Have you ever wanted to be able to tell if a host is using port forwarding? In this post we will setup a test scenario and you will learn how!
Setting up our lab
For this experiment we will need 3 host, in my case I have 2 Linux VM and a windows box. One of them will be used for scanning with nmap and send packets with hping, the second is going to be our NAT/firewall device and the windows machine will host the real service.
You probably have used nmap before, but did you know there are plenty of cool options to spice up your scanning sessions? For example, you can specify the –open option to show only open ports, or –reason if you want to see why a port is in the state it is (open/closed/filtered). If you want to dig deeper you could add the –packet-trace flag, which will make nmap show you all the packets sent and received.
sudo nmap -sS -p 80 188.8.131.52 --open --reason --packet-trace
If you ever wondered if there is a quick way to find all the Windows host in your network with exact version information, you are in the right place! We are going to see a few tools that will aid us in this task by quering the CIFS service (also known as SMB / NetBIOS) which is run by all Windows host.
To get us started let’s see the nbtscan tool, we can give it network range in the form of a CIDR or just with two values separated with a dash. This will give us a nice list of all the Windows host on our network with their netbios names.
Would you like to skip that annoying level or perhaps get some extra cash? Well, you are in the right place! We are going to have some fun by editing a savegame and get a small advantage. Welcome to game hacking. 🙂
Have you ever heard of the /proc filesystem before? I’m pretty sure you have if you are a regular Linux user. Here is a quick refresher.
/proc is a virtual filesystem that the Linux kernel uses to expose information and allows the user to change some settings at run time. One of the most common uses is to get information about our CPU, we can use ‘cat /proc/cpuinfo’ to see it.
But much more interesting is the fact that all process data is stored in /proc. Each process is stored in the form of a directory with the PID of the process as its name.