GCS Learn
Nmap NSE
Author - GIGOCYBERSPACE
Republished - 22 November 2024
Nmap can also be considered as a powerful tool as not only does it give recon information about a network or host but can be used for password cracking, vulnerable scanning, DOS attack and so much more. Most people think that Nmap is a simple tool. But it is more complex than that.
Nmap uses the module Nmap Script Engine(NSE). NSE are set of libraries that can be used for advanced recon, DOS attack, password cracking, vulnerability scanning. One cool feature with Nmap is that Nmap helps you to quickly map out a network without sophisticated commands or configurations. A beginner in cyber security can get used to Nmap.
In this tutorial, we will use Nmap to:
- Perform DDOS attack on any system vulnerable
- Perform Brute Force Attack on different protocol like FTP SSH, HTTP, Telnet, MySQL and more
Perform DoS attack
To install Nmap, visit its official page at Nmap.org or you can install in your terminal with:
apt-get install nmap
Step 1:DDOS Attack Check
One drawback of Nmap is that unlike tools like Slowloris which perform DOS attack on any system except its uses DNSSEC(a mew domain mechanism implemented in website where this is used to protect against DoS related attack), Nmap needs to check if the target set is vulnerable. Luckily, we've found a host to test out.On Linux we chec
nmap --script http-slowloris-check <ip-address-or-website>
Step 2:Perform DOS
Once we've found out our target is vulnerable, we target the incomplete packet towards it. Rememberhacking is illegal,only do it under permission
nmap --script max-parallelism 400 <ip-address-or-host>
Note that max-parallelism is the maximum number of port operation to be performed at a particular time. You can add or decrease to your choice.
Perform Brute Force Attack
A brute force attack, is one that uses a word list to guess out the credentials of a service.One thing great about Nmap brute force attack is that brute force over 80-200 password per second making it easier and saving time. We are going to be brute forcing access on different protocols with Nmap.
Form 1:Brute Forcing FTP
FTP short for File Transfer Protocol used for File Transferring can be brute with nmap's ftp-brute NSE:
nmap --script ftp-brute --script-args userdb=user.txt,passdb=pass.txt <ip-address>
Form 2:Brute Forcing SSH
SSH short for Secure SHell can also be brute force with the ssh-brute NSE
nmap --script ssh-brute --script-args userdb=user.txt,passdb=pass.txt <ip-address>
Brute Forcing MySQL
MySQL is a protocol that is responsible for the delivery of data submitted by users which is stored in a database. And having a port number of port 1434. MySQL can be brute forced also:
nmap -p1434 --script sql-brute --script-args userdb=user.txt,passdb=pass.txt <ip-address>
Brute Forcing HTTP form
Please note that this brute force a HTTP form will be done on a particular network. For example if you're using WebGoat its brute force the webgoat login form to get in.
nmap -p 80 --script=http-form-brute --script-args 'userdb=users.txt,passdb=pass.txt,http-form-brute.path=<path-to-login-form-like-'/webgoat/login.php'> < ip-address>
Convculsion
Nmap is the hacker's best companion in hacking.It is simple, fast and powerful.Nmap as a tool has one of the highest ranking with hacking level.It can the jobs of a combination of tools.Nmap is the hacker's power pose
