Abstract
In ethical hacking, the reconnaissance phase is followed by the scanning and enumeration phase where the information collected from reconnaissance phase is used to examine the target or target network further for getting specific details such as computer names, IP addresses, open ports, user accounts, running services, OS details, system architecture, vulnerabilities, etc. This chapter introduces different scanning and enumeration tools used in the scanning phase of the ethical hacking process in detail. One may use scanning and enumeration tools and techniques involving packet crafting tools, packet analyzers, port scanners, network mappers, sweepers, and vulnerability scanners during this phase. The chapter introduces tools like Hping3, NMAP security scanner, Colasoft packet builder to create custom packets, vulnerability scanners such as Nessus, Netbios enumeration technique, Hyena, remote administration of network devices using advanced IP scanner, global network inventory, network mapping using the dude network monitor, banner grabbing using ID serve, SNMP enumeration technique, creating NetBIOS null session to enumerate, etc. The chapter also provides the details of maintaining privacy and anonymity while carrying out such scanning and enumeration attacks.
TopPacket Crafting (Hackingarticles, 2018)
Packet crafting techniques involve manually generating packets in order to test the network and network devices for their performance. It does not use existing network traffic but creates its own network traffic. These techniques can allow hackers to probe firewall/IDS rule-sets, TCP/IP stack, router and open ports in order to determine entry points into a target system or network (Samineni, Barbhuiya, & Nandi, 2012). These packet generating tools allows to carry out the settings for specific options/flags/changing payload size in the packet. Packet editing tools like Colasoft or Scapy can be used. For analyzing the response packets, tools like Wireshark (GUI based and offers more user friendliness), Tcpdump (command line based), or Windump (command line based for windows) can be used.
Colasoft Packet Builder to Create Custom Packets (COLASOFT, 2018)
Colasoft Packet Builder provides powerful editing features in order to create custom network packets (Ethernet Packet, ARP Packet, IP Packet, TCP Packet and UDP Packet etc.) for testing the network. The decoding editor allows us to edit specific protocol field value/ parameters easily. We can save the created packets to files on hard disk. Try to add/insert/send/edit/save packet using colasoft.
First install colasoft packet builder on windows host machine or guest VM. Next select adapter (use ipconfig/all command to get details of the Ethernet adapter) and click on add/create packet tab as shown in Figure 1. Select ARP packet template as shown in Figure 2 with delta time = 0.1 seconds setting. Select view in decode/hex editor. Click send all with burst mode seeing as shown in Figure 3 and click close tab. Now, ARP packet will be broadcasted on network. All active machines in the network will send reply to these ARP packets. To view the response ARP packets, start Wireshark prior to sending ARP packets and capture the response packets in Wireshark with ARP typed in filtering command section for further analysis as shown in Figure 4. You can also save or export the created/captured packets in any file on hard disk.
You can also craft TCP packets with different options, flag (SYN, RST, PSH, URG, ACK, FIN) settings, different source/destination address and send packets. Figure 6 and 7 shows the sample TCP packet with SYN flag set sent over the network and corresponding output observed in the Wireshark respectively.
Figure 1.
Colasoft – Select Adapter
Figure 2.
Colasoft – Add Packet- ARP
Figure 3.
Colasoft – Send All Packets Options
Figure 4.
Wireshark Output with ARP filter
Figure 5.
Colasoft TCP Packet Crafting
Figure 6. Wireshark Output for Crafted TCP Packets