I Hacked My Home Network
I just hacked my home network for the first time using some basic tools from nmap, a free open source network security scanning tool
Within the last 24 hours, I scanned 1000 ports on my home network with the help of nmap, a free open-source network scanning tool, and WireShark, a free open-source packet analysis software.
A big thanks to NetworkChuck's YouTube Channel, which provided multiple videos that helped me with this cybersecurity research in my home lab. Also, huge thanks to my new study buddy, ChatGPT.
For research purposes, I went ahead and set up a Linux VM on Linode and installed nmap there as well as on my Macbook, running commands in both terminals. The reason for this is because I wanted to be sure I'm scanning my home network from a machine that exists outside my network.
You can definitely download nmap and wireshark and try these commands in your terminal too! This is a great way to assess the security of your home network.
DISCLAIMER: Hey, before I go on, DO NOT try this on anyone else's network without consent! I notice that even ChatGPT warns about this if you ask it questions about nmap! Always hack ethically folks!
Moving on...
Finding your public IP address. You can find your public IPv4 address by googling 'what's my IP address' and opening up whatismypublicip.com. For the purposes of this blog, I'll use xxx.xx.xxx.xx to represent my public IP address (psst, never give out your IP address).
Running a TCP Scan:
nmap -sT xxx.xx.xxx.xx
I tried running a TCP scan against the 1000 most common ports on a network using the command nmap -sT xxx.xx.xxx.xx, but I received the response: Host seems down. If it really is up but blocking our ping probes, try -Pn. The reason for this is likely because my home network has security features in place to either ignore or block host discovery attempts. When you use the -Pn flag, you're telling nmap to assume the target host is online. This is fine if you're just running nmap against your home network and you're sure your home network is up.
Running a TCP Scan, after skipping the initial host discovery process:
nmap -Pn -sT xxx.xx.xxx.xx
After running this command, I discovered that all 1000 ports were in the 'filtered' state, meaning there is some kind of packet filtering in place that is preventing nmap's probes from effectively reaching the port. This filtering could be caused by a network firewall device, firewall software, or specific router rules.
Running an ACK Scan
nmap -Pn -sA xxx.xx.xxx.xx
I started doing some research on how to detect whether or not a firewall is in place using nmap. Apparently you can use the -sA flag to send an ACK request, and use the target host's response to determine whether there is a firewall. If you receive 'reset' responses (which appear as red RST rows in WireShark), this indicates no firewall is in place. (Note: Turn off your device's firewall, if it has one, before testing this on your own network).
Running a FIN Scan
nmap -Pn -sF xxx.xx.xxx.xx
I also opted to run a FIN scan using nmap's -sF flag, which sends TCP packets with only the 'Finish' flag in place to the 1000 common network ports. If you see a Reset packet showing up in WireShark, you can conclude the port is in a closed state.
I hope this was helpful to you in your hacking / network security journey.
Happy hacking folks!!