Book Image

Nmap: Network Exploration and Security Auditing Cookbook - Second Edition

By : Paulino Calderon
Book Image

Nmap: Network Exploration and Security Auditing Cookbook - Second Edition

By: Paulino Calderon

Overview of this book

This is the second edition of ‘Nmap 6: Network Exploration and Security Auditing Cookbook’. A book aimed for anyone who wants to master Nmap and its scripting engine through practical tasks for system administrators and penetration testers. Besides introducing the most powerful features of Nmap and related tools, common security auditing tasks for local and remote networks, web applications, databases, mail servers, Microsoft Windows machines and even ICS SCADA systems are explained step by step with exact commands and argument explanations. The book starts with the basic usage of Nmap and related tools like Ncat, Ncrack, Ndiff and Zenmap. The Nmap Scripting Engine is thoroughly covered through security checks used commonly in real-life scenarios applied for different types of systems. New chapters for Microsoft Windows and ICS SCADA systems were added and every recipe was revised. This edition reflects the latest updates and hottest additions to the Nmap project to date. The book will also introduce you to Lua programming and NSE script development allowing you to extend further the power of Nmap.
Table of Contents (18 chapters)
13
Brute Force Password Auditing Options
17
References and Additional Reading

Running Lua scripts against a network connection with Ncat

Ncat allows users to read, write, redirect, and modify network data in some very interesting ways. Think about it as an enhanced version of the traditional tool netcat. Ncatoffers the possibility of running external commands in different ways once a connection has been established successfully. One way is with the help of Lua scripts that act as programs and allow users to perform any task they wish.

The following recipe will show you how to run a HTTP server contained in a Lua script with Ncat.

How to do it...

  1. Running Lua scripts against network connections in Ncat is very straightforward; just use the --lua-exec option to point to the Lua script you want to execute and the listening port or host to connect:
$ncat --lua-exec <path to Lua script> --listen 80      
  1. To start a web server with Ncat, locate the httpd.lua script inside your Ncat's script folder and use the command:
$ncat --lua-exec /path/to/httpd.lua --listen 8080 --keep-open      
  1. Ncat will start listening on port 8080 and execute the Lua program specified on connection. You may verify that the script is running correctly by pointing a web browser to that direction and checking whether the Got a request for message appears on the output.

How it works...

If you have ever used netcat, you will be familiar with Ncat. Similarly, Ncat can be put into listening (--listen) and connect mode. However, netcat lacks the --lua-exec option, which serves the purpose of executing an external Lua program against network sockets. This option is very handy for scripting tasks aimed at testing or debugging a wide range of services. The main strength of using this execution mode is that the programs are cross-platform as they are executed on the same built-in interpreter.

The httpd.lua script is an example distributed with Ncat to illustrate service emulation, but it should be clear that our options are endless. Lua is a very powerful language, and many tasks can be scripted with a few lines.

There's more...

Other ways of executing external commands with Ncat

Ncat supports three options to execute external programs:

  • --exec: This runs command without shell interpretation
  • --sh-exec: This runs command by passing a string to a system shell
  • --lua-exec: This runs Lua script using the built-in interpreter