This document provides instructions on how to conduct a port scan of an entire country to map out its internet infrastructure and identify vulnerable systems. It describes obtaining a list of the country's IP address ranges, selecting important services to scan for, using nmap and custom Python and C scripts to perform a fast initial scan for open ports followed by a slower scan to identify service versions. The results are stored in a database and visualized in a custom web application for analysis. Distributed scanning is implemented using a Raspberry Pi cluster. The purpose is presented as security research, but instructions are also given on how an attacker could use the same techniques to cause damage or steal information.
Developers and researchers are confronted with a huge number of tools and technologies in their daily work, each of which has its own pros and cons. This realization is important for network devices intended to stop attacks — they should be “omnivores” with regard to network protocols. The speaker’s passion is to study and recreate various hacker attacks, exploits and tactics at the network level in order to develop reliable detection techniques for intrusion detection systems. While working on lots of attacks he noticed some tiny network conditions when a packet sequence slip away from IDS system but get to the target. Will your IDS system detect data network connection was broken? Using nc and a Linux machine, the speaker will demonstrate 4 CVEs he found for bypassing IDS systems, based on the example of the popular Suricata IDS.
Developers and researchers are confronted with a huge number of tools and technologies in their daily work, each of which has its own pros and cons. This realization is important for network devices intended to stop attacks — they should be “omnivores” with regard to network protocols. The speaker’s passion is to study and recreate various hacker attacks, exploits and tactics at the network level in order to develop reliable detection techniques for intrusion detection systems. While working on lots of attacks he noticed some tiny network conditions when a packet sequence slip away from IDS system but get to the target. Will your IDS system detect data network connection was broken? Using nc and a Linux machine, the speaker will demonstrate 4 CVEs he found for bypassing IDS systems, based on the example of the popular Suricata IDS.
Nmap (Network Mapper} is and an Open Source utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network.It can be used for IT auditing and asset discovery as well as security profiling of the network.
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
Learn the basics of network penetration testing success - an introduction to the top three tools that will help you on your security journey: Nmap, Netcat, and Metasploit. See how to use Nmap both for port scanning and vulnerability discovery. You'll also learn how to use Netcat to grab banners, make HTTP requests, and create both reverse and bind shells. Finally, we’ll learn the ins and outs of Metasploit, including how to integrate our Nmap scan results for even more ownage and using the built-in exploits to get shells.
At the end of this, you will be port scanning, creating payloads, and popping shells. This technical workshop is designed to familiarize you with the necessary tools to continue your ethical hacking journey. From here, take your l33t new skillz and apply them to Capture The Flag (CTF) competitions or scanning your home network for vulnerabilities.
(This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).
www.lifein01.com - for more info
Nmap uses raw IP packets in novel ways to determine what
hosts are available on the network,
services (application name and version) those hosts are offering,
operating systems (and OS versions) they are running,
type of packet filters/firewalls are in use, and dozens of other characteristics.
Powerful tool to #analyze voice #streams recorded in PCAP files. On top of network metrics and standard E-model MOS one receives waveform analysis of all the audio streams and metrics related to reasons for audio quality degradation.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Nmap (Network Mapper} is and an Open Source utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network.It can be used for IT auditing and asset discovery as well as security profiling of the network.
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
Learn the basics of network penetration testing success - an introduction to the top three tools that will help you on your security journey: Nmap, Netcat, and Metasploit. See how to use Nmap both for port scanning and vulnerability discovery. You'll also learn how to use Netcat to grab banners, make HTTP requests, and create both reverse and bind shells. Finally, we’ll learn the ins and outs of Metasploit, including how to integrate our Nmap scan results for even more ownage and using the built-in exploits to get shells.
At the end of this, you will be port scanning, creating payloads, and popping shells. This technical workshop is designed to familiarize you with the necessary tools to continue your ethical hacking journey. From here, take your l33t new skillz and apply them to Capture The Flag (CTF) competitions or scanning your home network for vulnerabilities.
(This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).
www.lifein01.com - for more info
Nmap uses raw IP packets in novel ways to determine what
hosts are available on the network,
services (application name and version) those hosts are offering,
operating systems (and OS versions) they are running,
type of packet filters/firewalls are in use, and dozens of other characteristics.
Powerful tool to #analyze voice #streams recorded in PCAP files. On top of network metrics and standard E-model MOS one receives waveform analysis of all the audio streams and metrics related to reasons for audio quality degradation.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Mr. Donald Rumsfeld, former Defence Secretary of USA, stated in his book "Known and Unknown: A Memoir" that "There are known knowns, things we know that we know; and there are known unknowns, things that we know we don't know. But there are also unknown unknowns, things we do not know we don't know." And to know that unknowns of the unknown, my journey with the APNIC honeynet project started and I am going to share my experiences here in this talk.
Practical White Hat Hacker Training - Active Information GatheringPRISMA CSI
This presentation part of Prisma CSI's Practical White Hat Hacker Training v1
PRISMA CSI • Cyber Security and Intelligence www.prismacsi.com
This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
The implementation of two telematic services. One is a web server and the other is a document manager server. Can show how make test and implements telematic services
Slides from Bsides Lisbon 2023 about practical use cases for AI in cybersecurity - this presentation attempts to build the knowledge of cybersecurity professionals in the world of AI and present a set of tools and techniques they can use on their day to day.
Pixels Camp 2017 - Stories from the trenches of building a data architectureTiago Henriques
We live in a Data-centric era. Nowadays we have at our disposal an enormous variety of services using data. Behind those services there are architectures supporting the flowing and processing of that data. BinaryEdge.io is no exception. Supporting our platform, we have a data architecture processing 1000s of events per second, which was built and is currently maintained by us. In this talk we are going to review the parts that compose a data architecture, and discuss which tools can be used at each step to arrive at a functional architecture. Note that the insights given will not be based of theoretical documents or truckloads of years of experience, but on our own experience of building and maintaining a large scale data infrastructure and architecture
Pixels Camp 2017 - Stranger Things the internet versionTiago Henriques
Much like Eleven and the gang, we at BinaryEdge sometimes are confronted with real monsters. Unlike in the series "Stranger Things" however, the monsters we're faced with take different shapes. Our monsters are usually found in the shape of weird things people connect to the internet. Often we're asked "What is the craziest things you guys have found connected to the internet?" In this talk we intend to answer and show exactly that. If you've seen our previous talks and/or read our "World Security Report" for 2016 (ise.binaryedge.io) you know that we have found some of the weirdest things online. From water dams, to electricity grids, and nuclear laboratory sensors, people simply love connecting things to the internet. And in this talk, we are going to explore the top "things" we've found exposed, talk about the different protocols they use and also allow YOU live on talk to search for your own things! On this talk we will also release our 2017 report, where we show how we detected some of the NSA tools such as Double pulsar. We will also make an interesting reveal on this topic. :)
Webzurich - The State of Web Security in SwitzerlandTiago Henriques
On this talk BinaryEdge looked at the state of the main Websites of Switzerland, we also looked at the 3 pillars that it stands on banking, insurance and pharma and how they looked from an external perspective.
BSides Lisbon - Data science, machine learning and cybersecurity Tiago Henriques
In this talk we will present some techniques that we use on a day to day basis in our research, where we combine our internet-wide data scanning and acquisition platform with ML/Data science techniques which allows us to find things faster or extract results in a more automated way. We will focus on practical cases and examples that even our audience at home will be able to use if they want. A couple of examples we will look at is how to classify images such as VNC screenshots, we will look at network scans and using machine learning to classify them and also the use of natural language processing to analyze CVEs. We will also talk a bit about a data analysis and classification pipeline architecture, we will look at the different technologies and what they do and how they can be used.
We will start by giving a very brief entry to the data science world and talk about:
Technologies
Techniques
How these relate to infosec
Algorithms and how they can be used
How people can come into the world of data and machine learning
Data visualization techniques and what are the best choices for different types of data
A couple of examples we will look at is how to classify images such as VNC or x11 screenshots, OCR, we will look at network scans and using machine learning to classify them and also the use of natural language processing to analyze CVEs. We will look at scoring and classification algorithms and how they can be used on ip addresses and we will talk about the use of learning and how we are applying it in real life.
We will also talk a bit about a data analysis and classification pipeline architecture, we will look at the different technologies and what they do and how they can be used. Some specific examples of our research that should give you an idea of some things we will talk about can be seen here:
https://blog.binaryedge.io/2015/11/10/ssh/
https://blog.binaryedge.io/2015/09/30/vnc-image-analysis-and-data-science/
https://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/
Bruno Morisson e Herman Duarte (http://pt.linkedin.com/in/morisson /http://pt.linkedin.com/in/hcoduarte)
Título: (ab)using SSH - Tips & Tricks for Pentesters and Sysadmins
1. HOW TO DOMINATE A COUNTRY.
Codebits 2012
T.H.,J.F.,T.M.,F.R.
@PTCoreSec
2. WHAT ARE YOU ?
We are:
• Security Researchers
• Security enthusiasts
• Students, corporate sheep (read: auditors),
programmers, pentesters
• Beer lovers
We are not :
• Lulzsec
• Anonymous
• Hacking group
• And no we wont help you hack you girlfriends facebook!
• Ok… that depends on the amount of beer
involved!
3. WHO ARE YOU ?
• Tiago Henriques • Tiago Martins
• Team founder and leader @ PTCoreSec • Team vice-founder @ PTCoreSec
• Pentester/Researcher @ 7Elements • Researcher
• @Balgan • @Gank_101
• Filipe Reis
• Jean Figueiredo
• Programmer @ PTCoreSec
• Network security researcher @ PTCoreSec
• Intern @ Layer8
• Netsec admin @ Tecnocom
• @fjdreis
• @klinzter
6. WE ARE NOT
RESPONSIBLE FOR ANY ILLEGAL
ACTS OR ACTIONS PRACTICED BY
YOU OR ANYONE THAT LEARNS
SOMETHING FROM TODAY’S
PRESENTATION.
7. CAUSING CHAOS.
Q:If you guys were an attacker that
was out to cause real damage or get
profit, how would you go on about it ?
A:This is what we would do, control as
many machines in that country,
penetrate critical systems and get as
much intel/info as possible.
9. HOW IT ALL GOT STARTED
We’re hackers! We love knowing how to break things and how
others would go on about breaking things!
The difference between us and others is simple:
• We want to break things legally and find a way to fix things.
• We want to learn about new things and help people.
11. HOW IT ALL GOT STARTED
We saw some talks that really inspired us given by two great people
HD Moore Fyodor
12. HOWEVER…
We also ran into a bit of a problem…
Portscanning might or might not be illegal in Portugal!
No one is actually sure, and we talked with multiple people:
• Police
• Sysadmins
• Researchers
• Security professionals
13. WHAT TO DO ?
• So, if you can’t port scan, how do u find out what ur enemies attack
surface is ?
• How do u know out if the entire infrastructure u rely on everyday is
vulnerable or safe?
• Security by obscurity? Right that works well….
But like I said before…we’re hackers, so we hacked the law and rules and bent
them to our favor!
14. WHAT TO DO ?
• Port scanning isn’t illegal in 2 nice places! Sweden and USA!
• So we got 2 friends of ours who knew nothing of portscanning and
wanted to learn, taught them how to portscan the big internets, and
then they sent the raw results to us…
15. PORT SCANNING
• Tools of the trade:
• Nmap
• Wkhtmltoimage
• Python
• Scapy
• Linux
• NodeJS
• MongoDB
• C
• Redbull + Lots of nights awake +
Frustration
16. PORT SCANNING - PROCESS
1. Get Portugal’s CIDRs
2. Decide on a set of services you consider important
3. Check which ip’s have those port’s open
Actual scanning.
4. Check versions running of those services
17. PORT SCANNING - PROCESS
1. Get Portugal’s CIDRs
There are two places where you can get these:
• http://software77.net/geo-ip/
• ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest
2.80.0.0/14 62.48.192.0/18 81.90.48.0/20
5.43.0.0/18 62.169.64.0/18 81.92.192.0/20
5.44.192.0/20 62.249.0.0/19 81.92.208.0/20
5.158.0.0/18 77.54.0.0/16 81.193.0.0/16
5.159.216.0/21 77.91.200.0/21 82.102.0.0/18
5.172.144.0/21 78.29.128.0/18 82.154.0.0/15
31.22.128.0/17 78.130.0.0/17 83.132.0.0/16
37.28.192.0/18 78.137.192.0/18 83.144.128.0/18
37.189.0.0/16 79.168.0.0/15 83.174.0.0/18
46.50.0.0/17 80.172.0.0/16 83.223.160.0/19
46.182.32.0/21 80.243.80.0/20 83.240.128.0/17
46.189.128.0/17 81.20.240.0/20 84.18.224.0/19
62.28.0.0/16 81.84.0.0/16 84.23.192.0/19
62.48.128.0/18 81.90.48.0/20 84.90.0.0/15
18. PORT SCANNING - PROCESS
2. Decide on a set of services you consider important
ID Port Number TCP/UDP Service 11 1900UDP UPNP
1 80TCP http 12 2869TCP UPNP
2 443TCP https 13 5353UDP MDNS
3 8080TCP http alternative 14 137TCP Netbios
4 21TCP FTP 15 25TCP SMTP
5 22TCP SSH 16 110TCP POP3
6 23TCP Telnet 17 143TCP IMAP
7 53UDP DNS 18 3306TCP Mysql
8 445TCP Samba 19 5900TCP VNC Server
9 139TCP Samba 20 17185UDP VoIP
10 161UDP SNMP 21 3389TCP Rdesktop
22 8082TCP TR 069
19. PORT SCANNING - PROCESS
3. Check which ip’s have those port’s open
4. Check versions running of those services
This is where it get’s tricky!
20. PORT SCANNING - PROCESS
• Portugal on the internet….
5,822,240 allocated ip’s
Dynamic ips
GPRS
21. PORT SCANNING - PROCESS
• So as we mentioned, we devided the actual scanning into two parts!
And you might be wondering why…
Common nmap scan for TCP
nmap -iL ipswithftp -oA port21-FTP-with-Services -sS -sV -p21 -T5 -PN
The problem of this, is that DNS resolution and –sV (Service detection) are very slow.
So how do we solve this problem? We obviously want the domains the ips are associated with,
and the versions of the services running.
22. PORT SCANNING - PROCESS
• Do the fast things on the 6 mil ips and then do the slow stuff merely
on the ips that are running the service we want to analyse.
• nmap -iL CIDRSPT.txt -oA port21-FTP -sS -p21
-T5 -PN --host-timeout 1501 –min-hostgroup
400 --min-parallelism 10 -n
• Then we will have the list of ips that have FTP running on port 21 on
3 files:
• Port21-FTP.xml
• Port21-FTP.gnmap
• Port21-FTP.nmap
• Extract ips from gnmap:
cat port21-FTP.gnmap | grep -w "21/open" | awk '{print $2}' > IPSWITHFTP.TXT
23. PORT SCANNING - PROCESS
• Do the show things only the ips that have our service running.
• nmap -iL IPSWITHFTP.txt -oA port21-FTP-FINAL -sV -p21 -T5
-PN --host-timeout 1501 –min-hostgroup 400 --min-parallelism 10
• Then we will have the list of ips that have FTP running on port 21
AND the version of those services on 3 files:
• Port21-FTP-FINAL.xml
• Port21-FTP-FINAL.gnmap
• Port21-FTP-FINAL.nmap
24. PORT SCANNING - PROCESS
• However…we still have UDP… and let me tell u….
25. PORT SCANNING - PROCESS
Nmap also has a UDP mode… -sU however it doesn’t work very well
without -sV (read: its shit!), when testing it on our lab we noticed that
most of the times nmap wasn’t able to detect if there was a service
running or not.
The reason for this is: “UDP scanning is slow as open/filtered ports
typically don't respond so nmap has to time out and then retransmit
whilst closed ports will send a ICMP port unreachable error, which
systems typically rate limit.”
When we started, it took us around 4 Weeks to scan UDP on the
entire country on 1 port….
26. PORT SCANNING - PROCESS
Solution ?
SCAPY!
Server
Client
Service running on port:11111
27. PORT SCANNING - PROCESS
Result of that script ?
On lab testing….
28. PORT SCANNING - PROCESS
Result of that script ?
On internet testing….
29. PORT SCANNING - PROCESS
When we started, it took us around +4 Weeks to scan UDP on the entire country on 1 port
using NMap…. -We took this as a baseline first run to improve…
Our second run, we used python+scapy and it went down!!
1 week – well not bad for a second run, but 1 week for a port ?
Our third run, we used python+multithreading fu + scapy + blackmamba – 3 days – and this
was the best we brought it down to without bringing in the big guns (read: “asking HD Moore
for help”)
Forth run – C
Yup entire .pt (1 port ) scanned in 4 minutes and 45 seconds.
30. PORT SCANNING - END
So we had our kick ass
friends, send us our kick ass
raw results… now what do we
do with them ?
31. PORT SCANNING - END
Terminals are fun, BUT we want an easier way
to look at our data…
So…. We wrote a tool:
Presenting for the first time:
Nmap Query Center!
33. Store processed
Nmap scans scan data
run here
Socket.io Express
NodeJS
Nmap Minion Scan Mongo DB NodeJS
Importer
Process raw nmap data to json
so we can better process the Show all the pretty
information data to the client
34. PORT SCANNING - END
Well that’s it folks…
Thank you for coming
35. PORT SCANNING – END
Just kidding! We did promise a
few more things didn’t we ?
36. PORT SCANNING – THE PROJECT
While we were preparing for
codebits…
We received something in the
mail….
42. PORT SCANNING – HOW DOES IT WORK?
Step 1 – PTCoreSec admins request a job
(scan) on the backend.
Step 2 – Server side checks current number
of live raspi minions.
Step 3 – Server divides de CIDRS by the
different clients and sends them over.
Step 4 – Clients (minions) do the scans and
XMLRPC send them back to the server.
Step 5 – Server imports these scans into the
MongoDB backend.
48. BUSINESS
And that’s all really neat and pretty,
however there are 2 problems with that!
These guys don’t give a f***.
Management Blackhats
49. MANAGEMENT
Cares about:
• Money
• Money
• Money
Does:
• Will lie for PCI DSS/ISO27001/{Compliance}
This shit gives us,
• Approves every single thing even if it doesn’t
security peeps,
match security department goals but gets them headaches!
moneys.
50. BLACKHATS
I managed to acquire video footage
that shows these guys in action and
their vision of the world, lets have a
sneek peek!
52. I ASK ONLY ONE THING OF U
Leave your whitehats at home, and
53. SHODAN
SHODAN is a search engine that lets you find specific computers (routers,
servers, etc.) using a variety of filters. Some have also described it as a public
port scan directory or a search engine of banners.
Another way of putting it would be:
60. SHODAN
Accessing that website will give u a bar, where you can type queries and
obtain results.
Your queries, can ask for PORTS, Countries, strings contained in the
banners, and all sorts of other things
Following is a sample set of queries that can lead to some interesting
results:
75. SHODAN QUERIES OF AWESOMENESS
port:23 country:PT
Username:admin
Password:smcadmin
76. SHODAN QUERIES OF AWESOMENESS
port:23 list of built-in commands
Worldwide
Not a big number, however just telnet in and you get shell…
77. SHODAN QUERIES OF AWESOMENESS
port:161 country:PT
Worldwide
Portugal
78. SHODAN QUERIES OF AWESOMENESS
What sort of info do I get with SNMP ?
• Windows RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2
• Windows INSTALLED SOFTWARE 1.3.6.1.2.1.25.6.3.1.2
• Windows SYSTEM INFO 1.3.6.1.2.1.1.1
• Windows HOSTNAME 1.3.6.1.2.1.1.5
• Windows DOMAIN 1.3.6.1.4.1.77.1.4.1
• Windows UPTIME 1.3.6.1.2.1.1.3
• Windows USERS 1.3.6.1.4.1.77.1.2.25
• Windows SHARES 1.3.6.1.4.1.77.1.2.27
• Windows DISKS 1.3.6.1.2.1.25.2.3.1.3
• Windows SERVICES 1.3.6.1.4.1.77.1.2.3.1.1
• Windows LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0
• Windows LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0
79. SHODAN QUERIES OF AWESOMENESS
What sort of info do I get with SNMP ?
• Linux RUNNING PROCESSES 1.3.6.1.2.1.25.4.2.1.2
• Linux SYSTEM INFO 1.3.6.1.2.1.1.1
• Linux HOSTNAME 1.3.6.1.2.1.1.5
• Linux UPTIME 1.3.6.1.2.1.1.3
• Linux MOUNTPOINTS 1.3.6.1.2.1.25.2.3.1.3
• Linux RUNNING SOFTWARE PATHS 1.3.6.1.2.1.25.4.2.1.4
• Linux LISTENING UDP PORTS 1.3.6.1.2.1.7.5.1.2.0.0.0.0
• Linux LISTENING TCP PORTS 1.3.6.1.2.1.6.13.1.3.0.0.0.0
80. SHODAN QUERIES OF AWESOMENESS
What sort of info do I get with SNMP ?
• Cisco LAST TERMINAL USERS 1.3.6.1.4.1.9.9.43.1.1.6.1.8
• Cisco INTERFACES 1.3.6.1.2.1.2.2.1.2
• Cisco SYSTEM INFO 1.3.6.1.2.1.1.1
• Cisco HOSTNAME 1.3.6.1.2.1.1.5
• Cisco SNMPcommunities 1.3.6.1.6.3.12.1.3.1.4
• Cisco UPTIME 1.3.6.1.2.1.1.3
• Cisco IP ADDRESSES 1.3.6.1.2.1.4.20.1.1
• Cisco INTERFACE DESCRIPTIONS 1.3.6.1.2.1.31.1.1.1.18
• Cisco HARDWARE 1.3.6.1.2.1.47.1.1.1.1.2
• Cisco TACACS SERVER 1.3.6.1.4.1.9.2.1.5
• Cisco LOGMESSAGES 1.3.6.1.4.1.9.9.41.1.2.3.1.5
• Cisco PROCESSES 1.3.6.1.4.1.9.9.109.1.2.1.1.2
• Cisco SNMP TRAP SERVER 1.3.6.1.6.3.12.1.2.1.7
102. A LITTLE TIP…
If you want to quickly check for stuff
(web related) that has no
authentication, use NMAP!
103. A LITTLE TIP…
First, let’s get wkhtmltoimage:
wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2
tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2
cp wkhtmltoimage-i386 /usr/local/bin/
Next, let’s get and install the Nmap module:
git clone git://github.com/SpiderLabs/Nmap-Tools.git
cd Nmap-Tools/NSE/
cp http-screenshot.nse /usr/local/share/nmap/scripts/
nmap --script-updatedb
104. A LITTLE TIP…
Then, do your shodan search and use:
This automatically exports a list of ips u
can import into nmap
114. SHODAN – THE BAD PART
• Imports nmap scans from their servers
on a rotational basis, so its not always
100% updated! Confirmed this by
correlating some of the shodan results
with our personal results!
• For example on mysql servers, Shodan
would find 785, where our results
showed 3000+
115. SHODAN – THE GOOD PART
• Good querying system
• If port scanning is illegal in your
country, you’re out of trouble if u use
shodan, because ur just querying
data acquired by them.
117. Resources
http://secanalysis.com/interesting-shodan-searches/
blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html
http://www.youtube.com/watch?v=LPgZU7ZNIjQ - Defcon 18 2010 SHODAN
for Penetration Testers Michael Schearer
http://www.youtube.com/watch?v=Tg9ZAvynjdk – HD Moore – Empirical
Exploitation
http://www.youtube.com/watch?v=b-uPh99whw4 – HD Moore – Wild West
--host-timeout 1501 – waittheminimum time onhost-n don’t do DNS resolution--min-parallelism 10 - probes (instances)–min-hostgroup 400 - eachprobe does 400 hostsatthe time
--host-timeout 1501 – waittheminimum time onhost-n don’t do DNS resolution--min-parallelism 10 - probes (instances)–min-hostgroup 400 - eachprobe does 400 hostsatthe time
SAP applications, provide the capability to manage financial, asset, and cost accounting, production operations and materials, personnel, plants, and archived documents.