The network scanner
In this section, we will look at several tools that can be used to find open ports, fingerprint the remote operating system, and enumerate the services on the remote machine.
Service enumeration is a method that is used to find the service version that is available on a particular port on the target system. This version information is important because with this information, the penetration tester can search for security vulnerabilities that exist for that software version.
While standard ports are often used, sometimes systems administrators will change the default ports for some services. For example, an SSH service may be bound to port 22
(as a convention), but a system administrator may change it to be bound to port 2222
. If the penetration tester only does a port scan to the common port of SSH, it may not find that service. The penetration tester will also have difficulties when dealing with proprietary applications running on non-standard ports. By using the service...