Looking for somthing in this blog?

Saturday, July 21, 2007

Nmap can port-scan the localhost!

If you are not familiar with Namp then you have to. It's incredibly useful.
Generally we categorize Nmap as a port scanner but really it depends on the imagination and creativity of its user, yeah sure for ordinary folks it's just another port scanner but not for ... other folks who went beyond the default scans and were curious about how Nmap works therefore tried to understand that by monitoring the packets sent on the network every time they use the tool.

Enough of that and let's talk about what I want to talk about!

Nmap was primarily developed on Linux, and it's installed by default in most Linux distributions, after sometime it was ported to Windows. Nmap works fine on Windows but still there are some differences between Nmap functionality on the 2 platforms. One of these differences is the scanning of the IP address of the localhost.

Allow me to switch to my Linux box and show you:
whoami command shows that I am logged in as the root user, root -as you know - is the privileged user, and this is important when using Nmap, because Nmap default options differ when you are logged as an ordinary user.
ifconfig shows us the configuration parameters of the network interfaces (one physical interface, and the logical loop back interface)

Now it's time to scan eth0 interface which is configured with a dynamic IP address: 192.168.1.11And it worked with no problem at all.

Let's switch to Windows and do the same thing
whoami exists on Windows 2003 server too, and it showed us that we are logged as a privileged user (administrator).
ipconfig showed the interfaces and their parameters.
192.168.1.12 interface is what interests us so let us port-scan it
haaa! it doesn't work! see! now you believe me, don't you?!

The work around this is by using a spoofed IP address, we will let Windows 2003 server think that it is being scanned from another IP address in the same LAN but in reality it's not! and to do that we have to get the identifier Nmap uses to distinguish that interface using the option --iflist
eth0 is the identifier we need.
Now it's just a matter of typing the command as below but we have to make sure that the IP address we choose to hide behind shouldn't exist on the local area network otherwise there will be a conflict .... and conflicts are bad!! :)

It worked and Windows didn't have a clue! ;)

Posted by Abdelhakim Bakkich at 4:20 PM

1 comments:

kholis said...

what a nice tutorial,,
i've been looking around this for a long time,,
thanks

July 29, 2009 2:29 AM

Post a Comment

Subscribe to: Post Comments (Atom)