|
| 1 | +## Description |
| 2 | + |
| 3 | +This module will attempt to initiate a TCP/IP connection with ports on the victim machine. It is this done by sending a SYN packet, and if victim replies with a SYN/ACK packet |
| 4 | +that means the port is open. Then the attacker sends a RST packet, and as a result the victim's machine assumes that there is a communication error. |
| 5 | +The attacker now knows the state of port without a full tcp connection. Major benefit of TCP SYN scan is that most logging applications do not log the TCP/RST by default. |
| 6 | + |
| 7 | +## Options |
| 8 | + |
| 9 | + **PORTS** |
| 10 | + |
| 11 | + This is the list of TCP ports to test on each host. |
| 12 | + Formats like `1-3`, `1,2,3`, `1,2-3`, etc. are all supported. Default |
| 13 | + options is to scan `1-10000` ports. |
| 14 | + |
| 15 | + **TIMEOUT** |
| 16 | + |
| 17 | + Maximum time to wait for a response. The default value is 500 milliseconds. |
| 18 | + |
| 19 | + **VERBOSE** |
| 20 | + |
| 21 | + Gives detailed message about the scan of all the ports. It also shows the |
| 22 | + ports that were closed. |
| 23 | + |
| 24 | +## Verification Steps |
| 25 | + |
| 26 | + 1. Do: `use auxiliary/scanner/portscan/syn` |
| 27 | + 2. Do: `set RHOSTS [IP]` |
| 28 | + 3. Do: `set PORTS [PORTS]` |
| 29 | + 4. Do: `run` |
| 30 | + 5. If any of the TCP ports were open they will be discovered, status will be printed indicating as such. |
| 31 | + |
| 32 | +## Scenarios |
| 33 | + |
| 34 | +### Metaspliotable 2 |
| 35 | + |
| 36 | +``` |
| 37 | +msf > use auxiliary/scanner/portscan/syn |
| 38 | +msf auxiliary(syn) > set RHOSTS 192.168.45.159 |
| 39 | +RHOSTS => 192.168.45.159 |
| 40 | +msf auxiliary(syn) > set PORTS 1-10000 |
| 41 | +PORTS => 1-10000 |
| 42 | +msf auxiliary(syn) > run |
| 43 | +[*] TCP OPEN 192.168.45.159:22 |
| 44 | +[*] TCP OPEN 192.168.45.159:23 |
| 45 | +[*] TCP OPEN 192.168.45.159:111 |
| 46 | +[*] TCP OPEN 192.168.45.159:445 |
| 47 | +[*] TCP OPEN 192.168.45.159:512 |
| 48 | +[*] TCP OPEN 192.168.45.159:513 |
| 49 | +[*] TCP OPEN 192.168.45.159:1099 |
| 50 | +[*] TCP OPEN 192.168.45.159:2121 |
| 51 | +[*] TCP OPEN 192.168.45.159:3306 |
| 52 | +[*] TCP OPEN 192.168.45.159:3632 |
| 53 | +[*] TCP OPEN 192.168.45.159:6000 |
| 54 | +[*] TCP OPEN 192.168.45.159:6697 |
| 55 | +[*] TCP OPEN 192.168.45.159:8009 |
| 56 | +[*] Scanned 1 of 1 hosts (100% complete) |
| 57 | +[*] Auxiliary module execution completed |
| 58 | +
|
| 59 | +``` |
0 commit comments