September 5, 2024. The NSA,FBI and CISA published a joint cybersecurity advisory about Russian military hackers GRU Unit 29155. The Unit targeted the US and Nato's infrastructure. One of the most famous/old hacking tools out there was used in these attacks: Nmap.
View full documenthere
Context
Nmap is short for Network Mapper, it is used to discover hosts and services running on a network, creating a "map". Intended for personal use by Gordon Lyon in 1997, nmap was later published for the public through Phrack magazine. After all these years, Nmap is still used to this day by hackers all around the world to perform cybersecurity attacks.
Requirements
In order to understand how Nmap works, we should have some knowledge about:
- Ip addresses
- Mac addresses
- Protocols
- Ports
Ip Adress
An Ip Adress is devided to two parts, Network ( identifies which network you are in ) and Host ( identifies which host you are in that network):
The only two questions you need in Cybersec are Why and How, so the question here is How do we seperate the Host and Network parts?
Well it's the Subnet Mask.
Let me give you other examples for better understanding.
The next question you need to ask is how? how is this working?
If you want to understand this you have to understand Binary Code. Basically the language of computers.
Those 1 and 0, consider them as Yes and No . 128+64 gives 192, the other zeros don't count because they are No's. So now you know how each number is created.
The same principal goes for the Subnet.
PS: There are 3 types of Private Networks, A, B and C. the examples I gave you above are not scrambled, the first was C because we have 3 octets for Network and 1 octet for Host. B has 2 for Network and 2 for Host. A has 1 for Network and 3 for Hosts.
A is used for Large Corporations.
B is used for Medium Corporations.
C is the most used one, for homes and small corporations.
Public Vs Private Ip
In all the previous examples I used Private Ip's, these are asigned by your router. Public Ip is asigned by your Isp ( Internet Service Provider). If you do the Math Private Ip's are exactly 4,294,967,296. Nearly 4,3 billion Ip's, those are IPV4, that's why humans invented IPV6 but that's another story.
Public Adresses are Unique ( they can be changed by your Isp but as long as you have it now, it's unique) , while Private are not.
Private Ip's are used in LAN ( Local Are Network ) In English , your home, just the network within your router. It's because your router who assigns them ( using DHCP ), but the Public Ip is given to only your router. Let me explain how.
NB: Even users of the Network have the public ip adress the router uses, just all of them use the same public ip. As I said before we have only 4 billion ( Ipv4 ) Ip adresses. For those asking why I always mention IPV4, it's because we kind of have unlimited IPV6 IP adresses, exactly 340 undecillion.
Mac Adress
Unline the Public IP that can be changed by your ISP ( Internet Service Provider ) The Mac adress CANNNOT be changed ( It can be spoofed tho, it means used by another person for whatever purpose as if it's you ). It's like a National ID. Let me give you an example between Mac Adress and Ip adress :
The Mac Adress is devided too : NIC ( Network Interface Card ) Manifacturer part and the Unique identifier.
Here are some examples for the NIC manifacturers :
00000C (Cisco)
00001D (Cabletron)
0004AC (IBM [PCMCIA Ethernet adapter])
0020AF (3Com)
00C0A8 (GVC)
080007 (Apple)
080009 (Hewlett-Packard)
Mac Adresses are written differently : In Cisco : 00.04.5A.63.A1.66 In Mac 0s and Linux : 00:04:5A:63:A1:66 In Windows : 00-04-5A-63-A1-66
# dont forget to write about how it works, ARPPorts
When I say ports, a lot of people think of these:
These are not the Ports I'm talking about today, the network ports are Logical Connections, they are assigned by IANA (Internet Assigned Numbers Authority) they range from 0-65535.
They are associated to an Ip Adress . The Ip gives the Location of the server and the Port gives the Service it runs on .
Here is example :
To see the ports open on your device, type Netstat -n in the CMD for Windows and in the Terminal for Linux.
Port Categories
Let me give you some examples of the most famous/well known ports : 80: HTTP 443: HTTPS 22: SSH 21: FTP 25: SMTP 53: DNS 110: POP3 143: IMAP 3389: RDP 3306: MySQL
The Private Ports are in the client side because when you connect to port 443 of my website, your device should assign a port for himself to connect to the website. So let's say your device now uses port 49514 to acces my website in port 443 of my server.