Port Scanning Tutorial for Hackers – Basics
Port Scanning Tutorial for Hackers – Basics
Hello Friends, today i will teach you what is port scanner and how it works and why port scanning is a essential part of any hacking attempt. In this Port scanning tutorial i will explain things from very basic level and then take the tutorial to next level stepwise. This article will help you guys to understand port scanning basics and how port scanning actually works. I will try to cover all topics related to port scanning so i divided this article into four different parts.
First part consists of:
1. Introduction of Ports and Port Number
2. What is port scanning and how it works
3. How to protect yourself from port scanners
1. Introduction of Ports and Port Number
2. What is port scanning and how it works
3. How to protect yourself from port scanners
Second part will contain:
1. Different types of port scanning.
2. How different types of port scanning works.
1. Different types of port scanning.
2. How different types of port scanning works.
Third part will contain:
1. Practical implementation of port scanning.
2. Port scanning using NMAP.
3. NMAP tutorial Basics.
1. Practical implementation of port scanning.
2. Port scanning using NMAP.
3. NMAP tutorial Basics.
Fourth Part:
NMAP advanced tutorial for Hackers and Network administrators.
NMAP advanced tutorial for Hackers and Network administrators.
So lets start from the very first part. So friends lets begin our learning:
First of all, you all must know what is port and for what purpose it is used. Port is a medium between two devices(can be two computers) to communicate with each other. A port is always associated with an IP address (usually of host) and the type of protocol (TCP or UDP) used for communication. A port is identified for each IP address and protocol by a 16-bit number, commonly known as the port number. The port number completes the destination address for a communication’s session means which service has to be invoked.
First of all, you all must know what is port and for what purpose it is used. Port is a medium between two devices(can be two computers) to communicate with each other. A port is always associated with an IP address (usually of host) and the type of protocol (TCP or UDP) used for communication. A port is identified for each IP address and protocol by a 16-bit number, commonly known as the port number. The port number completes the destination address for a communication’s session means which service has to be invoked.
 |
| Port Scanning basics tutorial for hackers |
Since its a 16 bit number so there are 2^16 (means 0 to 65535) ports exists each for UDP and TCP protocols. Out of these first 1k ports are fixed for system services and rest we can configure according to our choice.
List of Common Port Numbers:
Some default useful ports that we use in day to day life(:P Hackers and network administrators) :
Port number Service
7 Ping
21 FTP(File transfer protocol)
22 SSH (Secure shell)
23 Telnet
25 SMTP (Mail)
43 WHOIS
53 DNS
80 HTTP
110 POP3 (Mail Access)
119 Network News Transfer Protocol (NNTP)
143 Internet Message Access Protocol (IMAP)
161 Simple Network Management Protocol (SNMP)
443 HTTP Secure (HTTPS)
513 Remote login
8080 Proxy
Port Scanning:
From above you might have guessed that what is port scanning. Now lets understand what actually port scanning technique is? Port scanning is one of the most important step in gathering the information(reconnaissance phase) about the victim against whom you want to launch attack or simply gathering loop holes of your own system(like network and system administrators) to prevent that from hackers. Port scanning is done to get the current state of the port means Port is open, close, filtered or prevented. I usually prefer NMAP for port scanning because it is simply best port scanner available online.
Note: Most of us think that port scanners is only used by hackers. But port scanners serve more to security administrators rather than hackers. Network security administrators use port scanners on regular basis to monitor all the ports status. So either you are a hacker or a security expert, knowledge of port scanning is must for both.
Port scanning help the hackers to find out the open ports on a host. Let me relate it to some practical example of our daily life. Port scanning is basically like ringing a door bell of someone’s house, if somebody respond to ringing door bell, it means somebody is at home. If no one respond then there will be two situation’s, First members in house is busy or nobody is at home. Similarly in case of Hacking, you send a request to host for checking that particular port is live or not. If it responds back means its live other wise its closed or inactive. Now you all must be wondering why i am focusing too much on this. Consider an example, what will happen if you left your home gate always open. :P, its absolutely similar to unprotected PC which has left its ports open.
How to Protect Your Self?
To help ensure that your network is protected and secure you may wish to perform your own port scans.To get accurate results it may be best to perform the port scan from a remote location using non-company equipment and a different ISP. Using software such as NMap you can scan a range of IP addresses and ports and find out what an attacker would see if they were to port scan your network. NMap in particular allows you to control almost every aspect of the scan and perform various types of port scans to fit your needs.
Once you find out what ports respond as being open by port scanning your own network you can begin to work on determining whether its actually necessary for those ports to be accessible from outside your network. If they’re not necessary you should shut them down or block them. If they are necessary, you can begin to research what sorts of vulnerabilities and exploits your network is open to by having these ports accessible and work to apply the appropriate patches or mitigation to protect your network as much as possible.
That’s all for today my friends. I will extend the tutorial on Port Scanning in my next article tomorrow. So friends keep reading. In my next class i will explain you different types of port scanning techniques and much more.
If you have any queries ask me in form of comments.
Hello Friends, lets proceed to topics of our next hacking class of scanning. Today we will learn about how network scanner works. Every network hacking attack requires an IP address and port number of the vulnerable host in order to launch the attack. For example, you have discovered an Apache server exploit which is ready for use, you need the IP address and sometimes the port number( if server is running on custom or non standard port) of the vulnerable host running Apache server. Here the Network scanners will come into picture, network scanners will provide you all of this information, they will not only tell you the IP address and port number of the host but they will also tell you which application is running on which specific port.
Note: This article is for Education Purposes only.
There is lot more things about network scanners, that i cannot explain about them, but i will try to cover as much as i can. So lets start learning more about Network scanners, Suppose you don’t have any intention or goal to hack any particular user or network, so just for fun you run a network scanner against a host or subnet for scanning its details and what you will get is such a critical information that you cannot get by any other means. Nowadays, network scanner also provides you the complete topology of the networks within few seconds.
 |
| Network scanners Working |
Most of us only think that scanners are only for determining IP address, port number and application running on specific ports, but my dear friends you will be also get shocked to know that we can also use Network scanner to determine the firewall rules and other access control specific policies like authentication, authorization and privileges escalation etc.
This was the brief about Network scanning and Network scanners. Now let’s learn how the scanners actually work.
How Network Scanner Work
Its a big question for new guys in hacking field and i can guarantee that more than 90 percent of existing hackers also doesn’t know about how the scanners actually work. What the script kiddie’s ( hackers dependent only on hack tools) do they just know how to scan the host, they don’t know how it actually works. Most of you have also used the tool NMAP and i know 90 percent of you still don’t know how it works. So don’t got frustrated if i tell you that if you don’t know about how the things actually works, you don’t know anything about it. You can never explore things that where else i can use it and other such innovative stuff.
There are lots of network scanners out there in the market and each supports the different set of features and each operates in slightly different way. But all the network scanner follow the same basic principles.
All the networking applications communicate with each other by sending packets(piece of data) back and forth. Scanners use this concept to determine the things, scanners send packets to computers(host) and receives a acknowledgement( packet) from the system. If a response is received, then the host is alive, else host is not active or dead or firewall is blocking the communication. But in case of NMAP, firewall almost never comes into picture as they have inbuilt firewall bypass feature set.
Note: Most of Large companies use a tool called Port Sentry whose only purpose is to frustrate the port scans. Additionally, some feature of firewall like SYN-cookies can make ports appear that they are closed but actually they are open. Cyberoam and Websense and Zone alarm(in expert mode) have this feature.
Most network scanners or we can say most network applications communicate using either the TCP or UDP protocols. Both protocols use the concept of ports to allow for multiple applications to run simultaneously on single IP address. Both UDP and TCP support 65,536 distinct ports, in windows operating system first 1024 ports are reserved for system processing. This in itself a huge topic, i will explain this later. Most applications work on their specific default ports but we can alter it whenever extra security or performance related issues are there. HTTP web servers typically run on TCP port 80, SMTP email servers almost use TCP port 25, DNS servers use UDP port 53 and list is endless. Just go to wikipedia to explore the services and application run on specific ports.
In windows 7, you can easily view which ports is being used by which application or service. Just go to start, in search type “ windows firewall with Advanced Security” (without quotes). Just click to open it, their you will find inbound rules and outbound rules which shows that that which port is currently being used by which application and this also allows you to open and close the specific ports for specific programs.
Network scanners determine what network application is running on a given computer by testing TCP and UDP ports to see whether they are supporting connections. If a TCP port 80 is open on a specific computer that it is assumed that it is running HTTP web server. Now we must know different types of scanning too. There are basically two types of Network scanning, TCP scanning and UDP scanning.
So today i am looking in little good mood, so lets learn that also today.
TCP Scanning
The main goal of TCP scan is to determine which TCP ports have applications listening(using) on them. For TCP scan, no actual communication with the listening application is needed as TCP scan allow you to get the information about which ports are open without completing the full connection. TCP connections use 3 way handshake protocol. To see whether application is listening the specific port, what scanner do is that it send a TCP SYN packet to the port and wait for the response. If the SYN/ACK packet is returned, then it means port is open. If RST packet is returned then it means that the port is closed.
Most important, if no response is received after some time, then the port is considered as filtered (i.e. some firewall or antivirus program is blocking the connections to the port) or there is no host alive with that IP address.
Now lets learn what is UDP scanning.
UDP Scanning
UDP scanning is little bit tricky and difficult than the TCP scanning. UDP works on Fire and forget protocol means we just send the packet and nothing is returned back so its quite difficult to find anything without response. Also we cannot determine that host is alive or dead or filtered. However, there is one ICMP concept which actually help the scanners to determine the open or closed ports. If a UDP packet is sent to a port without an application bound to it, the IP stack will return an ICMP port unreachable packet. The scanners assume that if any port has returned ICMP error then its closed, while the ports that didn’t answer are either open or filtered by the firewall.
That’s all the overall concept that what are network scanners, network scanning and how actually the network scanning works and different types of network scanning.
If you have any issues or queries ask in form of comments.. It take lot of time to write such a detailed tutorials, little appreciation comment can do the work. So don’t feel shy to comment.
Crypters are computer applications which are solely used to bypass the antivirus detection of malwares. Hackers use crypters to hide viruses, Trojans, RATS, keyloggers and other hack tools into a new executable, whose sole purpose is to bypass the detection of the same from antivirus. Crypters are basically dead programs which does not affect the actual functionality of the program, they just spoof the actual program behind their encryption and make antivirus fool. Most antivirus detects viruses on basis of heuristics and normal string based detection. Since we have spoofed the original program, so antivirus stand lame and does not detect it as virus.
 |
| Crypter tutorial : only for hackers |
Common terms related to crypters:
For understanding and designing crypters, hackers must be aware of certain terms, most of you already know these terms, but as i am writing this tutorial starting from novice level and take it to elite level at the end. So if you know these terms just read them one more time, as that might help you to clear some of your doubts.
1. FUD or UD : Fully undetectable(FUD) means that your virus is not detected by any of the existing antiviruses while undetectable(UD) means detectable by few antiviruses. FUD is our only goal and elite hackers always rely on that.
Note: Crypter will remain FUD until you have openly shared on internet. Public crypters remains FUD up to maximum 2 to 3 days then they become UD. So if you want to use crypter for long time so never publish and share that on internet. Use it anonymously.
2. STUB : A stub is a small piece of code which contains certain basic functionality which is used again and again. It is similar to package in Java or simply like header files in C ( which already has certain standard functions defined in it). A stub basically simulates the functionality of existing codes similarly like procedures on remote machines or simply PC’s. In crypters, client side server is validated using stubs, so never delete stub file from your crypter. Stubs adds portability to crypter code, so that it can be used on any machine without requiring much procedures and resources on other machines.
Let me explain with small example:
Suppose you are writing a code that converts bytes to bits, so we know formula or method for converting bytes to bits will remain same and it will be independent of machine. So our stub (or method stub or procedure) will contain something like this:
BEGIN
totalBits = calculateBits(inputBytes)
Compute totalBits = inputBytes * 8
END
Now what we will pass is only number of bytes to this stub. And it will return the resulting bits. Similarly, we include some common machine independent checks and functions in our stub, and in main code we only passes linkage and inputs to these stubs, which in return provides suitable results.
Note: Most of times it happens, suppose you downloaded some keylogger and you complain to provider its not working, only reason for that is stub. Also always kept in your mind, if you are downloading any keylogger or crypter always check stub is present in it. If not, don’t download it, its just a piece of waste and for sure hacker is spreading his virus using that. I recommend that never download any hacking tool on your real machine, always use virtual machine or sandbox to test hack tools.
3. USV: Unique stub version or simply USV is a part of crypter that generates a unique version of stub which differentiates it from its previous stub, thus makes it more undetectable against antiviruses. For detecting this antivirus companies has to reverse engineer your crypter stub, that is not that easy to do, so it will remain undetectable for long time. This consist of one most important component USG ( unique stub generation) which is the actual part of crypter that encrypts and decrypts the original file means its the heart of your algorithm and i will recommend never write this part in stub, rather include this part in main code. Why i am saying this, stub is part of code which is shared with victim, so it will become public and hence your Crypter will not remain FUD for much long time.
Different types of crypters:
1. External Stub based crypters : This category consists of public crypters (those you have downloaded till date :P (noobish one’s) and you complains to provider that its detectable by antiviruses. That really foolish complaint, if crypter is public then it can never remain FUD. So don’t ever complain to me also after my next article for such noobish things. Ahahah.. i got deviated for real thing.
External Stub based crypters are those crypters in which most of the functionality of the crypter depends of external stub, if your delete that stub file, your crypter is useless. :P Most antivirus only do that. These type of crypters contains two files one is client.exe and other is stub.exe . Stub contains the main procedures and client contains the global functions that call those procedures.
2. Internal or Inbuilt stub based crypters: The crypters that contains only one exe file (i.e client) fall under this category. This client file has inbuilt stub in it. You can separate stub and client part here too using RCE (reverse code engineering) but it is not recommended.
Note: External or Internal stub doesn’t make much difference as antivirus detects files on the basis of strings related to offsets. Whenever you reverse engineer any application or program, the program execution flow will gonna remain the same but offsets may change. USV will come into picture at this point. If you include your encryption algorithm separately then it will be more harder for antivirus to detect your crypter.
3. Run time crypters: Run time crypters are those crypters which remain undetected in memory during their execution. We are looking for these type of crypters only. :P These can any of the two above.
4. Scan time crypters: Those crypters which will remain undetected while encrypting the files but will become detectable when resultant file is generated. :P Fking one’s that wastes all effort we have put. This really annoys everything is working fine and at last you get your file being detected by noob antiviruses.
So friends, this is for today, i will share more about crypters like how to make internal and external stubs based crypters, how to make stubs absolutely FUD by using packers and obfuscators. So remain connected..
If you have any queries, ask me in form of comments. A comment of appreciation is always heartily accepted.
Phishers are fake pages which are intentionally made by hackers to steal the critical information like identity details, usernames, passwords, IP address and other such stuff. As i mentioned intentional, which clearly means its illegal and its a cyber crime. Phishing is basically a social engineering technique to hack username and passwords by deceiving the legitimate users. Phishers are sent normally using spam or forged mails.
Note: This article is for educational purposes only, any misuse is not covered by Hacking loops or CME.
What is Phishing?
Phishing is basically derived from the word called Fishing which is done by making a trap to catch the fishes. Similarly in case of hacking, hackers make Phish pages (traps) to deceive the normal or unaware user to hack his account details. Phishing technique is advancing day by day, its really tough to believe that on what extent this technique is reached but this is always remains far away from normal internet users and most of hackers.
Most of hackers and computer geeks still believe that Phishing attempt can be easily detected by seeing the URL in address bar. Below are some myths that hacking industry still have about Phishing. I will mention only few because then article will become sensitive and major security agencies will flag my website for posting sensitive data. So i will only explain the facts, if you need the same you need to fill the form and give us assurance that you will not misuse it.
Myth’s about Phishing among Computer Geeks and Hackers
1. Almost each and every Hacker or computer Geek, thinks that Phishing attempt can be detected by just having a look on the URL. Let me tell you friends it was old days when you recognize Phishers by seeing URL’s. But nowadays recent development in Cross site scripting(XSS) and Cross site Script forgery has made it possible that we can embed our scripts in the URL of famous websites, and you must know scripting has no limitations. Below are some examples that you can do from scripting:
a. Embed a Ajax Keylogger into the main URL and user clicks on the URL, keylogger script will get executed and all the keystrokes of the user will get record.
b. Spoof the fake URL: If you are little bit good in scripting and web browser exploits recognition then this can be easily done. What you need to do you need to write a script which will tell web browser to open fake page URL whenever user opens some website like Facebook. Just you need to manipulate the host file and manipulate the IP address of that website from Host file(found in windows folder).
c. Simply retrieving the information saved in the web browser like saved passwords, and bookmarks etc. Just need to write a script which will explore the locations in Windows user profile (where actually the stored information of web browsers saved).
2. One biggest myth, when you enter the data into the fake page, it will show either some warning message or show login information is incorrect. Rofl, new phishers are bit smart, now they don’t show warning messages, when you login through fake page. They will actually login you into your account, and simultaneously at the back end they will steal your information using batch scripts.
So friends i think this is enough back ground about new phishing technologies. Let’s learn how to make a basic Phisher of any website in less than one or two minutes.
Steps to make your own Phisher:
1. Open the website Login or Sign in page whose phisher you want to make. Suppose you pick Gmail.
2. Right click to view the source and simultaneously open notepad.
3. Copy all the contents of the source into the notepad file.
4. Now you need to search for word action in the copied source code. You will find something like below:
 |
| Manipulate action and method |
Now in this line you need to edit two things, first method and then action. Method Post is used for security purposes which encrypts the plain text, so we need to change it to GET.
Action field contains the link to next page, where it should go when you click on login or press enter. You need to change it to something.php (say lokesh.php).
5. Now save the above page.
6. Now open the Notepad again and paste the below code in that:
 |
| Batch script for Phisher |
7. Location contains the next page URL, where you wish to send to user and passwords.html will contains the passwords.
8. Now save this file as lokesh.php as told in step number 4.
9. Now create an empty file and name it as passwords.html, where the password get stored.
10. Upload all the three file to any web server and test it.
Note: In case of facebook, it will show error after user login, for that you need to use tabnabbing trick.
Note: Always keep the extension correct, otherwise it will not work. So always use save as trick rather than save otherwise it will save files as lokesh.php.txt.
That’s all from my side today, I hope you all enjoyed this article..
If you have any issues ask me in form of comments..
About Gamemaker gafoor.2
No comments