Understanding Hacking Tools with Socket Programming

by Uriah C.

There are many tools out there for scanning and breaking into remote systems.

With tools like Nmap, Metasploit, and Ettercap, scanning and exploiting is easier then it used to be.  This, combined with many online tutorials, can give anyone the ability to wreak havoc on a system.  It can be as easy as doing a scan with Nmap and then using an exploit and payload from Metasploit.  Not to mention that the many live GNU/Linux disks containing these tools are just a download away.

Don't get me wrong, I use these tools for testing the security of my network and love the fact that I can do it quickly.  But I am more inquisitive than most when it comes to my tools.  I want to understand how they work.

The first step in exploiting a remote system is knowing which ports are running a service that can be exploited, so I decided to write a simple port scanner in order to come to an understanding of programming client applications that can be used to find open services.

The easiest way to find an open port is to try to connect to that port.  If one can connect to the port, then there must be some service running on it.  This is not the stealthiest way to scan a system for open ports, though, because the program is connecting to the service and might leave a log that a client tried to connect.  Also, if the service is busy and cannot handle the connection, then the scanner will give a false negative.

Here is some pseudocode for my application, which was written in Java:

// If socket programming is not built in, then don't forget to import the
// needed libraries.  We need to identify the target.  This can be any IP,
// but I will use the local address for this example.

ipAddress = "127.0.0.1";

// Not let's try to connect to ports on the IP address with a for loop

for (port = 1; port < 1025; port++) {
	try {
		socket = new socket(ipAddress, port);
		Write "port " + port " on " + ipAddress + " is open";
	}
	// If there is a connection, then it will let us know the port is open.
	catch(exception) {
		Write "port " + port + " on" + ipAddress + " is closed";
	}
	// If the connect fails, then the port is closed.

The code within the for statement is a basic socket connection, and can be used in any client programming project.  For example, one could use the code to connect to a web server and then stream in a URL request.

Socket programming is a key element to remote access.  An understanding of it can lead to writing servers and clients for one's own needs.  It facilitates in the writing of clients and servers like mail, HTTP, backdoors, Trojans, and anything else that requires a connection between two computers.
Return to $2600 Index