{"id":4852,"date":"2012-07-27T12:57:30","date_gmt":"2012-07-27T15:57:30","guid":{"rendered":"http:\/\/www.ethicalhacker.com.br\/site\/?page_id=4852"},"modified":"2023-01-31T19:41:50","modified_gmt":"2023-01-31T22:41:50","slug":"scan","status":"publish","type":"page","link":"https:\/\/www.ethicalhacker.com.br\/site\/scan\/","title":{"rendered":"Metasploit Scanning"},"content":{"rendered":"<div><strong><span style=\"line-height: 12.800000190734863px;\">PARTE IV &#8211; SCANNING<\/span><\/strong><\/div>\n<div>Nesta fase verificamos as portas e servi\u00e7os ativos em nosso alvo.<\/div>\n<div>\n<ul>\n<li>Executando varredura simples:<\/li>\n<\/ul>\n<pre lang=\"shell\"> msf &gt; use auxiliary\/scanner\/portscan\/tcp\nmsf  auxiliary(tcp) &gt; set RHOSTS 192.168.1.108\nRHOSTS =&gt; 192.168.1.108\nmsf  auxiliary(tcp) &gt; set PORTS 1-4000\nPORTS =&gt; 1-4000\nmsf  auxiliary(tcp) &gt; set THREADS 30\nTHREADS =&gt; 30\nmsf  auxiliary(tcp) &gt; run\n\n[*] 192.168.1.108:23 - TCP OPEN\n[*] 192.168.1.108:25 - TCP OPEN\n[*] 192.168.1.108:22 - TCP OPEN\n[*] 192.168.1.108:21 - TCP OPEN\n[*] 192.168.1.108:53 - TCP OPEN\n[*] 192.168.1.108:80 - TCP OPEN\n[*] 192.168.1.108:139 - TCP OPEN\n[*] 192.168.1.108:445 - TCP OPEN\n[*] 192.168.1.108:3306 - TCP OPEN\n[*] 192.168.1.108:3632 - TCP OPEN\n[*] Scanned 1 of 1 hosts (100% complete)\n[*] Auxiliary module execution completed\n<\/pre>\n<p>Bem, vamos explicar:<br \/>\nprimeiramente utilizado o m\u00f3dulo de scan TCP, setamos o host alvo atrav\u00e9s do comando set rhosts, setamos as portas de 1 at\u00e9 4000, pois a varredura de 65535 portas n\u00e3o \u00e9 necess\u00e1rio aqui, setamos threads , ou seja, concorr\u00eancia em 30, vale ressaltar que devemos tomar cuidado, pois podem haver impactos no ambiente, por fim executamos a varredura atrav\u00e9s do comando run. Caso tenha d\u00favidas lembre-se que voc\u00ea pode utilizar o comando show options:<\/p>\n<pre lang=\"shell\">msf  auxiliary(tcp) &gt; show options\n\nModule options (auxiliary\/scanner\/portscan\/tcp):\n\n   Name         Current Setting  Required  Description\n   ----         ---------------  --------  -----------\n   CONCURRENCY  10               yes       The number of concurrent ports to check per host\n   FILTER                        no        The filter string for capturing traffic\n   INTERFACE                     no        The name of the interface\n   PCAPFILE                      no        The name of the PCAP capture file to process\n   PORTS        1-4000           yes       Ports to scan (e.g. 22-25,80,110-900)\n   RHOSTS       192.168.1.108    yes       The target address range or CIDR identifier\n   SNAPLEN      65535            yes       The number of bytes to capture\n   THREADS      30               yes       The number of concurrent threads\n   TIMEOUT      1000             yes       The socket connect timeout in milliseconds\n\n<\/pre>\n<p>Bem, a varredura TCP trabalha com a t\u00e9cnica TCP Connect() ou seja, Three-way Handshake (Handshake de tr\u00eas vias) , torna-se de f\u00e1cil detec\u00e7\u00e3o.<br \/>\nDiante disso vamos utilizar a t\u00e9cnica Syn ou Half Open, meia conex\u00e3o, pois n\u00e3o completa o Three-way.<\/p>\n<pre lang=\"shell\">msf &gt; use auxiliary\/scanner\/portscan\/syn\nmsf  auxiliary(syn) &gt; show options\n\nModule options (auxiliary\/scanner\/portscan\/syn):\n\n   Name       Current Setting  Required  Description\n   ----       ---------------  --------  -----------\n   BATCHSIZE  256              yes       The number of hosts to scan per set\n   INTERFACE                   no        The name of the interface\n   PORTS      1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)\n   RHOSTS                      yes       The target address range or CIDR identifier\n   SNAPLEN    65535            yes       The number of bytes to capture\n   THREADS    1                yes       The number of concurrent threads\n   TIMEOUT    500              yes       The reply read timeout in milliseconds\n\nmsf  auxiliary(syn) &gt; set RHOSTS 192.168.1.108\nRHOSTS =&gt; 192.168.1.108\nmsf  auxiliary(syn) &gt; set PORTS 1-4000\nPORTS =&gt; 1-4000\nmsf  auxiliary(syn) &gt; set THREADS 30\nTHREADS =&gt; 30\nmsf  auxiliary(syn) &gt; run\n\n[*]  TCP OPEN 192.168.1.108:21\n[*]  TCP OPEN 192.168.1.108:22\n[*]  TCP OPEN 192.168.1.108:23\n[*]  TCP OPEN 192.168.1.108:25\n[*]  TCP OPEN 192.168.1.108:53\n[*]  TCP OPEN 192.168.1.108:80\n[*]  TCP OPEN 192.168.1.108:139\n[*]  TCP OPEN 192.168.1.108:445\n[*]  TCP OPEN 192.168.1.108:3306\n[*]  TCP OPEN 192.168.1.108:3632\n[*] Scanned 1 of 1 hosts (100% complete)\n[*] Auxiliary module execution completed\n\n<\/pre>\n<p>Repare que obtivemos o mesmo resultado, por\u00e9m de forma mais silenciosa.<\/p>\n<p><strong>TCP Connect() &#8211; (Handshake de tr\u00eas vias) de f\u00e1cil detec\u00e7\u00e3o<br \/>\n<\/strong><br \/>\n<a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/thre-way-handshake.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-medium wp-image-4862\" title=\"thre-way-handshake\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/thre-way-handshake-271x300.png\"  alt=\"\" width=\"271\" height=\"300\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/thre-way-handshake-271x300.png 271w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/thre-way-handshake.png 458w\" sizes=\"auto, (max-width: 271px) 100vw, 271px\" \/><\/a><\/p>\n<p><strong>Half Open &#8211; Syn Connect &#8211; dificulta detec\u00e7\u00e3o <\/strong><br \/>\n<a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/syn.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-medium wp-image-4869\" title=\"syn\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/syn-300x217.png\"  alt=\"\" width=\"300\" height=\"217\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/syn-300x217.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/syn.png 417w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>PARTE IV &#8211; SCANNING Nesta fase verificamos as portas e servi\u00e7os ativos em nosso alvo. Executando varredura simples: msf &gt; use auxiliary\/scanner\/portscan\/tcp msf auxiliary(tcp) &gt; set RHOSTS 192.168.1.108 RHOSTS =&gt; 192.168.1.108 msf auxiliary(tcp) &gt; set PORTS 1-4000 PORTS =&gt; 1-4000 msf auxiliary(tcp) &gt; set THREADS 30 THREADS =&gt; 30 msf auxiliary(tcp) &gt; run [*] 192.168.1.108:23 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-4852","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages\/4852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=4852"}],"version-history":[{"count":25,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages\/4852\/revisions"}],"predecessor-version":[{"id":19759,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages\/4852\/revisions\/19759"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=4852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}