Network Mapping Using Nmap

Network Mapping is a process by which the devices on the network and their connectivity types can be discovered. It is very important for network engineer as well as a penetration tester or a hacker to know this tool. The most preferred way of mapping is using Nmap.

What is Nmap?

“Nmap is a security scanner, originally written by Gordon Lyon, used to discover hosts and services on a computer network, thus building a “map” of the network.” (Ref: Wikipedia)

Installing Nmap

  • On Linux: Kali Linux comes preinstalled with Nmap, so you can use right after the installation of Kali Linux
  • On Windows: On Windows, Nmap can be installed using multiple ways as mentioned below.
    • Download and install using Nmap Installer from here
    • Get Pentest Box which have nmap included. Here is the download link
  • On MAC: For MAC OS, download installer from here. More detailed instruction on installation can be found here

Using Nmap

  • To scan a particular ip or hostname:

    nmap ip or hostname


  • Scanning a specific port
    nmap -p 22

    The above command will scan the ip for port 22

  • For a range of ports
    nmap -p1-1000

    The above command will scan the ip from port range 1 to 1000

  • To check what service a port is running
    nmap -sV
  • Scanning an entire IP range
  • To scan all 65535 ports
    nmap -p-
  • OS detection
    nmap -O
  • To scan an IP using TCP conect
    nmap -sT
  • To scan using TCP SYN
    nmap -sS
  • For UDP scan
    nmap -sU

Nmap comes preloaded with lot of features for various type of scan which can be used depending upon the requirement and how the target server is setup. To get all the options and flags supported by nmap use the help command:

nmap -h

Introduction And Getting Started into Bug Bounty


Most of you might be hearing the term Bug-Bounty the very first time!

What is bug bounties? What are the benefits of bug bounties? And how
to get successfully into bug bounties?

The answers to these questions are answered in this post in detail.

What is bug bounty?

It is a program run by websites and software developers who reward people for finding and reporting security related issues in their websites or products. All bugs can’t be considered valid in a bug bounty programs, but only those which can have impact on the security or integrity of the website or privacy of the customers data.

What are the benefits of bug bounty program?

Bug Bounty program benefits everyone directly or indirectly. It is a win-win situation,
where everybody gets some sort of benefit.

    • Companies and Organisation running the bug bounty program gets benefited by patching the security holes. Thus, making their websites and infrastructures more secure and also protecting their customers data.
    • The bug bounty hunter or the bug reporter gets paid generously for their work as well as appreciation for their contribution. Also, It generates a goodwill feeling that they are doing something which is helping the community. Moreover, you can opt application penetration testing as a career. There is a huge demand of security researchers in different fields and companies are investing billions to make internet a secure and safer place for everyone.
    • The customers or the end consumers gets better protection of their data and privacy. Thus, leveraging their trust towards the Company.
Getting Started Into Bug Bounty

For beginners, it is like finding a corner in circle. There are hundreds of tutorials and resources available online which makes it difficult to plan what method should be followed. But still there are some specific way which are easy to follow with better results and understanding. Initially Bug Bounties takes a lot of time and efforts to start.

The path to reach success
    • Stepping Stones:

      First get to know about the vulnerabilities in detail which you will be going to find in the upcoming days. The method is simple which mostly works, pick any one type of bug and dig deeper about that. Here is the OWASP Top 10 list for reference to all type of bugs which are found in wild in web application and have severe impact. So, pick any one type from the list and learn more about it. Use google as extensively as possible.

    • Practice:

      After learning enough about a bug type you need to practice it. So, that you can get better grasp of it. For practicing you can setup your own vulnerable web application on localhost. In the upcoming weeks new posts will be made on this topic only.

    • Time to get wild:

      Once you feel that you are ready to find bugs in live applications, signup at HackerOne or BugCrowd, which has a huge list of running bug bounty programs. Select any one of the programs and try to find the bugs using the knowledge you’ve gained. At first you might not get any bugs here as these sites have already been tented multiple times by many security researchers. So, you might have to keep trying, maybe for a week or few days.

      It is important to read the program terms and scope very carefully. You can check Hackerone’s Hacktivity to understand the approaches followed by bug hunters and how they found bugs as well as how to make a good report. It is a very important to note that the report you send to any program for a bug which you found, should be in the specified format with clear instructions to replicate the bug and working proof of concepts.

    • Switch to Linux:

      If you are still using windows, then switching to Linux is better. It is ideal to learn to use Linux, as most of the tools used in penetration testing can be found in Linux. Kali Linux by Offensive Security is one of the best penetration testing Operating System out there which includes thousands of tools pre-installed and ready to use.

    • Learn Burp Suite:

      Burp Suite is a proxy tool which includes advanced features which is a must have tool for any web application penetration tester. Get a free version of burp suite from here. You can learn setting up burp and basic tutorial here.

All the above mentioned methods are enough to start your bug hunting journey. In the upcoming weeks, we will be posting more in-depth techniques and methods to sharpen your skills as well as resources covering particular topics.

Till then wish you all the best. Remember, “it takes patience and perseverance to achieve something worthy to boast about.”

How much should you really invest for an antivirus?

The most common question that every windows user would ask me is, “How much should I invest for an antivirus software?”

There’s no point in saying that you don’t need an antivirus, but there are so many choices, free versions, cheap ones, costly ones…. Which one to choose?

It all depends on what your need is.

Windows users do basically have an inbuilt antivirus engine called the “Windows Defender”, which had been facing a lot of critics for being useless, but now things have changed after windows 10.

Windows Defender gets new security patches and virus definition updates frequently. And so you have got the basic threat protection. It does have firewall, smart screen which monitors new to be installed apps, etc…..

Windows Firewall did face a lot of controversies and majority of the world don’t rely on it! Even me 😛

Well what’s with a 3rd party antivirus software?

Antivirus softwares from Norton, McAfee, Avast, KasperSky, Sophos, etc… does the basic things Windows Defender does. All these score the same in virus detection rates, but these antiviruses are more than what it says. It includes it’s own firewall, has web protection, email protection, auto updates (including all windows and other installed critical software updates), Parental control, remote control, backups, etc…

Each security vendor provides such features for different price. While purchasing one you might have to compare all the available antiviruses. But on the top first decide what you would need. An antivirus which offers more features might not be the best. For example, you might updates your system automatically, or you don’t need parental control because it might be your business or personal device.

There are many things that you would have to consider first before you get an antivirus. So sit down and do some research about all the antiviruses out there. Then list down what you need and find out what each antivirus offers and look for reviews provided by its users. After you are all satisfied get it for yourself. Sometimes for your need you would only need a free version.

If you are still confused or you have any suggestions to tell or maybe something that would be helpful to other readers which I would have missed out please do write down in the comment section below.


Just a week into 2018, four cyber attacks already

It’s been a week into 2018, and here we have four major cyber security breaches.

From Aadhaar details getting compromised to fake apps stealing banking data, 2018 has presented us with four large scale cyber attacks which potentially affect millions, even billions of people.

Here’s a quick read of the 4 attacks…….

Aadhaar data access

Just Rs. 500 for unrestricted access to Aadhaar details

Although the authorities have been claiming over the fact that all Aadhaar data is safe and secure despite all the controversies that were going on. All it took was to pay 500 rupees through Paytm and in 10 minutes you would get all the details. The Tribune was the first to report this through their investigation. One of their own journalist anonymously contacted the person who sold the data illegally and bought it to light.

After Rs. 500 was transferred to them via Paytm, they created an ID for the client, which allowed unrestricted access to the Aadhaar portal.

But that’s not all. For another Rs. 300, the racketeers also let the client print Aadhaar cards. They installed software on the client’s computer while accessing it remotely. Once the job was done, they made sure to delete the software drivers completely from the system.


Android trojan steals banking login data

Quick Heal labs recently reported that an Android malware which could steal banking details of 232 banking apps including SBI, Axis Bank, ICICI, HDFC and few crypto-currency apps too.

Known as Android.banker.A2f8a, the malware is being distributed via a fake Flash Player app on third party stores.

It has the potential of stealing personal data, intercepting SMS which contain OTPs, stealing contacts and tricks users into giving up login details.

It uses the android’s screen overlay mechanism and also shows fake notifications of banking apps and tries to capture login data.

Meltdown and Spectre

Researchers find security flaws in modern chips

Researchers with Google’s Project Zero, along with academic and industry researchers, discovered two security flaws in modern microchips which puts almost all phones and computers at risk.

Meltdown affects Intel chips and has the potential to let hackers read the kernel memory and steal passwords.

This led to a raise in competitors market share, but did not last too long.

Spectre a second major chip vulnerability affects Intel, AMD, and ARM chips, lets hackers steal information from apps.

Now all chip manufacturers will have a tough time this year!

Uber app

Fake Uber app steals user’s Uber ID and password

Although Uber did not suffer much, researchers at Symantec discovered a fake Uber app for Android smartphones.

The app shows users a mock-up version of Uber’s service which attempts to steal information by asking for users’ Uber IDs and passwords.

Later, the fake app tried to cover its tracks – it started showing screens of the legitimate Uber app with a user’s location.

Bypassing App Lock on any Android device

With rapid growth of android smartphone industries, the number of android smartphone users are increasing on fast scale. With growing digital trend, the security of these devices are highly essential as all your data is stored in your phone. Spying others phone is also easy.

Suppose you have a lot a private, confidential, personal photos in your phone. Be it your newspaper articles, college notes, screenshots, selfies, pics of your girlfriend/boyfriend, and other secrets….. You probably would use an App locker installed on your phone.

Now you would want to bypass your friend’s phone app lock to find out who their crush or girlfriend/boyfriend is. The basic methods I share with you might help you.

Ok first let me install an App lock on my phone from playstore. I choose the famous AppLock by DoMobile Lab.

Ok now I locked my Gallery app. By default AppLock locks the Settings app also.

We have to take advantage of user who makes mistakes of not locking other apps through which files can be accessed.


Things that usually work.

  1. Access Play Store to install alternate Gallery or File Manager.
  2. Safe Mode and uninstall App Lock.
  3. From installed File Manager which is not locked.

Since everyone knows these methods I’ll move on to this one. This is a fail-safe trick that works if the Chrome browser is not locked. Wait before you lock, checkout the trick, try it out.

Being good guys we did not install extra software here, so no malware building or nerd stuffs here…

Okay….! So open up Chrome and type this in the search bar.


Now you can view all the internal storage files on your phone. Everything. Yes everything. Hidden files, system files.

We have tested this on the following browsers, you too can try it out. There’s no harm..

  1. Chrome
  2. FireFox
  3. Opera (Not Opera Mini)
  4. Microsoft Edge

Note: This works only if the browser has permission to access files and storage and if the browser is not locked.

Final words: If nothing works, uninstall App Lock from phone. If you can’t do it in safe mode! To protect yourself lock your browser, PlayStore, File Manager.

Above all make sure not to give your phone to others..!

Warning: All contents are only for educational purposes, do not use these methods to interfere others privacy!

Do you know any other ways of bypassing App lock or things that didn’t work or anything that we left out? Please do comment on the post below and let us know!

DSCI Excellence Award 2017 in Cyber Security Education for Hindustan Institute of Technology and Science

On 14th December the DSCI Excellence Awards 2017 was presented in various disciplines to honor best practices adopted by the industry, exemplary work carried out in the field of security and privacy, and reward visionary leaders.

Hindustan Institute of Technology and Science was nominated under the Category of Excellence in Cyber Security Evangelism and was awarded the Excellence in Cyber Security Education. This was the one academic institution to be honored by DSCI this year.

Dr V Ceronmani Sharmila, Head-Centre for Networking and Cyber Defense, Asst. Prof, School of Computing Sciences and Dr T Sudalai Muthu, Asst Prof, School of Computing Sciences received the award of behalf of HITS and CNCD.

It was really a proud moment for members of Kruptos Security Club and Centre for Networking and Cyber Defense.

Find the Operating System of a server using ping and traceroute

It is simply possible to find or understand the OS a server is running on, using Ping and Traceroute scans.

Note: There are advanced tools to detect OS type, but this is one simple method that might not just be accurate if the datacenter routing traffic to a different subnet.

Ping is a computer network administration software utility, which used to find the Availability of a host on an Internet Protocol (IP) network.

Traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol (IP) network.

We would need the TTL value and sometimes the total number of hops made in traceroute for OS detection.

Below is the table of OS with version and protocol details and the default values. These values differs between the Operating system. Reference: Subinsb gives details of the table of TTL values of different OS.

Device / OS Version Default values
AIX 60
AIX 30
AIX 3.2, 4.1 255
BSDI BSD/OS 3.1 and 4.0 255
Compa Tru64 v5.0 64
Cisco 254
DEC Pathworks V5 30
Foundry 64
FreeBSD 2.1R 64
FreeBSD 3.4, 4.0 255
FreeBSD 5 64
HP-UX 9.0x 30
HP-UX 10.01 64
HP-UX 10.2 255
HP-UX 11 255
HP-UX 11 64
Irix 5.3 60
Irix 6.x 60
Irix 6.5.3, 6.5.8 255
juniper 64
MPE/IX (HP) 200
Linux 2.0.x kernel 64
Linux 2.2.14 kernel 255
Linux 2.4 kernel 255
Linux Red Hat 9 64
MacOS/MacTCP 2.0.x 60
MacOS/MacTCP X (10.5.6) 64
NetBSD 255
Netgear FVG318 64
OpenBSD 2.6 & 2.7 255
OpenVMS 07.01.2002 255
OS/2 TCP/IP 3.0 64
OSF/1 V3.2A 60
OSF/1 V3.2A 30
Solaris 2.5.1, 2.6, 2.7, 2.8 255
Solaris 2.8 64
Stratus TCP_OS 255
Stratus TCP_OS (14.2-) 30
Stratus TCP_OS (14.3+) 64
Stratus STCP 60
SunOS 4.1.3/4.1.4 60
SunOS 5.7 255
Ultrix V4.1/V4.2A 60
Ultrix V4.1/V4.2A 30
Ultrix V4.2 – 4.5 255
VMS/Multinet 64
VMS/TCPware 60
VMS/TCPware 64
VMS/Wollongong 128
VMS/Wollongong 30
Windows for Workgroups 32
Windows 95 32
Windows 98 32
Windows 98, 98 SE 128
Windows 98 128
Windows NT 3.51 32
Windows NT 4.0 128
Windows NT 4.0 SP5- 32
Windows NT 4.0 SP6+ 128
Windows NT 4 WRKS SP 3, SP 6a 128
Windows NT 4 Server SP4 128
Windows ME 128
Windows 2000 pro 128
Windows 2000 family 128
Windows Server 2003 128
Windows XP 128
Windows Vista 128
Windows 7 128
Windows Server 2008 128
Windows 10 128

You need not confuse with the long list. Here is the short version of the table you can refer to.

Device / OS Default value
*nix (Linux/Unix) 64
Windows 128
Solaris/AIX 254

First we do a ping test to get the TTL value. Incase the TTL value does not match the given table value we will do a traceroute on the same domain to get the number of hops and sum the TTL value and number of hops.

Now we perform the first test.

We ping

We are getting a TTL of 56.

Incase your TTL value matches the table then you can stop here and proceed without doing traceroute.

The value 56 cannot be found in the table so we go to perform the traceroute.

So tracert traceroute

Note: For all *nix based systems traceroute is the command. For windows it is tracert. The results are all the same.

We got 8 hops here.

Now we add the TTL value and Number of Traceroute hops.

Default value= 56+8 ==> 64

So we could say that runs on a linux server.

Alternatively you can try for any domains. You could even do this on your locahost as ping -4 localhost

MacOS HighSierra “root” vulnerability

On November 28th , Lemi Orhan, an Agile Software Craftsman, tweeted about a bug on MacOS HighSierra which allows anyone have a root access to the computer with the username “root” with a blank password which was later confirmed by Apple.

Tweet Screenshot

Testing this bug on your Computer

If you are testing it on your machine it will have a negative impact, which means it creates a persistent root user account on your Computer. It will have effect on some remotely accessibly services like Remote Desktop. Once this has been enabled on your system, it posses some security impact on your Computer.

Some users on Twitter even claimed the vulnerability can be exploited remotely if VNC or Apple Remote Desktop is enabled.

One of the way to protect yourself against this bug is not to try it on your computer. But if you have already done so, Just the change the root password and also disable remote services through System Preferences > Sharing and disable any of the remote services you’re already using.

You can follow this instructions provided by Apple Support to protect yourself.

Computer Security Day

Computer Security Day is an annual event and is celebrated on the 30th November each year. It is designed to raise awareness and to promote best practices in Information Security.

CNCD at Hindustan Institute of Technology and Scinece celebrated the Computer Security Day by organizing a talk event. Mr. Sam Abraham, CISO, Royal Sundaram General Insurance Co. Limited, Chennai was the speaker of the day.

Students and Staff had an exciting interactive session.

#ksc #cncd #CyberAware

Online safety tip sheet

Our club members have started to actively engage in works. They have come up with a mindset of spreading the word of online safety for internet citizens.

One such work is by Niranjan, our club’s executive member has made a nice online safety tip sheet. Kudos to him and others who are doing such good deeds!

#ksc #cncd #CyberAware #PrivacyAware