After we collect information about our target network from
third-party sources, such as the search engines, we need to discover our target
machines. The purpose of this discovery process is:
·
To find out which machine in the target network
is available to us. If the machine is not available, we can't continue the
penetration testing process, and we need to move on to the next machine.
·
To find out the underlying operating system that
is used by the target machine.
The purposes mentioned above will help us during the
vulnerabilities mapping process.
To help us in the target discovery process, we can utilize
the tools provided in BackTrack 5 R2. Most of these tools are available in the
Network Mapping menu with the following sub-menus:
·
Identify live hosts, and
·
OS-Fingerprinting
The tools included in this category are used to identify
target machines that are available. However, first we need to know our client's
terms and agreements. If the agreements require us to hide pentesting activities,
then we need to conceal our penetration testing activities. Stealth technique
may also be applied for testing Intrusion Detection System (IDS) or Intrusion
Prevention System (IPS) functionality. If there are no such requirements, we
may not need to conceal our penetration testing activities.
Here are the tools that I have tried to identify the
target machine:
Ping
The ping tool is the most famous tool to check whether a
particular host is available. The ping tool works by sending an ICMP ECHO
REQUEST packet to the target host then if the target host available and not
blocking a ping request it will reply with ICMP ECHO REPLY packet.
Here is the example to use the ping tool that I tested with
target 192.168.0.199:
Open the Terminal in your backtrack and type #ping –c 2 –s
1000 192.168.0.199
1000 send 1000 bytes and 2 packets
For more detail information tries to run the wire shark to
capture the traffic
The result is:
click for better picture
From the preceding screenshot, we can see that our host
(10.0.2.15) sent two ICMP ECHO_REQUEST packets to the destination host
(10.0.2.2). Since the destination is alive and allowing ICMP ECHO_REQUEST, it
will send back the ICMP ECHO_REPLY packets to our machine.
There are still a lot of tools to identify the live host you
can try some of it like genlist, fping, lanmap, etc
To prevent somebody to ping you I have read a page that help
us to block hacker to do the ping request especially for windows user http://www.raymond.cc/blog/blocking-ping-response-in-windows-to-prevent-hackers-from-finding-you/
No comments:
Post a Comment