title: How do I practise this step? course: intro_pentest section: Scanning
The easiest way to practise port scanning is to set up two machines or use virtual machines. You should work your way through each of the options and scan types that we covered in this chapter. Pay special attention to the output from each scan. You should run scans against both Linux and Windows boxes.
You’ll probably want to add some services or program to the target system so that you can be sure you’ll have open ports. Installing and starting FTP, a web server, telnet or SSH will work nicely.
When a person is first learning about port scanning, one of the best ways to practise is to pick a subnet and hide an IP address in the network. After hiding the target in the subnet, the goal is to locate the target. Once the target has been located, the next step is to conduct a full port scan of the system.
To assist with the scenario described above, a simple script has been created, which can be used to “hide” your system in a given subnet. Feel free to modify it by changing the IP address so that will work on your network. The script generates a random number between 1 and 254. This number is used as the final octet in the IP address. Once the random IP address is created, the script applies the address to the machine.
Running this script will allow you to become familiar with the tools and techniques we covered in this chapter. You can enter the script into a text editor and save the file as “hide”.
#!/bin/bash
echo "Setting up the victim machine, this will take just a moment..."
ifconfig eth0 down
ifconfig eth0 192.168.1.$((( $RANDOM %254 ) + 1)) up
# uncomment the following lines by removing the "#" to start up services on your victim
# please note, that you may need to change the location / path depending on your distro
#/etc/init.d/ssh start
# note you may have to generate your SSH key using sshd-generate
#/etc/init.d/apache2 start
#/etc/init.d/atftpd start
echo "This victim machine is now set up".
echo "The IP address is somewhere in the 192.168.1.0/24 network..."
echo "You may now close this window and begin your attack... Good luck!"
You’ll need to use a terminal to navigate to the directory where you created the file. You need to make the file executable before you can run it. You can do so by typing:
chmod +x hide
To run the script, you type the following command into a terminal:
./hide
The script should run and provide you with a message saying the victim machine is all set up. Using the script above you’ll be able to practice, locating and scanning a target machine.