Firewall/IDS Evasion

Proxies

Rotating Proxy Service

There are a lot services out there that will sell you rotating proxies (Google "rotating proxies").
The way it works is that you get an single IP addresses to connect through, and that IP connects out to the Internet using any number of randomly rotating proxies.

nmap -sX -proxy http://1.1.1.1:1080 -iL targetlist.txt

Proxychains

proxychains nmap -v -T4 -sX 1.2.3.4

You can use TOR Nodes.
You have multiple ways to configure your proxy connection with proxychains.

Decoy Scan (Noisy)

Spoof addresses in the network

nmap -D RND:10 -sS <domain>

Fragmented packets

nmap -f -sX -Pn -v <domain>
nmap -sX -v --mtu 32 <domain> # similar to -f, sends limited amount of data during transmition

Badchecksums

The TCP/IP Protocol uses "checksums" to ensure data integrity.
By crafting packets with incorrect checksum information, we might be able to trick the target host into sending a response.

nmap -sX -T4 --badsum <IP>

Changing data length

If you are going to experiment with this, try scanning a single port that you know is open 80 or 443 and play with it.

nmap -sS --data-length 300 scanme.nmap.org

Styling Nmap Results

https://github.com/honze-net/nmap-bootstrap-xsl - Nmap Stylesheet repository

nmap -sS -T4 -A -sC -oA scanme --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl scanme.nmap.org scanme2.nmap.org

PreviousDNS spoofing + apache2 NextPrinter Hacking

Last updated 2 years ago

hashtagProxies

hashtagRotating Proxy Service

hashtagProxychains

hashtagDecoy Scan (Noisy)

hashtagFragmented packets

hashtagBadchecksums

hashtagChanging data length

hashtagStyling Nmap Results

Proxies

Rotating Proxy Service

Proxychains

Decoy Scan (Noisy)

Fragmented packets

Badchecksums

Changing data length

Styling Nmap Results