1 Cyber Security

Nmap & Metasploit Framework

Nmap
1. nmap:
o This is the command-line tool used for network scanning. It is a popular tool for
discovering hosts, services, and vulnerabilities on a network.
2. -Pn:
o This option tells Nmap not to perform a host discovery (i.e., it skips the step where
Nmap checks if the target is up or reachable). This is useful if the target is behind a
firewall that blocks ICMP (ping) requests or you already know the host is up.
3. -sS:
o This specifies a TCP SYN scan, often referred to as a half-open scan. It is a stealthier
scanning method where Nmap sends SYN packets and listens for responses. This
method does not complete the TCP handshake, which helps evade detection by
some intrusion detection systems (IDS).
4. -sV:
o This option enables service version detection. Nmap will attempt to determine the
version of the services running on open ports, providing more detailed information
about the services (e.g., software name, version).
5. -A:
o This flag enables aggressive scanning. It includes a combination of several Nmap
options:
 Operating system detection (-O).
 Service version detection (-sV).
 Script scanning (using Nmap Scripting Engine).
 Traceroute (to map network routes).
 This provides a detailed report with maximum information about the target
system.
6. --script vuln:
o This option runs a vulnerability scan using Nmap’s vuln scripts from the Nmap
Scripting Engine (NSE). The vuln category of scripts will test the target for known
vulnerabilities (e.g., misconfigurations or software vulnerabilities) and provide alerts
about potential security risks.
7. -sU:
o This enables a UDP scan (in addition to the default TCP scan). It is used to discover
open UDP ports on the target. UDP does not have the same connection-handling
mechanisms as TCP, so scanning UDP ports often requires different techniques.
8. -T4:
o This sets the timing template to 4, which is aggressive. It increases the speed of the
scan by reducing timeouts between probes and increasing the parallelism of the
scan. While it makes the scan faster, it also makes it more likely to be detected by
intrusion detection systems (IDS).
9. -O:

Cyber Crime Quick Response Team: 1930 To contact me.

Indian Computer Emergency Response Team: https://www.cert-in.org.in/

2 Cyber Security

o This enables Operating System detection. Nmap will attempt to determine the
operating system (OS) running on the target machine based on various factors like
TCP/IP stack behavior.
10. $IP:
o This is a placeholder for the target IP address you wish to scan. $IP should be
replaced with the actual IP address or hostname of the target system.
11. -oN abc.txt:
o This option specifies that the results of the scan should be saved to a normal output
file named abc.txt. The -oN flag stores the scan results in a human-readable format.

Metasploit Framework:

1. Exploit

An exploit is a piece of code or a method that takes advantage of a vulnerability in a system,

application, or service. Metasploit contains a wide variety of exploits for different
vulnerabilities in various platforms (Windows, Linux, macOS, etc.). When a vulnerability is
identified, the corresponding exploit can be used to gain access to the target system.

 Example: Exploit code that leverages a buffer overflow to gain unauthorized access.

2. Auxiliary

An auxiliary module in Metasploit is not intended for exploitation but rather for other tasks
such as scanning, enumeration, and denial-of-service attacks. They are useful for gathering
information and conducting reconnaissance during a penetration test.

 Example: An auxiliary module could be used to scan for open ports or identify running
services.

3. Post

A post module refers to actions that are performed after an initial successful exploitation.
These modules help in further compromising the system once access is gained. They can be
used to escalate privileges, gather system information, or maintain persistence on the
target.

 Example: A post-exploitation module could be used to dump password hashes from a

compromised system.

4. Payload

Cyber Crime Quick Response Team: 1930 To contact me.

Indian Computer Emergency Response Team: https://www.cert-in.org.in/

3 Cyber Security

A payload is the code that is delivered by the exploit and is responsible for executing a
specific action once the vulnerability is successfully exploited. Payloads can range from
simple reverse shells to more complex actions like creating a backdoor or stealing data.

 Reverse shell: A payload that allows the attacker to execute commands on the target system
remotely.
 Meterpreter: A sophisticated and interactive payload that provides full control over the
target system.

5. Encoders

An encoder is used to obfuscate or encode the payload to evade detection by security

software (such as antivirus programs). The goal is to make the payload look like benign code
to bypass signature-based detection systems.

 Example: Encoding a payload to hide its true nature from antivirus scanners that look for
known patterns.

6. NOPs

A NOP (No Operation) is a type of instruction in a program that does nothing. In Metasploit,
NOPs are used to pad the exploit code to ensure that the payload is properly aligned in
memory. NOP sleds are often used in buffer overflow exploits to ensure that the payload is
reached even if the exact return address isn't known.

 Example: A NOP sled might be used in a buffer overflow attack to ensure the payload is
reliably executed.

7. Evasion

Evasion techniques refer to methods used to bypass security defenses, such as firewalls,
intrusion detection/prevention systems (IDS/IPS), or antivirus software. In Metasploit,
evasion can involve encoding payloads, altering network traffic, or changing the behavior of
exploits to avoid detection.

 Example: Using a Metasploit evasion module to modify the payload or exploit so that it looks
like normal, safe traffic, or bypasses a security filter.

Cyber Security Complain

Department of Telecommunications: https://sancharsaathi.gov.in/

 Block Your Lost/Stolen Mobile Handset

 Know Mobile Connections in Your Name
Cyber Crime Quick Response Team: 1930 To contact me.

Indian Computer Emergency Response Team: https://www.cert-in.org.in/

4 Cyber Security

 Chakshu - Report Suspected Fraud & Unsolicited Commercial Communication

 Know Genuineness of Your Mobile Handset
 Report Incoming International Call with Indian Number
 Know Your Wireline Internet Service Provider

Cyber Crime Quick Response Team: 1930 To contact me.

Indian Computer Emergency Response Team: https://www.cert-in.org.in/