CS338 Computer Security
Monday, 6 November 2023

+ Office hours today: 12:30-1:00, Zoom only
- I'll try to keep up on Slack

+ Fire up Kali and Metasploitable for later in the hour

+ The XSS assignment
- Questions
- Observations
- Favorite weird results

+ Host detection w/ nmap -sn
- What does the help/manual say about -sn?
- What happens if you scan a local network?
    How could you figure out how nmap is doing its job?
        Wireshark on
        nmap -sn 172.16.41.0/24   ["ping scan"]
        Looks like it's using ARP requests to see if anybody responds
- Same question, remote network
        Wireshark on
        nmap -sn 172.233.221.124
        Looks like TCP SYN to ports 80 and 443; dunno what it would try
            if it got no response
    How can you get permission to whack at a remote network?
        ...complicated...

+ Attacking in general
- host detection (e.g., nmap -sn)
- port scanning
    nmap -sV IP   [nice general, figure out service versions]
    nmap -sV -sC IP   [more detail]
    nmap -sV -p 21 IP    [Wireshark this, see how nmap decides which ftp server is in use]
- research exploits

+ Attacking Metasploitable
- Find it (nmap -sn ...)
- Port scan it (nmap -sV METASPLOITABLE_IP)
- Try again, but moreso (nmap -sV -sC METASPLOITABLE_IP)
- Pick a server, and do "searchsploit name-of-server version-of-server"
- ...

+ Next
- SQL injection
- Metasploit
- Putting together a bunch of pen-testing pieces into something
    like a coherent whole