-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnotes.txt
More file actions
186 lines (129 loc) · 5.67 KB
/
notes.txt
File metadata and controls
186 lines (129 loc) · 5.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
These are notes I wrote while learning the concept of everything.
Not included for official docs.
1. Networking basics
Networking means the communication between 2 or more devices.
Protocols are the rules used for networking.
client - req karne vaala
server - response dene vaala
- Protocols
HTTP : for web browsing
HHTPS : secure web communication
FTP : file transfer
SSH : secure shell, remote access
DNS : domain - IP mapping
TCP/IP : internet ke backbone Protocols
- IP Address
every device which is connected to internet or local network has an ip address.
example:
192.168.0.1 - local network
142.250.193.78 - google's ip
types:
IPv4 - 4 parts, 0-255
IPv6 - more longer and complex
- MAC address
physical address of the device's network interface
unique for every device
mostly used for lan lvl comm
- DNS
converts domain to ip
nslookup google.com - will return ip of the site
2.TCP/IP & ports
transmission control protocol / internet protocol
it is a comm model which tells how data travels on the internet
IP decides where to send the package
TCP ensures how and how much
- Layers
apps : chrome, whatsapp, etc.
transport : reliable delivery (TCP/UDP)
internet : ip address and routing
network access : physical sending (like ethernet/wi-fi)
- TCP vs UDP
| Feature | TCP (Used in Scanning) | UDP |
| ----------- | ------------------------ | -------------------- |
| Reliable? | ✅ Yes (acknowledgements)| ❌ No (best effort) |
| Speed | Slower | Faster |
| Use Case | Web, Email, SSH, etc. | Streaming, DNS, VoIP |
| Connection? | Yes (handshake) | No connection needed |
TCP:
3 way handshake
syn - synchronize
ack - acknowledgement
1. SYN: client --> server
2. SYN+ACK: server --> client
3. ACK: client --> server
connection done
if all steps complete then the port is open and if any step fails, the port is closed or filtered.
- Ports
logical door of a system jaha services baithi hoti hai
when we are scanning an ip address, we are actually seeing which ports are open and what services they provide
port no ranges:
| Port Type | Range | Example |
| ---------------- | ----------- | ---------------------- |
| Well-known Ports | 0–1023 | 80 (HTTP), 443 (HTTPS) |
| Registered Ports | 1024–49151 | 3306 (MySQL), etc. |
| Dynamic/Private | 49152–65535 | Temporary use |
port states:
whenever we scan a port it is in a states
open - a service is actively listening
closed - port is not active
filtered - scanner not getting any response, maybe because of firewall
unfiltered - scanner got a response but unsure
3. Connect Scan vs SYN scan
both of these are TCP port scanning Techniques - means how you are checking port status
Connect Scan:
this scan completes TCP handshake
as soon as connection succeeds, it closes it
steps:
1. SYN: client --> server
2. SYN+ACK: server --> client
3. ACK: client --> server
- connection done
4. client closes the connection
SYN Scan:
this scan stops TCP handshake halfway through
that's why it is called half-open scan or stealth scan
steps:
1. SYN: client --> server
2. SYN+ACK: server --> client
3. no ACK, RST or nothing
RST - reset (When a computer receives a packet with the RST flag set to 1, it immediately closes the connection and discards any further data related to that connection. )
summary:
| Feature | Connect Scan | SYN Scan |
| --------------- | ----------------- | --------------------------- |
| TCP Handshake | Full | Half (No final ACK) |
| Detectable? | ✅ Yes | ❌ Less likely |
| Easy in Python? | ✅ Yes (`socket`) | ❌ No (needs `scapy`, root) |
| Stealth Level | Low | High |
| Permissions | Normal user | Often needs root/sudo |
4. Python Socket programming (connect scan)
socket - it is a programming interface which allows the network devices to communicate
socket module:
connect to IP + port
send/recieve data
check port status
basic port scanner logic:
1. take ip address
2. define port range
3. try making connection for every port
4. if connected - port is open
5. if error - port closed or unreachable
5. Threading & Concurrency
if we scan each port one by one it will take a lot of time, so we use threading to make it faster
by using threading we can make the program scan multiple ports parallely
cons:
- too many threads can slow down or crash the system
- order of results can be random
6. Banner grabbing
banner grabbing is used for taking out intro info from the target server
info:
- server's software name
- verison no.
- os (sometimes)
- warning messages or misconf hints (sometimes)
types:
1. Active banner grabbing:
manually ask for it after connecting
2. Passive banner grabbing:
by data sniffing with someone else's connection, we don't req manually
use:
tells the attacker from software version that which exploit can work