150
PART 2
|
A Technical Overview of Hacking
Scanrand builds a hashed sequence number that is placed in the outgoing packet that can
be identifi ed upon return. This value contains information that identifi es source IP, source
port, destination IP, and destination port. Scanrand is useful to a security professional
when a large number of IP addresses need to be scanned quickly.
THC-Amap
THC-Amap (Another Mapper) is a scanner that offers a different
approach to scanning. When using traditional scanning programs,
problems arise when services that use encryption are scanned,
because these services might not return a
banner, due to the fact
that certain services such as the Secure Sockets Layer (SSL) expect
a handshake. Amap handles this by storing a collection of normal
responses that can be provided to ports to elicit a response. The tool
also excels at allowing the security professional to nd services
that have been redirected from standard ports.
OS Fingerprinting
Open ports that have been uncovered during the port scanning phase need to be further
investigated because the mere existence of an open port does not mean vulnerability
exists; this must still be determined. The open ports that are discovered provide clues
to what operating system is in use on the target. Determining the operating system
that is in use on a specifi c target is the purpose of what is known as OS fi ngerprinting.
Once an operating system is identifi ed, it is possible to better focus the attacks that
come later. To identify an OS, there are two different methods that can be utilized:
active fi ngerprinting or passive fi ngerprinting.
OS fi ngerprinting relies on the unique characteristics that each OS possesses to
function. Each operating system responds to communication attempts in different ways
that, once analyzed, can allow for a well-educated guess to be made about the system
in place. To seek out these unique characteristics, active and passive fi ngerprinting can
probe a system to generate a response or listen to a system’s communications for details
about the OS.
NOTE
THC-Amap is similar to Nmap
in that it can identify a service
that is listening on a given port.
Amap does not include the
extensive identifi cation abilities
possessed by Nmap, but it can
be used to confi rm results of
Nmap or to fi ll in any gaps.
There are literally untold numbers of techniques available to use in an attack. In some cases,
these techniques are specifi c to an operating system due to the vulnerability involved such as
a design fl aw in the OS or a software defect. When an attack is meant to be used against
a specifi c OS, it would be pointless to unleash it against a target that is not vulnerable, which
would both waste time and risk detection.

Get Hacker Techniques, Tools, and Incident Handling now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.