Becoming an Ethical Hacker – Week 2

Week 2 – Scanning, Enumeration, and Back to Basics

The second week in my quest to become an ethical hacker is complete!  With 11 hours of study time logged, this was a very productive week that touched a lot of different areas.

If you’re not sure why I’m posting this, take a look back at my original post, Investing a Year in Ethical Hacking where I detail my plan to invest 416 hours in 2017 to learn ethical hacking.  Current progress: 20 / 416.

The hours are starting to add up and this is only week 2 of 52.  I can’t wait to keep going and I hope you will join me!

cehweek2

Scanning

As you know by now, I am a big fan of going SLOWLY through this content to really understand it.  That is why I am still working on scanning here in week 2.

Some of the scans like the Null scan and Xmas scan don’t work against Windows systems.  I tried scanning my Kali Linux system but since it is a locked-down OS for penetration testing, it doesn’t respond to anything.  I don’t want to just skip this part and memorize the information without ever using it!

So I researched different Linux distributions and decided to download and build a CentOS 7 system since it is basically the same OS as Red Hat, only CentOS is free.  After getting it installed, I got to run some scans against it and watch the magic happen.  An interesting result I found is the difference in default ports that are open for Windows (firewall off) vs. Linux.  Linux only has SSH open while Windows has ports for SMB and NetBIOS open.

ports2

I also ventured outside my isolated lab to do some careful testing on the real internet.  HackThisSite.org is a wonderful resource which gives anybody a free pass to try basically anything as long as it is non-destructive.  Keep reading to see what I found this week…

Continue reading