Know How...

Oct 29th 2015

Know How... 167

Stingrays, NMAP, Uconnect Fail, and Questions

Turns out, Stingrays capture voice too!
New episodes every Monday at 6:00pm Eastern / 3:00pm Pacific / 22:00 UTC and Thursday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
Category: Help & How To

The "Man-in-the-middle" attack known as "Stingrays" are back in the news, what is NMAP and how to use it, Blackhat Uconnect hack, and community questions.


What is NMAP?

nmap is an open source network tool/port scanner that can scan everything from a large network to a single host

* It uses raw IP packets to let us know what hosts are availible on a network, what ports they have open, what OS they are running and dozens of other parameters availible to those who are willing to dive into the network protocols

Where to get NMAP?

Quick Notes:

1. When you install NMAP on Windows, its going to install "WinPcap" service (Windows Packet Capture) service

-- Allow the install and let it run on startup.

2. I'm running all these commands in a shell that has root

3. There's a GUI, but I prefer the command line

Basic Commands:

1. Discover all IPs in a subnet -- "nmap -sP x.x.x.x/y" (This is a "ping scan")

** Where 'x.x.x.x' is the IPv4 address of the subnet you want to scan

** Where 'y' is the size of your address space

** For example: If I use "ipconfig /all" to determine that I have an address of and a mask of

-- I know my subnet is

-- My subnet size is /24

-- so I would use the command "nmap -sP"

** You can also use wildcards and ranges

-- Ex: "nmap" or "nmap 192.168.1"

** This tells nmap to send a icmp echo request to ports 443, and 80 to all addresses within the specified subnet.

-- This only gives us a list of devices that respond to that request

-- NOTE: Just because a device doesn't respond, that doesn't mean it's not there.

2. Identify Hostnames

-- "nmap -sL x.x.x.x/y"

** This will send a packet to all the hosts in the range and return their reported network names

3. Identify the Operating System

-- "nmap -O x.x.x.x" * This will attempt to identify the OS of the host 3. Scanning for Open Ports on a specific host

-- "nmap x.x.x.x"

** This will look at a specific host and tell you what ports are open on that host

4. Show Host Interface and Routes

-- "nmap --iflist"

5. Verbose!

-- Add "-v" to find out what's happening

6. Saving your scan to a text file

-- "nmap 'whatever you choose to do' > output.txt"

Connect with us!