CH-4 Scanning
Humne footprinting ke
vishe me jankari li hui hai ji hacker apne victim ki information use karne ke
liye footprinting ka use karta hai.par sirf footprinting hi kafi nahi
hoti.footprinting se aage ki jatil prakiya ko scanning kahte hai.Scanning me
ektra kari hui jankari footprinting me ektha ki jankari jaise target ki details
system live hai ki nahi kea age ki jankari hoti hai. Jaise ki hacker jis target
ko hack karna chahta hai usme os konsa hai. Jaise Xp hai,Windows 7 hai,windows
8 hai,linux hai ya etc. hai.Uske server me apache haiunix hai,linux hai. Target
me service konsi run ho rahi hai,jo built hoker aa rahi hai ya alag se dali
hai.open port konse haiis tarah ki information ektra karna scanning kahi jati
hai.Scanning Ki simple dafination deni ho to vo ye hai
“What is Running On The Target System?”
Ktarget system kya kya
run ho raha hai use scanning kaha jata hai.scanning ek hacker or Cyber security
expert ke liye aavysak kadam hota hai.jab koi Cyber security expert ko koi
company khud ka server hackproof karne ka kaam dete hai to vo log scanning ka
use karker vo sare port band kar dete hai jis se hacker company ke system me
enter ho sake.
Type Of Scanning
· PortScanning - Open ports and
services
· Networking Scanning – IP Address
· Vulnrabilty scanning – Presence of
known weaknesses
1. PortScanning - Open ports and
services
Port scanning me attacker
open port ke bare me pata karta hai. Jaise ki agar hum ek attacker ko chor samj
lete hai or us chor ko ghar me chori karni hai to vo ghar me ghus ne ke liye
baari ya door ka use karta hai. Ye aap ke gahar ki Vulnrabilty hai .Vaise hi ek hacker apke system me enter
hone ke liye port ka use karta hai.open port Vulnrabilty hote hai.
WHAT IS PORT
computer jab ek compuer se dusare computer se
direct connect hote hai to use hui sari sevices ki port kahte hai.abhi tak
65536 available hai un me 1024 port well known hai jaise ki mail bhejne ke liye
SMTP,website open karne ke liye http port ka use karte hai ye vahi port hai jo
open milne par hacker system me enter hoker system ko heck karane ki kosis
karte hai.
WHAT IS service
Vo service jo aapkeos me
already built hoker aati hai jaise ki ftp,telnet ye service agar open mil jaye
ko hacker aapke system ko hack kar sakta hai.
2. Networking Scanning – IP Address
Networking
Scanning me attacker pure network me ip address,live host,system artitucter me
puri jankari ektra karta hai.
3. Vulnrabilty scanning-
Vulnrabilty scanning hacker
world me bahut hi jyada mayne rakhti hai.agar attacker aap ke system me konsa
software use ho raha hai or uska version konsa hai ye jaan leta hai to vo use
software ke vaare mai puri jaankari prapt kar leta hao.or usme Vulnrabilty or
loop hall dhundhta hai.or agar attacker ko Vulnrabilty mil jati hai to uska use
vo server par pura control jamane ke liye karta hai.pure server par apne hisab
se chalane ki kosis karta hai.agar use koi Vulnrabilty nahi milti hai to vo koi
dusara open port or fir koi dusari saervise ka use karta hai fir tisrai fir
choti eaise hi vo Vulnrabilty dhundta raheta hai.par agar koi professional
hacker Vulnrabilty ko dhundneki thanl le
to vo ek hi baar me Vulnerabilties
dhundh leta hai.
What is o-day or 0-day
koi os me ya server me
dhundhi gayi 1st Vulnerabilities
ko o-day ya 0-day kahte hai. Esi Vulnerabilities
Jo pahle nahi dhonda gaya
tha use day ko o-day ya 0-day kaha jata hai. Hacking community me 0-day ya
o-day ka bahut jyada mahatav hai.yaha par teen kaaran hai is 0-day ke mahatva
ka
1st kaaran hai
ki jab koi attacker esi Vulnerabilities
Dhundh leta hai jise pahle nahi dhoudhi thi to
vo esi sekado website ko hack kar sakta hai jisese pahle vo
Vulnerabilities admin me nagar aaye or
vo use Vulnerabilities ko band kar de.
2nd kaaran ye
hai ki dhundi gayi Vulnerabilities
Haker dusre hakers ko sekado doller me bach
dete hai.jis se vo dusare website ko hack kar sakta hai.
3rd reason ye
hai ki Vulnerabilities dhundne wale hacker ko hacker community me professional
hacker mana jata hai.esi do Vulnerabilities hai Dos Or Buffer overflow ye vo
Vulnerabilities hai jo kafi popurer hai.
STEPS FOLLOW FOR SCANNING BY HACKER
· Check For System(Ping Or Ping SWEEP)
· Check For Open Port
· Banner Grabbing
· Prepare Proxy
· Scane for Vulnerability
1. Check For System(Ping Or Ping SWEEP)-:
Isme Target chalu hai ki
nahi ya system chalu hai ya nahi iski jankar prapt ki jati hai.yaha ek baat
dhyan rakhana jaruri hai ki jise hacker hack karna chahta hai vo system uske
saamne nahi hai.ho sakta hai attacker usa mai ho or target india hai to use ye
jaanana jaruri hai ki system online hai ki nahi is liye ping ka use karate hai
jisse pata chalta hai ki system live hai ki nahi.
2. Check For Open Port
Isme ek attacker target
ke open port or services ke bare me pata karta hai agar aap ke system ye port
ke bare me jaanana chahte to aap ye path follow kare
“C:\windows\system32\drivers\etc”
3. Banner Grabbing-:
Banner
Grabbing me attacker server ke bare me pata karta hai.
4. Prepare Proxy:-
Ye hum pahle hi sikh
chuke hai.
5. Scane for Vulnerability-:
Attacker open port or
services dhundta hai.
What is ping And Pingsweep
Ping ka use hum tab karte hai ki jab ek attacker hoe k hi target ho to
uska system live hai ki nahi uski jaankari ke liye hum ping ka use karte hai.
Jab bahut sare ip or target live hai ki nahi uska pata karna ho to hum
pingsweep ka use karte hai.sare target me jo live hota hai to vo hame response
deta hai.
PING & PING SWEEP TOOLS
·
Angry IP scanner
·
Zenmap
·
PING SWEEP
·
PING MONITOR
·
ULTRA PING PRO
·
VISUAL PING TESTER
·
PING SCANNER PRO
·
PING INFO VIEW
· Note-:
· PING SWEEP KARTE HUE IS IP
KO SCANE NA KARE
· Kyoki ye ip scane karte aap
apne aap ko bade mushkil naakh sakte hai.kyo ki ye ip address raw isi ya nasa
jai se security company or isme higly sensitive details hoti hai. pakad bhi aap
ko police sakti hai is liye inhe ping sweep na kare
6.*.*| 7.*.* *.*| 11*.*|21*.*|24*.*|25*.*|26*.*|29*.*|30*.*|49*.*|50*.*|55*.*|62*.*|68*.*|128*.*|129*.*|130*.*|131*.*|132*.*|134*.*|136*.*|137*.*|138*.*|139*.*|140*.*|143*.*|144*.*|146*.*|147*.*|148*.*|150*.*|152*.*|155*.*|156*.*|157*.*|158*.*|159*.*|160*.*|161*.*|162*.*|163*.*|164*.*|167*.*|168*.*|169*.*|194*.*|195*.*|199*.*|201*.*|204*.*|205*.*|207*.*|208*.*|209*.*|212*.*|213*.*|216*.*|
Scanning TOOLS
· Advanced IP Scanner
· Currports
· Net tools netscan tools pro
· Softperfect Network Scanner
· GFI LanGuard
· NEXPOSE
· ID SERVE
· LANSurveyor
· NetworkView
· ANGRY Ip scanner
· Friendly PingeR
· Nessus
ID SERVE
1. Sabse pahle id serve open kijiye
2. Ab 1st number aap url ya Ip
address insert kijiye or fir quary the server par click kijiye isse konsa
server or oprating system us kiya hua hai iski sampurn quary aap ke saamne show
kar degi.
3. Aako screenshot mai dikh hi raha hoga
ki website me apache hai or iski coding php me ki gayi hai.cantant type html
hai.
4. Next me aapko ye pata chalega ki iska
ip address kya hai konsa port open hai.
5. Is information ko banner graving
khltai hai.
Zen map
1.Sabse pahle zen map install kijiye.
2. Isme Target App ke Target ka url
likhiye Profile choose kijiye agar aap smart hacker hai to aap instant hacker ka
hi use karege sare ke sare Vulnerability aap ke saamne rakh dega.
3. Yaha aap dekh sakte hai ki konse open
port haikitne port open hai kitne close hai up time kitna hai,last boot kab hua
tha,server me konsa os hai or konsa oprating system hai.IP address kiya hai.
Angry IP Scanner
1. Sabse Angry Ip Scanner Install kar le.
Yaha first ip Range me
aap ip ki rang insert kijiye or 2nd me aap kaha tak scane karna
chhahte hai vo range insert kijiye.maine aapko jo pahle jo ip address batai thi
vo use mat ki jiye.
2. Aap dekh sakte hai ki konse ip live
hai or konse ip live nahi hai. Jo ip live hai vo blue me dikhegi or jo live
nahi hai vo red me dikhegi.
3.
NexPose
Ye appko appke target ki puri
Vulnerability show kar dega.
Yaha aap ko Vulnerability
puri list provide karta hai jo aap screenshot mai dekh sata hai.
Curport
Jaise hi aap iska icon click karege
aap ko ye aapke pc ke saare openport bata dega aap us port ko band kar de jisse
koi hacker port ke throw aap ka system hack na kar sake.
Download section
ID SERVE
Zen map
Angry IP Scanner
NeXpose
loading...
1 comments:
Write commentsŁadnie to wygląda.
ReplyEmoticonEmoticon