Hacking Software NMAP

Hacking as a whole always comes off as something really complicated and evil, all the tools we see are to crack open passwords, find holes in walls, and outright demolish the foundations of an entire networking infrastructure.  Well this is where tools such as NMAP exist, yes the tools involved can be used to turn you into a 1337 H4x0r (pronounced Leet Haxor, Supposedly an "elite hacker"), but their intended purpose is to be a free security auditing software.  As it can be used as both, we'll dig into a little bit of both here.

NMAP is designed as a network discovery and security auditing software.  What that means is it will scan a network range given, as well as scan for open ports, and much much more.  The beauty and the curse of this lies in the entire purpose, network discovery and security auditing.  Anyone can use the software, its completely free, in fact here is the download page, compatible with Linux, BSD, Windows, Solaris, tons of operating systems you've probable never heard of.  But the list of rules that can be applied to this completely command line based interface are LONG and honestly quite amazing.  For reference here is a link to the ENTIRE list of rules and commands.

For The Security Administrator

When software such as NMAP are created, the intentions are to scan networks for problems, to find issues that can and will most likely be overlooked, not just that but to find new problematic issues.  Using a command like nmap -sN 192.168.1.0/24 will ping every device on the 192.168.1.0/24 range, and return very basic information in response.  Simple command that disables port scan, but it can uncover some useful information such as unauthorized wireless access points, or someone connected to a open ethernet jack that shouldn't be online.

Running this same command WITHOUT the -sN it can scans all open ports on all devices.  I suggest printing this to a text file.  NMAP 192.168.1.0/24 >> C:\users\%username%\logs\nmap.txt.  The list it develops will show computer name, IP address, open ports, and MAC address.  Giving a security admin a clear snapshot of everything going on within the network.  Uncovering that telnet access is enabled on a domain controller, which they can now react and disable, or tftp is open on an executives laptop and just knock that away.

Finding and destroying port vulnerabilities or disabling access to a rogue device like a wireless router or baddy from gaining access.

Black Hat Scenerio

Now as a security admin we have to fear the potential of a black hat, and reviewing our logs can be of utmost importance when deflecting potential threats.  But as a potential worst case scenerio we could assume that a BlackHat hacker could be WarDriving and locate the wireless access point that is unauthorized on a network, set up by an end user who doesn't know how to configure an access point properly.  This access point could be configured with WEP Encryption giving the black hat next to no trouble what so ever when attempting penetration of the network, and then they could run a quick port scan, find the TFTP port open on the executive and start gathering passwords.

The very same tool used by a security admin to close ports and shutdown rogue access points, is the same tool used to locate weakness for someone attempting to ascertain crucial details to the integrity of a network.  Copying an entire exchanges servers mail store, to deleting an entire networks file server after copying important data, all doable with a free and simple software.  Possibly even using these same tools to use a Smurf Attack and disable a server from network authentication and obtain elevated administration privileges.

There are more tools

NMAP does have an extra long list of other hacking tools and security administration defenses and testing, port scanning and network mapping are just two of the more widely used.  IP address spoofing,  Operating system version details gathering, ip protocol scan, and even Christmas tree scans if I'm not mistaken.  So what this is capable of is quite powerful, snipping out a windows xp unit in a sea of windows 7, finding that weak link to block, or to break, really depends on who the individual with the command line in front of them intends to do with their abilities.  It is for all intense and purposes a fun hacking software to play with.

Conclusion

Of the plethora of hacking softwares on the market such as metasploit and snort, NMAP stands out as a very good first tool to learn and play with.  On your home network you can find your fair share of vulnerable devices and exploitable ports.  If you're just now starting with the learning process, or if you're a seasoned veteran of the security and hacking software arena, we can all agree the power and potential this has to offer is hands down one of the best.

If you like what you've read don't forget to hit that share button, and let me know what you think in the comment section below.  And as always, be safe my goblins.

SHARE

About Unknown