DEVIL'S BLOG ON SECURITY


A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES


Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials


Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed



Join facebook group THE HACKER DEVIL


Save Your Facebook Account-2

I hope you are back to know how you can save your facebook account from getting hacked. This time we will discus how you can protect your facebook accounts from password breaking tools. If you want to know about various facebook password hacking tools please read,


As a hacker you’ll find that there are many other tools that I have not compared in “Facebook Hacking Tools Compared”. The reason is quite simple I haven’t found them for download, following is list of tools I haven’t found yet,

Facebook Private Viewer 2.4
Facebook Private Viewer 2010
Captcha Killer
if you have them, send me I’ll surely review them for free within a week. Next every online facebook password hacking utility is just scam. They will ask you to do surveys for using tool then they will ask you to give some information and then they will give you a utility that is guaranteed not to work. They may even ask you for your facebook id and password and if you provide them with your id and password it means you are hacked.

If you have read previous posts on facebook you may have found that they all are just dictionary based attacking tools. So its better not to use a predictable password. The only defense against those tools is not using password which are guess-able. If you don’t know how to create and remember long and strong passwords this video tutorial may help you,



To keep yourself safe from software like “FacebookPasswordDecryptor” never use password safe utility of your browser, don’t save passwords in any browser related application.

The latest facebook hacking tools that I reviewed includes “Facebreak” and “Facebook Agent”. Facebreak failed to crack my facebook account password. Facebook Agent is not any facebook cracking utility it’s just a Trojan so be safe.

If you want to test those tools on your own account then download them from following link,



These are only few from those tools which I have tested against my own account, others which you’ll not find in it were deleted during Anti-Virus scan, so sorry I can’t provide them anymore. Also note that hacking someone’s account is crime so better try those tools on your own account. Please feel free to ask, if you need any assistance using any of those tools.

Back From Jaipur

I was out for more than 2 weeks for my boot camp due to which I was not able to update my blog. Since I am back soon we'll cover the topics that we left behind. Next day I'll post next topic in Save Your Facebook Account Series. Thank you and keep visiting.

Ubuntu 10.10 Has Got New Kinda Bug


Are you the one who is using Ubuntu 10.10 Maverick Meerkat then here is some bad news for you. This new worrier in Ubuntu series has got a serious bug. When you’ll start system monitor as foreground process your CPU utilization will double. Don’t think I am bluffing, please follow these steps to check it out,
1.Right click on any of panels and select “Add To Panel”.
2.Type “System Monitor” in search and add system monitor to panel.

3.Now you’ll have a small system monitor on your panel, double click on it to open “System Monitor” as foreground process and wait for 1-2 minutes, do your work for some time.
4.Now watch the panel’s system monitor and close foreground system monitor. You’ll find suddenly CPU utilization dropped to half. In fact it’ll not drop to half but become normal since it got double due to “System Monitor” running in foreground.

I think I am the first to notice this bug, if you have detected it before me then sorry I was not aware about that.

Next news is for all who uses Mozilla Lab’s F1 service to share links across different networks. F1 allows you to share via your different accounts, currently it supports facebook, gmail and Twitter. Once sharing is done password may remain in cache, temporary Internet files, compressed database and password safe. There are several tools available which can take out your password from these things. The precaution is not to save your password in Mozilla Firefox and logout before you close your browser, if possible clear history and cache too. Thanks for reading your comments are most welcome.

Save your Facebook Account-1


Are you among the people who when opens web-pages usually ends on facebook or a person who is facebook fan who can’t stay away from facebook. If answer to any of the above question is yes then surely you might be knowing your password might be under attack. Since facebook is one the biggest social networks reaching millions of people around globe and contains private profiles and information it has become a hardcore target for hackers. Reason, it reaches thousands of people so if a fraud is conducted millions can be fooled, next the profile can be used for social engineering attack against you or setup false accusations. From long time I found sites are discussing on how to hack facebook password, but here I want to tell you how to save your account from being hacked by someone. Since there are several methods to hack your account we will discus one method one time with possible simple explanation and possible higher detail. So first type of attack that we’ll cover today is Phishing attack on facebook.

What is Phishing?
In this type of attack an attacker creates a site that resembles the site victim usually access to gain his user name/password and other confidential information. So the attack done by creating a replica of facebook page will be termed as Phishing attack against facebook.

How Attack Is Executed?
The attacker first visits facebook by typing “www.facebook.com”, then he clicks on file menu of his browser and saves complete web-page. Next he opens that we-page in text editor and searches for “action” and locates the following string,

action="https://login.facebook.com/login.php?login_attempt=1"

Now he replaces the action event by his own event to capture your password. Then he uploads this file on his own website and sends you link to this site by e-mail. When you click on link you get re-directed to attacker’s site and once you enter password you are caught.

How To Detect Phishing Attack?
Though browsers automatically detects attack site but needs reporting by someone and hence if the site isn’t reported before your visit there might be catch. So following instructions will help you detect attack site. Please note that no matter what happens and you sit in which country facebook URL will always look like this,
so if you find that the URL doesn’t really appear like this means the site is attack site don’t go ahead. Note status bar, nothing like “Redirect Service By”, “Redirected By”and “Redirected to” should appear in that. Look at following image,

The page does appears like facebook page but it is not, it is file saved on my desktop and I can edit it as per my need. One thing you might have noticed that though the page has been saved from facebook it doesn’t own facebook URL. Same does happens with all sites so if you don’t find URL which exactly matches
don’t enter your username and password.
Keep Your-Self Safe:
It is quite accepted fact that anyhow you’ll not really go to phished site and enter your login details, am I right? of course I am right. To execute attack the attacker will send you an e-mail with obfuscated link to his own site having look of facebook. Please note that facebook has never used obfuscated links nor they’ll use it in future. Its better to type facebook.com and enter details than clicking link, it’ll hardly take your time and if there’s notification you’ll find it on your home page then why to click an obfuscated link. Don’t let attackers phish you and happy Social Networking.

Chapter V:Publicize Your Blog

Now we are on 5th part of Real Way:Making Money Online Via Blogging. If you haven’t read previous chapters please read it by clicking following links, you can skip chapter I.


Now we will learn to publicize your blog to get maximum exposure. Note that the tips mentioned here will help you put your blog on google but the real stuff that will put you on google will be discussed in very last chapter.

Use Blog Directories: Blog Directories are the sites which keep records of blogs. Join those which are best known because search engines like google themselves their prepares records from these sites for blogs. Following are some blog directories having largest database of blogs,


If you are Indian a special advice for you to submit your blog to Indiae.in and Indiblogger.in, use Indivine on Indiblogger to get exposure.

Quality Content: Be sure the contents of your blog are really that good to be found by google. Reason the content that appears regularly on nearly each blog doesn’t make any mark to google. Please use original and quality content, the more original and different content the more you are supposed to be found on google. For example have a look on Network Scanner Nmap tutorial on Nmap of this blog though it is just a tutorial on Nmap you may find on any blog but explanation is given in a unique way. Please note that unique contents matters most than any other tip.

Sponsored Blogs: When you’ll join blog directories you’ll always find a section sponsored blogs. These blogs belong to those people who are real traffic hungry, don’t forget to visit them and if you like their blogs add them to your blogmarks, blogmarks is service provided by blog directories to help you follow someone’s blog. Don’t forget to comment on their blog so that you get in eyes of other people. Influential comments can also bring traffic to your blog.

Use Comments To Get Traffic: Google can find your blog if some re-knowed site owns several links to your blogs. So first find a blogger with similar contents to your blog and have large number of visitors everyday, while commenting leave a link to your latest blog like this after your comment,

<a href="Link">Title Of Your Blog Post</a>

If you don’t want to post link to your blog then post it like this,

<a href="Link">Title Of Your Blog</a>

You can also post a link to post of your blog whose contents are much similar to your blog and might be better than the post on which you are comments. It is necessary for you to find maximum such blogs to get maximum exposure. Such explicit linking will also put your blog on google list with them and you’ll get free of cost exposure.

Submit Your Blogs To Web-masters:Web-masters tools are great to get exposure. Submit your sites to possible all big webmasters, following are links to some well known web-masters submit them your blog and on sitemap filed just put your RSS feed.


A have registered with yahoo and google you can register with as such webmaster tools as you want. They really help but slowly.


Use Meta Tags Properly: Meta tags play small but important part in finding you blog while on search. Note how to use these tags,

<meta name="description" content="Single Line About Your Blog" />
<meta name="keywords" content="All Keywords related to your blog"/>

Now an important trick that no-one will tell you about using meta tag. Look at second meta tag keywords you have to place keywords that must help you find your blog. Now suppose you have put an article that have heavy competition then just put labels to you post and post name in keywords section until google brings you some traffic with the content from which you want traffic. Then remove those tags from there. To see how I used meta tag then right click on page and click “view source” you’ll find Nmap in my meta tag. Now look at date on Nmap post and see popular “this week section”. This how I got traffic to the content with heavy competition, when I’ll think its really enough now I’ll remove it from meta tag and since all search engines keep themselves daily or weekly archives your tags will be safe with them without clustering you meta tag. Secret master trick don’t tell anyone because this has came from a heart of hacker thats me.

Please Make Your Blog Attractive Without Any Flash Content: This may feel somewhat foolish but believe me using flash contents will not only slow down page loading time but also urge most of your visitors to leave without reading. Don’t consider it is joke, make blog look attractive but by avoiding flash contents.

Use Paid Service: If you are really interested in getting exposure soon try using SEO or pay blog directories to sponsor your links. I’ll not really advice you to pay if you want to go slowly.

Please note that these are just few steps to publicize your blog and will surely help you get maximum exposure. The real powerplay button will be pressed on 12th post of this section. So if you are interested then please subscribe us or keep visiting. Your comments are most welcome so please comment and don't forget to share your experience after you get results from above tweaks. Thank you for visiting.

Classic Indian Monkey King Tale Vs Modern India

Long ago there was a man who was traveling from jungle to his way back to home. On his way back he came across a huge tree cladded with moneys. Monkeys started teasing him so he threw some stones on them as a reaction monkeys also threw fruits of tree on him. The yellow fruit that was thrown at him fall down and its fragrance filled environment with its sweet smell. The man got so attracted to smell that he picked the fruit and tasted it, to his surprise he was speechless to the delicious flavor of fruit, he picked some from the thrown fruits and headed towards kings palace. He offered fruits to king’s court, all tasted it and fall in love with the fruit. Prince had also tasted the fruit and he asked his father to get some more for him, king ordered his soldiers to go with the man and bring fruit for the prince.

Soldiers reached to the tree, there were small monkeys around the tree, one of the soldiers climbed tree and started plucking fruits. Small monkeys around started troubling that soldier and stopped him from plucking the fruit. Fade up of them soldiers started attacking them and all of sudden a huge group of monkeys jumped down from the tree. They were so big in size that soldiers got tight in their suits to big and robust monkeys. Now all soldiers were surrounded by monkeys and then the tallest and most robust monkey of them came near those soldiers and screamed like hell on their face, all soldiers ran as death is coming behind them. They reached palace and told king about the huge monkeys and what they did to them. The Prince asked King for permitting him to teach those monkeys a good lesson. King nodded and soon a big army was heading towards the tree, monkeys saw the huge army coming towards them and started running away from the tree. The monkey who screamed on soldiers was helping all to move out from danger zone.

Even after watching that monkeys are leaving the ground prince ordered to put arrows on bows and after some moments there was rain of spears and arrows on tree. The huge monkey who was helping others saw a small monkey kid hidden on tree, he was shivering with fear. He was already out of danger area but as soon as he saw kid on tree he came running, he even not cared about the arrows and bows that were getting thrown at him, he got seriously injured but was not ready to give up, he reached the kid, picked him up and started running with him away from the tree. Several arrows and spears pierced his body but he saved the kid from even minor injury. Before he fall down he made sure the kid is out of danger area. The monkey was now fallen on ground, hurt badly, bleeding counting his last seconds because soldiers has put their arrows on bows for final countdown.

The prince was also watching this incidence and was so moved that before the soldiers shoot their final arrows he stopped them before they leave the string. He then ordered his soldiers to bring monkey to their camp with honor, hospitalize him and give proper treatment. When the monkey showed some sign of getting well King and Prince decided to meet him. Prince said, “I don’t know why you did that. Till now I have seen no human being attempting what you did for the kid, the bravery you showed was never seen before by anyone. What we did was a mistake, all we wanted was that fruit.”. To this the monkey replied, “I am King of the monkeys who used to reside on that tree. That tree was their home and the fruit was their only food. As a king its always my duty to save my subjects from danger, provide them with food and shelter. I trashed your soldiers because it was just my duty to protect my subjects and their needs. The real job of king is not ruling, his real job is to protect his subjects and development for future. I don’t blame you for the mistake because the fruit itself make people fall in love with it. It may be the most delicious fruit, its name is Mango.”.
The king and the prince accepted their mistake re-instated monkeys to their Mango tree and took seeds with them to cultivate it and crowned mango as King Of Fruits, because of it they learned what is real duty of king.

Story of today:
Tree is India, Mango is Kashmir, Our politicians are king of tree and terrorists are the one who want to grab mangos. So terrorists are attacking India to have Kashmir but our politicians are doing nothing other than giving lectures. There was a day when for saving single subject from getting hurt the king came running without caring for his life and today no matter how many they kill our politicians just prepare another lecture and do nothing than giving one more boring speech. There was a day when mango made people understand meaning of ruling, today money defines name of ruling. Classic story have a happy ending but out story still have painful color and showing no signs of end, so far as I think we have not even reached an interval.

I hope our rulers should learn something from classic tale of India what is meaning of ruling because till now they are moving with wrong meaning.

Another Scam

Have you recieved an e-mail which appears something like this,


FROM THE DESK OF: Mr SALIF ZONGO.
AUDITS & ACCOUNTS DEPT
AFRICAN DEVELOPMENT BANK (A.D.B)
Ouagaduoguo Burkina Faso.
Private Phone Number            +22678534867      
E-mail mrsalif_zongo@9.cn
Attention: Please

I am Mr Salif Zongo.. the manager Audit & Accounts dept. in the african developmnet bank Burkina Faso (ADB). I am writing to request your assistance to transfer the sum of $10.500.000.00 (Ten million, five hundred thousand United States dollars) into your accounts.
The above sum belongs to our deceased customer late Mr Jose D. Sau from Peru who died along with his entire family in the Benin plane crash 2003 and since then the fund has been in a suspense account.

After my further investigation, I discovered that Mr Jose D. Sau died with his next of kin and according to the laws and constitution guiding this banking institution stated that after the expiration of (8) eight years, if no body or person comes for the claim as the next of kin, the fund will be channel into national treasury as unclaimed fund. Because of the static of this transaction I want you to stand as the next of kin so that our bank will accord you the recognition and have the fund transfer to your account.

The total sum will be shared as follows: 60% for me, 40% for you and expenses incidental occur during the transfer will be incur by both of us.

The transfer is risk free on both sides hence you are going to follow my instruction till the fund transfer to your account.
More details information with the text of application form will be forwarded to you to breakdown explaining comprehensively what require of you.

Your Full Name.............................
Your Sex..................................
Your Age..................
Your Country...........
Passport / driving license.......
Marital Status...........
Your Occupation.......
Your Personal Mobile Number................
Your Personal Fax Number.....................

Thanks
Mr Salif Zongo.
Audits & Accounts Manager
+22678534867         


Please note the contents of e-mail and information they are asking for. The information given can be used for social engineering attack against you. Better not fall to luring offer by scammer. Even if it is true don't get attracted by the offer, you can be sued by law of your as well as the country from which the sender of e-mail has sent you this e-mail. Please keep yourself safe.

Real Way:Making Money Online-IV:Keeping It Interesting.

Now we are on fourth section of Real Way:Online money making. Since all previous chapters I am only talking about blogs so from now onwards we will call this as Real Way:Online money making via blogging. If you haven’t read the previous chapters, please read them by visiting following links then proceed to this chapter,
So here we are going to discuss how to keep your blog real interesting, for this the very first step is selection of language. Decide which type of audience you want to target and use the language that will target maximum audience so in most of the cases I’ll advice to use English as basic language of communication on your blog and use a language convertor as I have used(please look at top of left side bar). Following is source code if you want to implement it on your blog copy it and paste on your blog where maximum of your visitors can see it.


<!-- Translate flag BEGIN --> 
<style>
ul#translate-flag {padding:0;margin:0;}
#translate-flag li {list-style: none;float:left;_display:inline;padding:0;margin:1px;width:16px;height:11px;background-image:url(http://2.bp.blogspot.com/_nHEt80wjI5c/S_42HER5gPI/AAAAAAAABVk/wUbSc00BTeY/s1600/flags+sprite.png);background-repeat:no-repeat;}
#translate-flag li a{display:block;width:16px;height:11px;cursor: pointer;}
</style>
<ul id="translate-flag">
<li id="malay" style="background-position:0px 0px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|ms&amp;hl=ms'" title="Translate to Malay" rel="nofollow" ></a></li>
<li id="arabic" style="background-position:0px -11px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|ar&amp;hl=ar'" title="Translate to Arabic" rel="nofollow" ></a></li>
<li id="chinese" style="background-position:0px -22px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|zh-CN&amp;hl=zh-CN'" title="Translate to Chinese" rel="nofollow" ></a></li>
<li id="estonia" style="background-position:0px -33px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|et&amp;hl=et'" title="Translate to Estonian" rel="nofollow" ></a></li>

<li id="finnish" style="background-position:0px -44px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|fi&amp;hl=fi'" title="Translate to Finnish" rel="nofollow" ></a></li>
<li id="french" style="background-position:0px -55px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|fr&amp;hl=fr'" title="Translate to French" rel="nofollow" ></a></li>
<li id="german" style="background-position:0px -66px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|de&amp;hl=de'" title="Translate to German" rel="nofollow" ></a></li>
<li id="greek" style="background-position:0px -77px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|el&amp;hl=el'" title="Translate to Greek" rel="nofollow" id="greek" ></a></li>
<li id="hindi" style="background-position:0px -88px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|hi&amp;hl=hi'" title="Translate to Hindi" rel="nofollow" ></a></li>
<li id="indonesian" style="background-position:0px -99px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|id&amp;hl=id'" title="Translate to Indonesian" rel="nofollow" ></a></li>
<li id="italian" style="background-position:0px -110px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|it&amp;hl=it'" title="Translate to Italian" rel="nofollow" ></a></li>
<li id="japanese" style="background-position:0px -121px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|ja&amp;hl=ja'" title="Translate to Japanese" rel="nofollow" ></a></li>
<li id="persian" style="background-position:0px -132px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|fa&amp;hl=fa'" title="Translate to Persian" rel="nofollow" ></a></li>
<li id="norwegian" style="background-position:0px -143px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|no&amp;hl=no'" title="Translate to Norwegian" rel="nofollow" ></a></li>
<li id="portuguese" style="background-position:0px -154px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|pt&amp;hl=pt'" title="Translate to Portuguese" rel="nofollow" ></a></li>
<li id="romanian" style="background-position:0px -165px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|ro&amp;hl=ro'" title="Translate to Romanian" rel="nofollow" ></a></li>
<li id="russian" style="background-position:0px -176px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|ru&amp;hl=ru'" title="Translate to Russian" rel="nofollow" ></a></li>
<li id="slovak" style="background-position:0px -187px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|sk&amp;hl=sk'" title="Translate to Slovak" rel="nofollow" ></a></li>
<li id="spanish" style="background-position:0px -198px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|es&amp;hl=es'" title="Translate to Spanish" rel="nofollow" ></a></li>
<li id="swedish" style="background-position:0px -209px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|sv&amp;hl=sv'" title="Translate to Swedish" rel="nofollow" ></a></li>
<li id="thai" style="background-position:0px -231px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|th&amp;hl=th'" title="Translate to Thai" rel="nofollow" ></a></li>

<li id="turkish" style="background-position:0px -242px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|tr&amp;hl=tr'" title="Translate to Turkish" rel="nofollow" ></a></li>
<li id="vietnamese" style="background-position:0px -253px;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|vi&amp;hl=vi'" title="Translate to Vietnamese" rel="nofollow" ></a></li>
<!-- <li id="dutch" style="background:url(http://i632.photobucket.com/albums/uu50/GreenLava/flags/nl.png) no-repeat;"><a onclick="href='http://translate.google.com/translate?u='+encodeURIComponent(location.href)+'&amp;langpair=en|nl&amp;hl=nl'" title="Translate to Dutch" rel="nofollow" ></a></li> -->
</ul>
<span style="font-size: 80%; color:#999999; float:right; margin-right:20px;"><a href="http://nrupentheking.blogspot.com">Get This For Your Blog</a></span>
<!-- Translate flag END -->


Next avoid using high level English, no one will want to open dictionary while reading so if your blog is difficult to read yours readers will skip it. Remember the simple you keep the people will visit.

Make your blog look attractive, use visual flavors provided by your platform to make it look appealing. Making an appealing blog can help you gain readers, please note that if your blog looks dull and boring no matter you have kept powerful content people will skip reading you. Next use good and a little bigger fonts, use at least one image on each blog.
Your readers come to your blog to know your views so please avoid using copy paste method that will only give you bad publicity and soon your readers will decrease and if you want to use contents by someone else then highlight name of author and resource from where you copied the content. Most of the times serving breaking news on your blog can bring you heavy traffic because most of the people are interested in discussing hot news and more interested in what they already know and what they want to know.

If your blog is new and your readers are few, it is advised to update your blog at least thrice a week and if you own a news blog and you are getting heavy visits everyday then its better to post everyday. Next ask your visitors for comments because most of the people don’t comment until they see someone else has already commented, you can see my every blog ending with request for comment by visitors do the same with your blog if you don’t get comments that can help you gain comments if no one comments on your blog.

So here we end this chapter, next time we’ll see how to publicize your blog to get traffic flowing towards you blog. Have a nice time and keep visiting.

Network Scanner Nmap


Nmap best known as hacker’s best friend may it be ethical or criminal is one of the best known network scanners available today. Today nearly each and every hacker uses nmap as network scanning tool and even pen-testing tools are bundled with Nmap as basic port scanning tool. Nmap can scan network, ports, services and also garb OS. This tutorial is written keeping this in mind that everyone should be able to grasp all commands and switches given in this tutorial in single reading. Do you think it’s impossible so why not give a try.

First we divide switches into four types,
1.Synchronous Scans
2.Ping Scans
3.Time Scans
4.Output Type

Synchronous Scan:All synchronous scans start with “-s”(without quotes), note that the ‘s’ denoting synchronous is not capital. Now a basic synchronous scan command is written as follows,

nmap -s[synchronous scan type] ip_address
----------------------------------------------
-sT Synchronous TCP scan
-sS Synchronous Stealth scan(This type of scan most of the time goes undetected by remote system)

-sF Synchronous FIN Scan(Sends FIN packets with RST flag)
-sX XMAS tree scan(A packet is known as XMAS when its all flag are set)
-sU UDP scan
-sN NULL Scan
-sP Ping Scan
-sO Protocol Scan
-sA ACK Scan
-sW Windows Scan
-sR Remote Procedure Call
-sL List DNS
-sI IDLE scan(A scan done with spoofed IP Address)

How to remember all synchronous scans: After reading above switch list you must have noted all types of scans appears to start with first letter capital of its own spelling placed next to “-s” except protocol scan which uses O. So practically you don’t need to remember anything other than which type of scan you want to perform then post fix “-s” with its capital letter. Isn’t that easy, now consider you want to scan aaa.bbb.ccc.ddd for its open ports and DNS entries. Note what you want,
-List DNS that means L

so this will be your command,
nmap aaa.bbb.ccc.ddd -sL

If you want to scan UDP protocol then type,
nmap aaa.bbb.ccc.ddd -sO UDP

Note: No two Synchronous Scans can be combined together.
nmap -sS -sU aaa.bbb.ccc.ddd is illegal.

Ping Scan: All Ping scans start with “-P”, note that P is capital and denotes ping. Now basic ping scan command is written as,

nmap -P[ping scan type] ip_address
-------------------------------------
-Pn No Ping
-PT TCP Ping
-PA ACK Ping
-PU UDP Ping
-PO Protocol Scan
-PS Synchronous Ping
-PI ICMP Ping Echo
-PB UDP ICMP timestamp
-PM ICMP Net Mask or Masked Scan

Now note the next option appearing after P is first letter capital of word’s own spelling except protocol ping and timestamp ping. As shown earlier everytime p from protocol will be replaced by O in scan type. To remember timestamp switch remember last letter p in timestamp appears like B.

Time Scans: Time switches are denoted by capital T.

-T Paranoid 300 seconds between scans
-T Sneaky 15 seconds between scans
-T Polite 4 seconds between scans
-T Normal Runs parallel scans
-T Aggressive 1.25 sec/probe
-T Insane 0.3 sec/probe

To remember time scans first we arrange times in descending order.
300 15 4 - 1.25 0.3

My friend is Paranoid who Sneaks around networks,
300 15
He appears Polite Normally but is Aggressive to the level of Insanity.
4 - 1.25 0.3

I think that will do. All time switches are appended at last of nmap command
nmap aaa.bbb.ccc -sS -T Polite

Output Type: It just formates output as you want. Always starts with “-o”

-oN Normal Output
-oX XML Output
-oG Grapple Output
-oA All Output

I don’t think now to explain how to remember them.

Other Important Switches:
--traceroute works similar as any other trace route program
-R Resolve DNS along with port scan
-v Scan in verbose mode
-O OS Scan
-----------------------------------------------------
So here’s an example to create scan:
1.Create a Stealth Synchronous scan with normal output with 15 seconds between each scan. Resolve DNS and use verbose mode?
Ans:
-Scan Type Synchronous means “-s”
-Subtype stealth “-sS”
-Use verbose “-sS -v”
-Resolve DNS “-sS -v -R”
-Normal Output “-sS -v -R -oN”
-15 seconds between scans “-sS -v -R -oN -T Sneaky”

So the answer is,
nmap aaa.bbb.ccc -sS -v -R -oN -T Sneaky

Following are for you try yourself,
2.Create a Ping protocol scan with 0.3 seconds scan difference between ports.
3.Create a Synchronous UDP scan with xml output use verbose mode.

------------------------------------------------------------------------------------
I hope we covered most of the switches in possible easy way. Feel free to comment if anyhow you felt the article wasn’t that easy as I expected or it was worth praise. Please feel free to share link to this article on your blog or facebook page if you think anyhow it became useful to you. Thank You for visiting and your comments are most welcome.  

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security