|
| 1 | +## Description |
| 2 | + |
| 3 | + This module will attempt to initiate a three-way handshake with every |
| 4 | +on the victim machine. It is done by sending a SYN packet and if victim replies with a SYN/ACK packet that means the port is open. Then the attacker sends a RST packet as a result |
| 5 | + |
| 6 | +## Vulnerable Application |
| 7 | + |
| 8 | + Any reachable TCP endpoint is a potential target. |
| 9 | + |
| 10 | +## Options |
| 11 | + |
| 12 | + **PORTS** |
| 13 | + This is the list of ports to test for TCP Scan on each host. |
| 14 | + Formats like `1-3`, `1,2,3`, `1,2-3`, etc. are all supported.Default |
| 15 | + options is to scan `1-10000` ports. |
| 16 | + |
| 17 | + **TIMEOUT** |
| 18 | + Maximum time (seconds) to wait for a response. The default value is 500. |
| 19 | + |
| 20 | + **ConnectTimeout** |
| 21 | + This options states the maximum number of seconds to establish a tcp |
| 22 | + connection. Default value if 10. |
| 23 | + |
| 24 | + **VERBOSE** |
| 25 | + Gives detailed message about the scan of all the ports. It also shows the |
| 26 | + ports that were closed. |
| 27 | + |
| 28 | +## Verification Steps |
| 29 | + |
| 30 | + 1. Do: `use auxiliary/scanner/portscan/tcp` |
| 31 | + 2. Do: `set RHOSTS [IP]` |
| 32 | + 3. Do: `set RPORT [PORTS]` |
| 33 | + 4. Do: `run` |
| 34 | + 5. If any of the TCP ports were open they will be discovered, status will be printed indicated as such. |
| 35 | + |
| 36 | +## Scenarios |
| 37 | + |
| 38 | +### Metaspliotable 2 |
| 39 | + |
| 40 | +``` |
| 41 | +msf > use auxiliary/scanner/portscan/syn |
| 42 | +msf auxiliary(syn) > set RHOSTS 192.168.45.159 |
| 43 | +RHOSTS => 192.168.45.159 |
| 44 | +msf auxiliary(syn) > set PORTS 1-10000 |
| 45 | +PORTS => 1-10000 |
| 46 | +msf auxiliary(syn) > run |
| 47 | +[*] TCP OPEN 192.168.45.159:22 |
| 48 | +[*] TCP OPEN 192.168.45.159:23 |
| 49 | +[*] TCP OPEN 192.168.45.159:111 |
| 50 | +[*] TCP OPEN 192.168.45.159:445 |
| 51 | +[*] TCP OPEN 192.168.45.159:512 |
| 52 | +[*] TCP OPEN 192.168.45.159:513 |
| 53 | +[*] TCP OPEN 192.168.45.159:1099 |
| 54 | +[*] TCP OPEN 192.168.45.159:2121 |
| 55 | +[*] TCP OPEN 192.168.45.159:3306 |
| 56 | +[*] TCP OPEN 192.168.45.159:3632 |
| 57 | +[*] TCP OPEN 192.168.45.159:6000 |
| 58 | +[*] TCP OPEN 192.168.45.159:6697 |
| 59 | +[*] TCP OPEN 192.168.45.159:8009 |
| 60 | +[*] Scanned 1 of 1 hosts (100% complete) |
| 61 | +[*] Auxiliary module execution completed |
| 62 | +
|
| 63 | +``` |
0 commit comments