Besides Social Engineering, recon is by far the most important aspect of hacking. Without recon, all the greatest hackers of our time probably wouldn’t be able to hack anything. Besides, just shoving one exploit after another, when there are thousands of exploits in Metasploit alone, is inefficient.
This tutorial will cover the very basics of
nmap. It is of my favorite tools to use, mainly in preparation for mischief. Anyway, without knowing how to use
nmap, there is not much we can do; so, please sit back and read on.
I’m not going to go into much detail about the tool in general, that’s what the website is for. Instead I’ll go right into commands:
nmap -sS -A -T sneaky <IP>
This combination is my favorite combination to use, but what exactly is going on here?
nmap has to be at the beginning of every Nmap command. -sS, you could use -sN but that's not ideal because your target can detect that type of scan easier. -A This command flag puts several different functions into one, like: Os, operating system, VPNs, etc. -T allows you to set the speed at which the packets are sent.
The reason for
-T is that some servers have a threshold of how many packets can be sent at once; if you pass the threshold, you’re pretty much are caught. There are several speeds, but the one I use the most often is
polite because I like to be a gentleman to my target.
And, of course, type in the IP address of your target at the end of the command.
Welp, as the title says, that’s my favorite scan. I hope this would at least start the Recon section a little bit since Recon is so important. My next post would be less personal and more serious.