, and HTTP over SSL (aka HTTPS) is registered with port 443. Well known port numbers are documented by IANA. If you mean 'bypass logging software' on the web server, no. It will see the traffic coming from you through the proxy system's IP address, at least.

• Don't Miss: I've already shown you some of, like performing port scans using the TCP (-sT) and SYN (-sS) scans, as well as performing OS (-O) detection. In addition, I showed you how to change the speed of the scans to evade intrusion detection systems. This post will take you through some more advanced features so that it can be an even more useful tool for you. To begin, let's fire up and open nmap. Step 1: Open Nmap in Kali Open a terminal in Kali and type nmap. Kali > nmap When you do so, nmap will display the help screen like that below. As you can see in the last line of this output from nmap, it scanned all 256 addresses in the subnet and found '2 hosts up.'

One host had port 80 open and the other did not. Step 4: Spoofing & Decoy Scan When we are scanning machines that are not ours, we often want to hide our IP (our identity). Obviously, every packet must contain our source address or else the response from the target system will not know where to return to. The same applies to spoofing our IP when using nmap.

We CAN spoof our IP address (-S) in nmap, but as a result, any response and any info we are trying to gather will return to the spoofed IP. Not very useful, if we are scanning for info gathering. A better solution is to obfuscate our IP address. In other words, bury our IP address among many IP addresses so that the network/security admin can't pinpoint the source of the scan.

Nmap allows us to use decoy IP addresses so that it looks like many IP addresses are scanning the target. We can do this by using the -D switch, such as: nmap -sS 192.168.89.191 -D 10.0.0.1,10.0.0.2,10.0.0.4.

This scan will use three decoy IP addresses, but also use our own address as well. In this way, we get responses and the info on the target AND the admin of the system sees scans coming from four systems simultaneously. In this way, he can't pinpoint the true source of the scan easily. Step 5: Evading Firewalls Many firewalls and routers block or drop the ICMP (echo request, echo reply) ping. Download free software thinkpad power management driver x61 review. This is meant to obscure the presence of the hosts behind the firewall and protect against a possible DoS using the ping packet.