In this week, we are learning about port scanning. Firstly we learn that the port from 0-1023 is also known as a well-known port. Next, we learn that the best way to learn port scanning is to practice it. Vulnerabilities can only be found in an open port, and by using port scanning we look for open ports, closes ports, filtered ports (Ports behind a firewall) and best-guess assessment of OS.

A few port scanning tools is nmap, nessus, and zenmap. Zenmap is nmap with user interface.

Here is an example of nmap tools being used to scan a web for open ports.

Here is an example of zenmap, it is nmap tools with user interface.

Next we learn to send ICMP echo request using hping command.

“Hping 3 –p <ip> -p 8081 –a 8.8.8.8 –S” is a command to send ICMP request to a device.

There are different types of scan when doing port scanning:

• SYN Scan (Most Common)
• Connect Scan
• NULL Scan
• XMAS Scan
• ACK Scan
• FIN Scan
• UDP Scan

Above is a wireshark scan of when my computer is ping-ing a 1.1.1.1 server which is a cloudflare DNS server. We can see that the computer is sending a ICMP packets of type 8 and code 0 to the server. And we get a ping reply of type 0 and code 0.

Next we try to send a SYN scan to pentest.id by using the command below “nmap -sS pentest.id”

and we can see the result of the wireshark scan in the image below. We can see how we send a SYN packet and receive a ACK packet in return. Once it has been accepted we send a RST packet to end the process.

It is week 5 of the ethical hacking class, and this week we learn about enumeration. Enumeration is one of the process in hacking. This is the process where the attacker uses tools to find information about the victim.

This week is about BASH SCRIPTING. First, we need to create a bash code and execute them. 

Then once in the leafpad, insert the first line “#!/bin/bash“. This indicates that we want to use the bash shell interpreter. Now lets echo out a string and save it. You should now have something like this.

Now when you try to run it in the terminal you will not have the permission to execute it. what you have to do is give it permission with this command . Execute the file again. You should see what you wrote:

Now lets add “ifconfig” command to the bash_ex.sh file.

Now you can see how you can run a command by writing it in the leafpad.

Lets use this lesson to nmap a certain ip address. First create a variable that will read the the web you want to nmap and which port. Once you are done, you should add the nmap command with the variable and it should look like the image below.

What the program is going to do is ask for the input of web and port variable. Then it will use the variable to send a SYN scan to the web.

You have now done an nmap with user input!

One of the most interesting lesson that i learn today is to make an exact replica of a website to get a user information. Mr. Kalpin our teacher that day show us how to duplicate a website. He duplicate a famous banking website in Indonesia, and show us how to attain the information of the user. When opening the website, the user will insert their information to the website which will then be given to us, and the website will redirect to the original banking website. This will make the user think that he/she has entered the wrong information and will not be suspicious of what happens.

I learn that to prevent this scam, everyone should always check their link when opening a website, be it from a known person or not. Because if they are not careful, they will send their personal information to a hacker which can then be used for many purposes.

Aside from that, we also learn to find the real ip address of a website that is given a front ip by cloudflare. One way to do it is by using crimeflare. Using this tool we will be able to find the real ip of a website.

We also learn to use a tool called DNStrails which can be used to find historical data about a website, the subdomain of the website. Another website similar to this website is robtex.com, the website can also be used to do various research on a website.

Here is the front page of DNStrails.

And here is the page that will appear once we search a website.

Lastly, i learn how to track an original location of an email via the ip address (in Gmail). First after opening the email, click on the message that you have received, then dropdown to “Show original”. After it is done, use control+F to search for a keyword which is “Received: from”. Once it is done, you will be shown the private ip address and the real ip address of the sender

Dropdown and click “Show original”

After searching, you will find the ip address

Another thing we learn about is viewing old webpages of a website. One way of doing this is by using archive.org.

This is the homepage of archive.org you can search the old pages of a website here.

Once we find a web, we can search for the pages in a specific dates. In this case, i’m searching for the pages of tokopedia in 8th April 2013

References

Kishore, A. (2013, April 24). How to Track the Original Location of an Email via its IP Address. Retrieved from Online Tech Tips: https://www.online-tech-tips.com/computer-tips/how-to-track-the-original-location-of-an-email-via-its-ip-address/