Introduction to HPing
Hping is tool used by VAPT,Network professional for
network scanning and crafting TCP/IP packets.Hping is tool providing testing
against firewalls ,security auditing and now implemented in the one of best
tool Nmap scanner available on
various platforms.
Hping is command-line based TCP/IP packet
assembler/analyzer.hping isn’t only able to send ICMP requests,It supports
ICMP,UDP and Raw-IP protocols, also has
a traceroute capability,enable to send files between covered channel.
The stuff we can do using Hping :-
- Firewall testing
- Advanced port scanning
- Network testing, using different protocols, TOS,
fragmentation
- Manual path MTU discovery
- Advanced traceroute, under all the supported protocols
- Remote OS fingerprinting
- Remote uptime guessing
- TCP/IP stacks auditing
- hping can also be useful to students that are learning
TCP/IP.
There are two version of Hping present in cyber world.Hping 2 and
Hping 3 ,since version 3 which is in alpha state they are trying to not be just
little tool but to make it a framework for scripting TCP/IP.Hping 3 comes with
two new thing : the first isa an engine called APD that is able to translate
simple packet description in form of string into packet to be sent and the
reverse.The second is TCL scripting language,which makes it scriptable TCP/IP
stack.
hping2 was used (in the past) to...
- Traceroute/ping/probe hosts behind a firewall that
blocks attempts using the standard utilities.
- Perform the idle scan
(now implemented in nmap
with an easy user interface).
- Test firewalling rules.
- Test IDSes.
- Exploit known vulnerabilties of TCP/IP stacks.
- Networking research.
- Learn TCP/IP (hping was
used in networking courses AFAIK).
Hping3 should be used to...
- Write real applications related to TCP/IP testing and security.
- Automated firewalling tests.
- Proof of concept exploits.
- Networking and security research when there is the need
to emulate complex TCP/IP behaviour.
- Prototype IDS systems.
- Simple to use networking utilities with Tk interface.
- All the usage of hping2
USAGE
Send TCP SYN packets to port 0 on host example.com(It will
automatically increment the port number by 1) :-
hping example.com
-S –V
Send TCP SYN packets to port 443 on host example.com:-
hping example.com
-S -V -p 443
Send TCP packets to port 443 on host example.com with the
SYN + ACK flags set:-
hping example.com
-S -A -V -p 443
Send TCP SYN packets every 5 seconds to port 443 on host
example.com:-
hping example.com
-S -V -p 443 -i 5
Send UDP packets to port 111 on host example.com:-
hping example.com
--udp -V -p 111
Send UDP packets spoofed to be from source host
192.168.1.150 to host example.com:-
hping example.com --udp --spoof 192.168.1.150
Send UDP packets spoofed to be from various random source IP
addresses to host example.com:-
hping example.com
--udp --rand-source
Send UDP packets with the data portion padded with 100 bytes
but containing the contents of payload.txt to host example.com:-
hping example.com
-V --udp --file payload.txt --data 100
TCL
Tcl is a
simple-to-learn yet very powerful language. Its syntax is described in just a
dozen rules, but it has all the features needed to rapidly create useful
programs in almost any field of application - on a wide variety of
international platforms.The following script will send ICMP packet to
192.168.1.8,Using TTL values
from 1 to 6
foreach
i [list 1 2 3 4 5 6] {
hping send "ip(daddr=192.168.1.8,ttl=$i)+icmp(type=8,code=0)"
}
(Sumit Sharma)
0 comments:
Post a Comment