Book Image

Nmap: Network Exploration and Security Auditing Cookbook - Second Edition

By : Paulino Calderon
Book Image

Nmap: Network Exploration and Security Auditing Cookbook - Second Edition

By: Paulino Calderon

Overview of this book

This is the second edition of ‘Nmap 6: Network Exploration and Security Auditing Cookbook’. A book aimed for anyone who wants to master Nmap and its scripting engine through practical tasks for system administrators and penetration testers. Besides introducing the most powerful features of Nmap and related tools, common security auditing tasks for local and remote networks, web applications, databases, mail servers, Microsoft Windows machines and even ICS SCADA systems are explained step by step with exact commands and argument explanations. The book starts with the basic usage of Nmap and related tools like Ncat, Ncrack, Ndiff and Zenmap. The Nmap Scripting Engine is thoroughly covered through security checks used commonly in real-life scenarios applied for different types of systems. New chapters for Microsoft Windows and ICS SCADA systems were added and every recipe was revised. This edition reflects the latest updates and hottest additions to the Nmap project to date. The book will also introduce you to Lua programming and NSE script development allowing you to extend further the power of Nmap.
Table of Contents (25 chapters)
Title Page
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
13
Brute Force Password Auditing Options
17
References and Additional Reading

Finding HMI systems


Human Machine Interface (HMI) systems can be found in SCADA networks regularly and they do not necessarily operate on the same ports as other ICS/SCADA devices. (However, some HMIs use ICS protocols). For example, Sielco Sistemi Winlog is a simple but very popular HMI software for PCs that has remote exploits publicly available.

This recipe shows you how to identify Sielco Sistemi Winlog instances (and HMI systems in general) on the network with Nmap.

How to do it...

To find Sielco Sistemi Winlog instances, run the following command:

$ nmap -Pn -sT -p46824 <target>

Server instances running on TCP port 46824 might indicate that this is a Sielco Winlog server.

How it works...

Sielco Sistemi Winlog's server runs on TCP port 46824 and it has been found to be susceptible to a critical remote code execution vulnerability. We used the  nmap-Pn -sT -p46824 <target> command to identify if the target is running a server on port 46824 (-p46824). Once you have identified this...