Auditing Worldwide with Masscan & Blockfinder by : [Mohamed Ahmed]

Sep 18, 2017 11:12 PM
636413453268722657.jpg
636413453871281816.jpg

I will teach you how we can audit systems worldwide by the ranges that the ISP give to each country, this POST I wanted to elaborate it about 1 year ago, but reasons of time and occupations do not make it easy for me , but today I have the pleasure of doing it public, since the tool "Masscan" have already published in some videos or forums but with a poor content, clear without discrediting my colleagues in the "ordinary" sense, what I will do to innovate the researches in attaching the tools Masscan and Blockfinder, to globalize our investigation to a level of world-wide quality. What is Masscan?

Masscan is the fastest scanner in Internet port scanning. is able to analyze the entire Internet in less than 6 minutes, the transmission of 10 million packets per second. It produces results similar to nmap the most famous port scanner. literally works more like scanrand, unicornscan and zmap, using asynchronous transmission. The main difference is that it is faster from these other scanners. In addition, it is more flexible, allowing arbitrary port ranges and port ranges. What is Blockfinder?

Blockfinder allows to identify, contact and potentially obtain each computer network in the world, it is a console based on a simple text, this tool wraps a list of network blocks for a given country granting the IP ranges that are used in their ISP.

Download:

https://github.com/robertdavidgraham/masscan

https://github.com/ioerror/blockfinder

After reading the function of each tool, let's download them either manually or by the terminal, in my case I will by the terminal.

Code: Select

root@kali:~# git clone https://github.com/robertdavidgraham/masscan.git

root@kali:~# cd masscan

root@kali:~/masscan# chmod 775 *

root@kali:~/masscan# sudo apt-get install git gcc make libpcap-dev

636413459815656514.jpg

the first thing I did was to download the masscan, later we entered the folder we gave the executable permissions to the module and after that install lipbcap, since we need this repository for the tool to execute without any errors.

After that we will install it with the command " make "

636413460538643514.jpg

Once you have done all the procedures we will have our masscan running perfectly, before running it we will proceed to download Blockfinder.

Code: Select

root@kali:~# git clone https://github.com/ioerror/blockfinder.git

root@kali:~# cd blockfinder

root@kali:~/blockfinder# chmod 775 *

root@kali:~/blockfinder# ./blockfinder.py -i

636413461109250480.jpg

As we saw in the same way we downloaded it, we entered the directory, gave permissions in the module but when running ./blockfinder.py -i, the -i statement updates the ranges packages related to each ISO code of each country, which would benefit this tool to have a good result.

ISO Codes

http://www.nationsonline.org/oneworld/country_code_list.htm

Once you understand the following, we will get the IP ranges of a country, in my case I will look for the one in egypt for this proof of concept .

Code: Select

root@kali:~/blockfinder# ./blockfinder.py -v -t EG

636413466940683857.jpg

once you have obtained the ranges we will choose a RANGE that we want.

we will now go to enter the masscan to analyze the specific range and ports that we want to capture in my case, it will be the 445 that is vulnerable to many attacks such as the well known exploit Netapi, by msfconsole, likewise we can locate ports referring to FTP, SMTP, among many which they are aimed at. as we see a list of us scanning and we see that it is beginning to scan 32769 computers that are in the process of analysis, if we want to save it in a file we can do it in the following way:

636413468235656819.jpg

Code: Select

root@kali:~/masscan/bin# ./masscan -p445 190.187.128.0/17 -oX scan.xml

in my case I leave it as optional call the file scan with the extension .xml.

636413469201643171.jpg

the file is hosted in the folder where they executed the masscan with the name they assigned in my case scan.xml

In our case we can choose an IP and analyze it with the Shoudan search engine to see the services that such system consists of:

https: // www .shodan.io / host / 190.187.142.83

636413471174298559.jpg

remote attacks one can add an IP list to proceed to scan and launch the Hail Mary to automatically exploit some systems while it may be running something else at the same time. in my case I did 10 days ago I made a exploitation by telnet to a camera server

In my case I exploit a Telnet server, with port 23 and leave a backdoor inside, for security I only show the ARRIS access panel.

636413475640482239.jpg

in my case I found a IP related to a web which was: bembos.com.pe, so if you want to audit that web system with a brute force attack you can do it with the tool "BruteX"

https://github.com/ 1N3 / BruteX

Code: Select

root@kali:~/BruteX# ./brutex pizzahut.ca

I hope you will be pleased with this thread

greetings ..

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Comments

No Comments Exist

Be the first, drop a comment!