I wrote a post about detecting rogue virtual machine a while ago. Today I am publishing my script for how to get list of mac addresses and their manufacturer. It is easy to put an if statement and make this script to detect virtual machines. This is just start, if I get some time I will make this smarter.
#scan C subnet assuming you're in 192.168.1.X
#check arp info
for ((i=0; i<255; i++))
ping -t 1 192.168.1.$i >temp.txt
arp -a | awk /:/ | cut -f 4 -d " " > macAddresses.txt
arp -a | awk /:/ | cut -f 2 -d " " > ipAddresses.txt
#lookup those mac address on the web
cat $fileName | while read mac
#for each mac addresses we are sending post request and formating the output
#-qO- means show the output in terminal, not save in a file
#post data is obvious, use post method to fill a field "mac" on the form
#awk the Company part and format to gather the result
wget -qO- --post-data="mac=$mac" http://aruljohn.com/mac.pl | awk /\>Company/ | cut -f 5 -d ">" >>companiesTemp.txt
#little more formating for companies.Temp required
cut -f 1 -d "<" companiesTemp.txt >companies.txt
#combining ip,mac, and companies in a single file
paste ipAddresses.txt macAddresses.txt companies.txt>finalResult.txt
#printing final result on the screen
echo "The results are saved in local finalResult.txt, and we are kind enough to show them here"
#cleanUp temp files
rm temp.txt companies.txt companiesTemp.txt ipAddresses.txt macAddresses.txt
Today I would like to write about CEH module 5, that is Scanning. The last module was covered on this blog was Footprinting can be found here If you want to see all the modules written about CEH, you can click “Certified Ethical Hacker” section at the right side bar.
Even tough I will talk about some general scanning techniques, my focus will be on practical knowledge of nmap that is heavily is tested on your CEH exam. I will not go deep on the nmap, you can do lots of cool stuff with it, but my focus will be its general usage for the ceh exam.
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses.
You need to know some basic options, scan types, IP addresses’ and ports’ formats in nmap.
-sT: connect scan -sX:XMAS scan
-sS: syn scan (half open) -sP: ping scan
-sF: fyn scan -sU:UDP scan
-sO: raw scan -O: OS detection
3 way hand shake will be performed on the connect scan, that is why this option is slow and will have lots of footprints on the target system.
Syn scan will only send SYN packets to targets. If the port is open then we will receive SYN+ACK other wise we will receive RST that indicates the port is closed…
Ping scan: This also known as ping sweep. Basically nmap will be pinging all the given machines and determine live hosts.
UDP scan: In case you want to see UDP ports, you need to run a UDP scan.
nmap -sS scanme.nmap.org/24 -p1-65535
nmap -sT -O 192.168.0.1-25 -p23