The movie Elysium showcased some awesome UNIX shell commands. The rhost command was one, there is a more detailed show here: http://i.imgur.com/niqfmy5.png. The nmap port scanning utility is used to port scan Matt Damon`s brain before the data is copied from his neural storage to the Elysium computer system. I cannot see the full command; but is a real usage of this useful port scanning utility and shows that Hollywood are actually using real computer commands in their movies. But why are such advanced computers still running a master and slave IDE hard drive system instead of SATA III or something even better? That was a strange scene in the movie, but I guess that they have very advanced IDE drives on Elysium and the transfer rate has been increased over the old technology. But why would you be using such an outdated tech in the year 2154?
Part of the visible nmap command is the -sV parameter, this is used to probe open ports to determine service. He is probing open ports to see what is running on that port. That is a very useful part of penetration testing. You want to be able to probe the system and see if there are any open ports. Then scan those open ports to see what is running. Then you must find out what version the software is. This allows the attacker to do some research and look for zero day vulnerabilities that could affect the software. Below is an example scan using nmap. This is scanning an old Ubuntu machine for open ports.
homer@hal9000:~$ sudo nmap -o -P0 -sS 192.168.78.130 Starting Nmap 6.40 ( http://nmap.org ) at 2014-09-06 22:48 EST Nmap scan report for 192.168.78.130 Host is up (0.00032s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 444/tcp open snpp 9876/tcp open sd MAC Address: 00:0C:29:5E:53:4E (VMware) Nmap done: 1 IP address (1 host up) scanned in 34.42 seconds |
Here is a simpler way to scan for open ports.
homer@hal9000:~$ sudo nmap -sS 192.168.78.130 Starting Nmap 6.40 ( http://nmap.org ) at 2014-09-06 23:02 EST Nmap scan report for 192.168.78.130 Host is up (0.00033s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 444/tcp open snpp 9876/tcp open sd MAC Address: 00:0C:29:5E:53:4E (VMware) Nmap done: 1 IP address (1 host up) scanned in 24.64 seconds |
Below is an example of how to scan for the operating system that the target machine is running. The scan confirms that the machine is running GNU/Linux and a 64bit kernel.
homer@hal9000:~$ sudo nmap -O 192.168.78.130 Starting Nmap 6.40 ( http://nmap.org ) at 2014-09-06 23:05 EST Nmap scan report for 192.168.78.130 Host is up (0.00039s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 444/tcp open snpp 9876/tcp open sd MAC Address: 00:0C:29:5E:53:4E (VMware) No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=6.40%E=4%D=9/6%OT=22%CT=1%CU=44282%PV=Y%DS=1%DC=D%G=Y%M=000C29%TM OS:=540B0702%P=x86_64-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=10A%TI=Z%CI=I%II=I% OS:TS=8)SEQ(SP=106%GCD=1%ISR=10B%TI=Z%CI=RD%TS=8)OPS(O1=M5B4ST11NW9%O2=M5B4 OS:ST11NW9%O3=M5B4NNT11NW9%O4=M5B4ST11NW9%O5=M5B4ST11NW9%O6=M5B4ST11)WIN(W1 OS:=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R=Y%DF=Y%T=40%W=3908%O OS:=M5B4NNSNW9%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N OS:)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A= OS:S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF OS:=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL= OS:G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 107.60 seconds |
Below I am using the sudo nmap -A -T4 -P0 192.168.78.130
command to perform a more in-depth scan of my system.
Starting Nmap 6.40 ( http://nmap.org ) at 2014-09-06 23:11 EST Nmap scan report for 192.168.78.130 Host is up (0.00028s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.4 (Ubuntu Linux; protocol 2.0) 443/tcp open https? 444/tcp open snpp? 9876/tcp open sd? MAC Address: 00:0C:29:5E:53:4E (VMware) OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU No OS matches for host Network Distance: 1 hop Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE HOP RTT ADDRESS 1 0.28 ms 192.168.78.130 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 227.20 seconds |
This scan shows the open ports as well as some information about the operating system it is running.