So… let’s say that you donwloaded NMAP in one of its latest versions, if you didn’t then go get it immediately! And come back only when you have it.
http://nmap.org/download.html
When you start NMAP you should see a screen like this one here:
You will quickly get used to this Interface, its really user friendly:
(1) IMPORTANT: This is the most important part of the interface, here youwill type the IP of the target, or a Web Page Adress, for you geeks out there it works both on IPv4 protocol and in IPv6 protocol.
(2) This is the type of scan you want to make, unless you are hacking
something really hardcore like government or big company shit then leave it as intensive, no one will notice. This also defines the speed and the agression it will use until it checks if a port is open or closed or if its using an specific OS
(3)This is where you’ll set the commands to run in the process of scaning, leave it be, if you really want to change this use the wizard and create your own scan type so you can use later.
(4)Well, here you’ll see displayed all the information you get. Well see that in just a second.
So lets go ahead and enter what we know, i’ll be scanning a pretty crappy japanese page that i found 20 minutes ago when i wake up, i dont know what it is about because i dont read japanese, i only know it had its CGI-BIN wide open and withouth protection so i checked all their stuff… Its still default security, so its not really a challenge
(5) As you see i’ve entered the URL for that jap site
(6&7) This will remain the same, though you must know that you can change them if you want to
(8) With all set lets go ahead and click on SCAN
(9) You’ll see the “Scanning…” text under host
(10) You should see and introductory text like this and some seconds later the scan per se will begin.
Now the scan is running, so just sit back.
Luckily for us this site has many ports wide open so you can see perfectly how the scan shows them AT FIRST. (11)
Now, since this could take a while specially if you are running it slowly to pass undetected every couple of minutes you’ll see a percentage of the scan completed, just to let you know NMAP is still running. (12)
(13) VOILA! The ports that are open or filtered, their protocol (tipically TCP) and their main function and even the version of the software it is running, so you can search for your exploiting pleasure!
(14) And THIS is what i love about NMAP, it tells you the OS of the host! Well see this just now in depth…
Now, let see, oh yes, the OS! Look at this! its wonderful! The perfect tool for a hacker, to know your enemy! And knowledge is power!
(15) A nice image of the OS, in this case a relative of LINUX
(16) A graphic representing the average difficulty to hack into this, in this case a bomb, in safer systems you can see a Security Box, in the easiest of them a piece of cake (literally!)
(17) A brief report of the scan
(18) The EXACT version of the operative system (if found) an the accuracy (if found)
Now for you exploiter out there, click on the services (19) tab
(20) Look for the port you want to exploit (sendmail here)
(21)VOILA again! All the info on the sofware running on that port including the version its using (2010 here)