Saturday, 1 June 2013

NMAP - Finding potential Zombie machine using NMAP


In reference to my tutorial below, i showed how Metasploit is used to find potential zombies (idle machines)
http://securityg33k.blogspot.sg/2013/05/nmap-metasploit-finding-zombie.html

But NMAP does have the ability to find zombie machine as well,

#nmap -Pn -n --scanflags SYNACK 192.168.71.164 -p 80 --packet_trace


The ID=240 is where we will be focusing. 


So re-run the scan again and look at the ID and in this case its incremental id=240 + 1 = id=241. When it is incremental +1, it means this system is a potential zombie!!!

No comments:

Post a Comment