kanishka10, Author at Hackercool Magazine

Hello, aspiring ethical hackers. In our previous article, you learnt what is social engineering. In this article, you will learn in detail about Phishing. Phishing is one of the most popular social engineering techniques. What exactly is phishing? Phishing is an act of presenting a fake page resembling the original webpage you intend to visit with the sole intention of stealing your credentials. This post demonstrates phishing tutorial for beginners. Although we make a phishing page of Facebook in this tutorial, it can be used to make a phishing page of any website. So now let’s phish.

Open your browser, go to the Facebook website, Right click on the webpage and click on “view page source”.

The source of the web page is displayed in the browser. Right click on the page and click on “Save As”. Save the page as “index.html”on your computer.

Now open index.html using notepad and hit “CTRL+F”.In the Find box opened, type “action” and click on “Find Next”. Look at the value of action. This “action” specifies the website what to do after users enter credentials and submit those.

Now change the value of action to “phish.php”. We are doing this so when the user enters his credentials the page that loads will be “phish.php” and not the usual page Facebook loads.

Now let’s create the page phish.php. Open Notepad and type the following script into it and save it as “phish.php”. What this script does is it logs the user credentials and saves it to a file named “pass.txt”.

Now our files are ready. Next step is to upload these files to any free web hosting site available on the internet. Google for free web hosting sites, select any one of them(I selected bytehost7), create an account with username as close to Facebook as possible and delete the index.html file available in the htdocs folder. Then using Online File Management upload your own index.html and phish.php files to the htdocs folder. Your htdocs folder will look like below.

Let’s check if our phishing page is ready by typing the address of our site. If the page is like below, then our phishing page is working.

The next thing we have to do is to send address of our fake website to the victim. We will do this through sending him an email but in order for the victim not to smell something fishy, we will obfuscate the URL of the fake page we are about to send him. The sending email address should be as convincingly close to Facebook as possible.

When the victim clicks on the obfuscated URL, it will bring him to our fake site.

If the victim is not cautious enough as to observing the URL and enters his username and password, our attempt is a success. To show this, I will enter random values in both username field and password field and hit Enter.

Now a txt file with name pass.txt will be created in the htdocs folder containing both the username and the password.

Click on the file. We can see both the email and the password i have entered. The email is “don’t get hacked” and the password is “like me”.

See how to phish with Weeman HTTP Server and GoPhish.

Hello aspiring Ethical Hackers. In this blogpost you will learn how to analyze port scanning results of Nmap. Scanning plays a very important role in hacking a system. Scanning is a phase in which we find out the ports which are open and the services listening on those ports. NMap is the most popular port scanner being used security guys nowadays. Read complete guide to Nmap. It is very important to understand results of Nmap port scan. Nmap classifies ports into six states. They are, open, closed, filtered, unfiltered, open | filtered and closed | filtered.

Let us find out when Nmap classifies ports into specific states. To demonstrate the results of port scanning performed my Nmap, I use two virtual machines,

1. Kali Linux as attacker system.

2. Windows 10 as target system.

On the target system, I enable or install a SSH server. You can learn how to install a SSH server here. For this tutorial, I will be scanning this SSH port with Nmap.

1. Closed:

Nmap classifies a port as closed when the port is accessible but there is no application listening on it. When I perform a default Nmap scan from the Kali system of port 22 of the target machine, I get a “closed” result as shown below.

nmap -sT –p22 <target ip>

Note that on our target machine, we have installed the SSH server but not yet started it.

2. Filtered:

Nmap classifies a port as filtered when it can’t determine whether the port is open or closed because packet filtering prevents its probes from reaching the port. Let’s now start the SSH server and scan again. This time when we scan the same port again, we get a “filtered” result as shown below.

nmap -sT -Pn –p22 <target ip>

This is because although we have started the SSH service on the target system, Windows Defender Firewall, which is turned ON by default, is blocking our connection to the target port. When Nmap classifies a port as filtered, it is most likely that a firewall is blocking our probes.

3. Open:

Nmap classifies a port as open when the port is accessible and if an application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. On our target system, let’s change the Windows Defender Firewall settings to allow the SSH service through the Firewall as shown below and scan the service again.

The result I get is “open”. This is because the SSH server is actively accepting connections.

4. Unfiltered:

Nmap classifies a port as unfiltered when a port is accessible but it can’t determine whether it is open or closed. A port is classified as unfiltered only with the ACK scan. L earn about different scans that can be performed with Nmap.

nmap -sA –p22 <target ip>

This scan cannot determine if the port is open or closed and is generally used to find out rules of the firewall.

5. Closed | filtered:

Nmap gives this result when it can’t find out whether a port is closed or filtered. A port is classified this way by Nmap only when we perform IDLE scan. Now what is IDLE scan? Idle scan is a scan in which we use a zombie host to scan the victim. In our example, we use another host with IP 192.168.40.1 as a zombie to perform IDLE scan on our victim.

nmap -sI <zombie_host> -p22 <target ip>

6. Open | filtered:

A port is classified as open | filtered when Nmap is unable to determine whether a port is open or filtered. This happens for scan types in which open ports give no response. The UDP, IP protocol, FIN, NULL and XMAS scans classify ports this way.

The port is classified as “open | filtered” in above cases because Nmap can’t determine whether the port is open or filtered.

Author: kanishka10

Understanding port scanning results of Nmap

Categories