Checking for open doors - Using NMap
Ever try to break into a house but you didn’t know what entrances were open for you? I know its happened to me before (long story - maybe some other time). Trying to break into a computer that you are unsure of which entrances are open can be just as frustrating. Just like breaking into a house, there are two ways we can approach this. The first is brute force which means we try each and every way. This can become very tiresome and time consuming (especially with those second and third story windows…). The second is just to give up and move onto an easier target where everything is laid out for us. But where is the fun in that? Eh?
Just as every house has doors and windows, every computer has ports. Unfortunately, they have a huge range of ports (tens of thousands). Now who wants to sit back and try to get into each and every one of those ports? Definitely not me.
Lucky for us there’s something that can help. Its called NMap and is used to scan a computer for open ports - hence the term ‘port scanner’. When we run NMap, it does its thing and then returns a list of ports and what is using on them. This gives us an idea of what is being ran on the computer and where we can get into it from.
The first step to using NMap (as it is with any software) is installing it. Most Linux distrobutions will have NMap in a repository, so if you’re using Linux, it won’t be that hard to install. However, if you are running Mac OS X, Windows or just feel like being hardcore and compiling from scratch, you can download NMap from its website.
After you get NMap installed (you did install it, right?) let’s try it out by checking out what is running on your current computer. As we all know, we can reference the computer we are using in three different ways. Can anyone name them? I can!
- 127.0.0.1
- localhost or another network name for your computer
- Your network IP
For the sake of ease, I’m going to be calling my computer localhost. Run NMap on yourself using:
nmap localhost
This will return all open ports on your computer and what services are running one each port. For example, mine returns:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql
Those are all the ports and services that I have running on my Gentoo server at home. Don’t think you’re going to break into it - none of the ports are accessible from the outside.
You can extend the results returned by adding extra arguments to your NMap command. Normally, to get good results, I run:
nmap -A -T4 localhost
-A means to enable OS (Operating System) and version detection. -T4 is used for faster execution.
When I run NMap -A -T4 it returns the versions of the software I have running and it also makes an educated guess at what OS is running. For example, it tells me that the http server is Apache httpd and that I’m running OpenSSH 4.7 (protocol 2.0). All of this is useful information, especially if you’re trying to find a software exploit for a system.
If NMap has caught your eye and you’d like to work more with it, let me know. I plan on going a bit further into the use of NMap in another article soon. Have fun and remember - if the doors are locked, its probably for a reason.