As promised back in November, here is the first of my penetration testing tutorials. This tutorial will deal with the basics of Nmap, the popular port scanning security tool.

For this tutorial, you will need:

• Nmap
• A host (or hosts) that you own, or that you have permission to scan.

The host can be your computer (just use 127.0.0.1 as the IP address), or your home WiFi router (you can usually find the IP address of this in your network settings).

Performing your First Scan

The first thing we will do is run a default Nmap scan against an IP address. Enter the following command at your command prompt, or if you are using Zenmap (the graphical front-end to Nmap), put the command in the “Command” box.

nmap 192.168.1.1

Of course, replace 192.168.1.1 with the IP address you wish to scan (192.168.1.1 is the address of my home router). Then press enter. Nmap will start scanning the IP address you gave it, and should produce something like the following output:

Nmap Default Scan

As you can see, Nmap has detected that the host is up, and that it has 6 ports open or filtered. The entire scan took 9.37 seconds. What did Nmap actually do though? To understand this better, re-run the scan but add the -vv flag to the command:

nmap -vv 192.168.1.1

I’ve been pretty absent from both blogging and tweeting recently as I left my job as a Security Researcher to do penetration testing for Convergent Network Solutions. This involved moving from Reading to London, which was great since I’ve always wanted to live there. Other than starting what I hope will be a long career as a Penetration Tester, I’ve also been working on my MSc, where I am developing a web application fuzz tester.

Of course, there are already a lot of fuzz testers out there, especially for web apps, so mine will be “special” in a number of ways. Firstly, it will be a command-line tool so that users can run it from machines without a display manager (always useful). Secondly, it will use an XML-based “scripting” language that I have developed, which will allow people not familiar with programming (QA teams for instance) to easily write tests in a structured way that they can understand. Finally, it will support multiple fuzzing methods including a simple list of values, incrementing numbers, and completely random data.

I hope to open source it at the end of development, and of course I’ll make any such announcements on this blog.

I’ve been exceedingly busy as of late, and so haven’t been able to keep track of recent news in the realm of Information Security or the like, let alone compose blog posts to condense such news pieces into understandable material. My girlfriend has been rather ill, and we’ve been rushing in and out of hospital, so obviously this blog wasn’t the first thing on my mind. Everything is going OK now though, so I thought I’d post a few updates on what I am doing in life, and with the blog.

I started term last week, and so far I’ve signed up for far more courses than I can actually take for the end of year exams (in May), which means I’ll have to drop a few of them later in the year. I can choose up to 3 modules this term, and so far my only “definite” choice is Advanced Cryptography. I’m also quite attracted to Digital Forensics, which means my main choice is between Standards and Evaluation Criteria, Computer Crime, and Security Testing Theory and Practice.

Of course, these courses are just the ones I am taking the exams for; I can still attend any courses free of charge this term; I just won’t be able to get any credit for them. The Standards and Computer Crime courses are less technical, and more aimed towards people aiming at going into Security Management, but they still touch on some nice aspects of Information Security that could be useful to know. Since I’m most probably doing Digital Forensics, the Security Testing course is a good one to pair it up with, which is why I’ll most likely choose it for my main exams. I’ll let you all know what I decide!

My next update is in terms of some new tech I’m getting (after a nice spending spree on Amazon). I’ve ordered two new USB Wireless Adaptors (N and N+) from Belkin, mainly to do some analysis of networks around campus, but also to try some attacks on a few networks some of my fellow students own. I’ve also managed to go a few months now without a USB stick, which doesn’t make any sense, so I decided to buy a Corsair 16GB one.

The main purchase was something I’ve been meaning to buy for a long time; a netbook! After a few weeks of looking around, I finally decided on the Asus Eee PC 1018P. I had been looking at the 1015PE, which was about £90 cheaper on Amazon (thanks to a deal), and had a slightly better battery. The reason I decided on the more expensive version was threefold: the 1018P is faster, has USB 3.0 ports, and comes with a fingerprint scanner, which will be useful in doing tests on biometric security. Any results I get from such testing will of course be posted on this blog.

So those are my updates for now. All I have to do is wait for the netbook to arrive, and then I’ll be installing BackTrack Linux, which is a distribution of Linux aimed at penetration testing. I’ve read that it can be installed on my Eee, but I’ve never tried it before, and since the Eee has no CD Drive, it should be a fun experience! I’ll of course keep you all updated and possibly write a tutorial if I find a good fast way of doing it.