Network Hacking - Reconnaissance and Making your own Port Scanner (Python for Hackers Part-9.1)

A network attack is any process or tactic that will allow a hacker to compromise a network’s security. When you are able to perform a network attack, you can use a user’s account and the privileges that are attached to it, steal or modify stored data, run a code to corrupt a system or data, or prevent an authorized user from accessing a service.

In this chapter, you will learn how to attack a network using some third-party tools and codes that you can write using Python. At the same time, you will also gain better awareness on how hackers gain information about their target and perform attacks based on the vulnerabilities that they were able to discover.

Reconaissance: The Opening Salvo to Your Attack

Hacking a system begins with reconnaissance, which is the discovery of strategic vulnerabilities in network before launching any cyber-attack. You can think of this as a hacker’s research about their targets – the more information they know about the network that they want to hack, the more ideas they can gather about the best tools that they can use in order to launch attacks that are most likely to become undetected by the targeted user while causing the most damage possible.

Take note that everyone can be a hacker’s target, which means that learning how hackers perform reconnaissance means being able to protect your own system as well. Whenever you connect to the internet and send data over the web, you are leaving behind footprints that hackers can trace back to you. When that happens, it is possible that hackers will want to study your activities over your network and discover vulnerabilities in your system that will make it easier for them to infiltrate and steal data that can be of value to them. 

In this section, you will learn how to build simple scripts that will allow you to scan your target’s vulnerable TCP ports. In order to interact with this open ports, you will also need to create TCP sockets. 

Python is one of the modern programming languages that allows you to gain access to BSD socket interfaces. If you are new to this concept, BSD sockets give you an interface that will allow you to write applications so that you can do communications with a network right in between hosts. By doing a series of socket API utilities, you will be able to connect, listen, create, bind, or send traffic on a target’s TCP/IP sockets. 

What happens when you are able to exploit a target’s TCP? If you are able to know the IP address and the TCP ports that are associated with the service that you want to target, then you can better plan your attack. Most of the time, this information is available to system administrators in an

organization and this data is also something that admins need to hide from any attacker. Before you can launch any attack on any network, you will need to gain this information first.

Making Your Port Scanner

Port scanning is a method in which you can assess which of the ports in a targeted computer is open, and what kind of service is running on that specific port. Since computers are operating to communicate with other devices and perform a function by opening a port to send and receive data, open ports can be a vulnerability that hackers will want to exploit. Think of an open port to be similar to an open window to a burglar – these open ports serve as a free passage to any hacker that will want to steal data or set up shop inside a computer to exploit its weaknesses for an extended amount of time.

Take note that port scanning is not an illegal activity to do – in fact, network security personnel scan the ports of client computers in order to learn about their vulnerabilities and apply the security protocol needed. However, port scanning is also the best way for any hacker to discover new victims and find out the best way to hack their system. At the same time, repetitive port scans can also cause a denial of service, which means that a legitimate user may not be able to use a

particular networking service due to the ports exhausting their resources.

A port scanner will allow you to look at the hosts and the services that are attached to them. They essentially This section will enable to write your own program for a TCP port scanner that will be able to do a full connect scan to the target’s TCP in order to identify the hosts that you may want to exploit in the future using the socket built-in module, which in turn gives you access to the BSD socket interface.

As you may have already guessed, sockets are behind mostly anything that involves network communications. When you pull up a web browser, your computer opens a socket in order to communicate to a web server. The same thing happens when you communicate to other computers online, or send a request to your printer over your Wi-Fi.

Take a look at some of the socket functions that you are going to use:

With this information, you can create a simple port scanner that will allow you to connect to every port that you are able to define that corresponds to a particular host. Pull up your text editor and then save the following code as portscanner.py:

When you run this program at the interpreter prompt, this is how the output should look like: