I recently did a talk at BSides London on some of the little toys that I like to build. I've been tinkering with hardware for a few years now and find it fascinating. It's a natural progression from my interests in breaking software, to breaking IoT to building my own stuff for the purposes of improving my understanding of how to break things. People asked me for the slides, but at 300mb I'm not so keen to put them up. Instead I thought I'd write up my talk and show you how to start building your own Internet of Wrongs devices.
Earlier we looked at the theory behind different types of port scans. Here we'll put the theory into practice and see what we find on a lab network. In this example I have a copy of metasploitable 2 running on IP address 10.0.2.4. If you have a copy of virtualbox, it's worth playing along with this post.
This is a multi-part blog post about port scanning. In this post we're going to cover port scan theory. In the next post in this series we'll look at the practical parts of port scanning. It might seem a little dry in places, but stick with it as it's knowledge you're almost certainly going to be tested on in any professional exam. If it's not in your exam, you're in the wrong class.
Every now and again when pentesting you come across something that doesn't quite seem right. You can't always put your finger on it, it's just a little... off. Whether it's a code execution bug that's a little too easy to exploit, or the demo user account that looks like someone forgot to remove, sometimes vulnerabilities just seem as though they were deliberately placed there, even if it's for legitimate purposes. These bugs are commonly known as backdoors, and in this post I'll go through the steps in detecting some common types of backdoor from the network.
Beyond the basics, there are various little things pentesters need know about when it comes to network mapping. It's quite surprising how many people get these things wrong, until you actually look at the RFCs behind them. The tricks I'm going to show you are actually based mostly on implementation gaps, and as such it's not surprising that people get them wrong (I know I sometimes do), but keep this post handy as a reference and you'll be able to learn from my mistakes.