This post is going to introduce you to a "Identify Live Hosts" tool by the name of 0trace that enables a user to perform hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do. The important benefit of using an established connection and matching TCP packets to send a TTL-based probe is that such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table).
How to reach 0trace ?
The command syntax :
root@bt:/pentest/enumeration/0trace# ./0trace.sh eth0 (IP ADDRESS1)
and then you need to then open another terminal and connect using netcat as below
root@bt:~# nc (IP ADDRESS1) 80
Here in the example as shown vide screenshots,i have used a web site ip address for sample check....without opening the second terminal window...you will not get any progress on the first terminal....
How to reach 0trace ?
(Click to enlarge) |
(Click to enlarge) |
(Click to enlarge) |
root@bt:/pentest/enumeration/0trace# ./0trace.sh eth0 (IP ADDRESS1)
and then you need to then open another terminal and connect using netcat as below
root@bt:~# nc (IP ADDRESS1) 80
Here in the example as shown vide screenshots,i have used a web site ip address for sample check....without opening the second terminal window...you will not get any progress on the first terminal....