Ok, if you have not downloaded the required programs yet, do it now.
I suggest making a special folder wherever you download stuff called
"Scanning" or something similar to easily locate all the tools you may
collect. Anyway installing Ping is pretty simple, extract the zip
somewhere and run the installer and let it do it's business. When
it's done you will have some brand new icons to play with in your start
menu.
Start up Ping, you'll see the little splash screen and then it will
load the program up. This program can be used to scan for pubs or to
scan ports, I don't know how to use the port scanning functions so I will
only be talking about pub scanning. First thing to do it open up the
options by going to Options -> Preferences or simply pressing F8.
The first tab (Ping) you can leave alone because those settings are kind
of advanced, I don't even touch them. The second tab (List View) is
just visual preferences, I suggest just leaving them alone but you can
mess with them if you want.
Ahhh the Pub Find tab, here is where the main setting are for scanning
for pubs. On the general tab in this section I have Threads set to
130 and the timeout at 10. Although I recommend using something like
52 threads for starters. Why 52 you ask? Well the more threads
the faster a scan gets completed, but before you go entering 500 it also
requires more bandwidth and more CPU power. The threads variable is
actually how many pubs it checks at one time so you can see how the
default of 5 does not work very quickly when your scanning thousands of
ips. The reason for 52 specifically was that if it's set at 50 there
ends up being 4 left over and it just it much faster to use 52. If
you have a decent computer and a normal connection 52 is my recommended
setting for starting off, using something like 130 would probably work
also and get it done in about half the time. The timeout is best
left at 10 unless you know your response time if really awful for ftps in
which case you should set it a little higher, the higher the value
the longer a scan will take.
Onto the Firewall and Firewall Backups tabs. Personally I leave
these alone, some people like to scan with proxies (which is what grim
calls firewalls) to keep their actions anonymous. I may add to this
section detailing on how to use this feature at a later time.
On
to the Logging, This tab has a bunch of options so I will give a
screenshot and explain them all. For the top two check boxes you can
either log only anonymous ftps that ping comes across, all ftps that it
scans (would make a huge log file), or not log any ftps. I choose
not to log any... yes I said that right. This is just a basic log,
the actual results of the scan get put into a different file. The
next box you want checked, this will log all Wingate Engines that it comes
across while looking for ftps, they are useful to help FXP files
which is not a topic for here so I will just leave it at that. These
settings will create a log of JUST Wingates which may be useful later.
The next option is where these results are kept... you can make this any
location you would like but I suggest just leaving it alone and it will
store in in the main Ping directory. The last two options should be
left unchecked... first one is self explanatory, the second I don't even
know what it does but I like how the logs look now so I'm not going to
change it.
Moving onto the General Tab. These are mainly personal
preferences. You can have it auto save your queue in case you quit
Ping on accident or something. Also if you've been disconnected it
will try and figure out when you get reconnected and start scanning again.
Just set all these to your liking or just leave them alone to get on with
the scanning.
And
onto the Permissions Tab. Here you will find all the options for
logging the found pubs with good permissions. On the General Tab you
want to have the box checked and there should already be some directories
entered here. I have mine rearranged to my liking (it checks in the
order they are listed) but they are fine the way they are defaulted too.
If you would like to add some more directories to check the easiest way is
to edit the ping.ini file manually. I have a pre-made dir list,
HERE, you can paste right into the ini
over the current directory information (Make sure ping is closed).
On the Logging Tab You can again change the location of the file but I
suggest leaving it where it is. The rest of the options should be
set up as in the picture to the right. This will generate the most
useful perms.log. The first 4 boxes should be checked and the last 2
unchecked.
OK that's it for setting up Grim's Ping... all ready to find some
ranges to scan. But don't quit Grim's because we will need it again soon.
OK... there are many ways to go about doing this... I will cover a few
in here. The worst thing you can do is just punch in random ip's,
this will in general give you no results. I suggest reading through
the first method before reading any others because it has some basic
skills that may be needed elsewhere. Also in the other methods I may refer
back to the first method for things that are already explained.
The first method involves searching for web hosts and then scanning
their ranges, usually this gets results but sometimes they are all being
use already. First go to
HostSpot which is a
web host search engine. Now click the "View all hosts" which is next
to the navigation bar on the main page.
From here go to random pages until you find a web host that looks nice and
big and fast. Really there is no way to tell, but I usually look for
hosts offering unlimited bandwidth and lots of space. Once you find
one click on it's name and you will go to a page with more info about
them. Then right click on the link right under the hosts name and
select "Copy Shortcut" which puts their webpage on the clipboard.
Now switch over to Ping and select Tools -> Single Host Lookup (or simply
press F9). Paste the URL in here but either pressing CTRL-V or right
clicking and selecting paste, then press lookup. A Dialog box will
popup which shows the IP and the Hostname. When you click on OK your
pasted URL is replaced by the IP it found. Select this and Copy it
by pressing CTRL-C or right clicking and hitting copy. Now press
close and go to the next section to scan the IP you found.
The second method is along the lines of random ip's but more
controlled. When you get good at it this is a great method for
finding unclaimed pubs. First go to the
IP Address Index
(check my links section for mirrors) and just
check out the main page for a minute. Most Pubs are going to be
found in the Class C Range (Click Class C), specifically in 204, 205, 206,
207, 208, 209, 216. These are listed as various US/Canadian Networks
and if you click on the link it gives you more details about each range.
Pubs are also commonly found in The Class A Range (go to Class A), mostly
in 63-66 which is InterNIC Registration. OK go back to the Class C
section and click on one of the ranges I talked about above. Here
you can just scroll and look for a company that looks like it might have a
lot of FTP's and that's it. Just copy their start range to the
clipboard and move onto the next section.
My third method is just a combination of methods one and two.
First you find an IP using method one then go to the IP Address Index and
find it. From there you can see who owns that range and who owns
everything around it. If it looks good you can scan that ip and all
it's surroundings. Once you find something suitable copy the IP to
the clipboard and move to the next section.
First we have to get our IP into the queue so hit the "Paste IP" button
on the top toolbar. Paste your new found IP in here and hit OK.
To do a good scan you usually want to scan the whole range so edit the
third box and make it a "0" like in the picture. I also found out
you can use wildcards to paste an IP, so you can replace the third box
with a * and skip the "Add Multiple Ranges" step. Now make sure that
"PubFind" is selected and then press "Add to Queue" which will add that
small IP range to the queue. Now press "Add Multiple Ranges" and
enter in 255 and press OK. This will take a minute to complete and
it will add that full range to the queue. OK this should be enough
to work with for now so close that box, get ready, and hit the Go button
on the toolbar (Stoplight Picture). Watch Ping scan away, it shows
various information on the bottom like how many servers found and
everything like that. You can view you perms.log and results.log
while scanning, the options to do so are located in the File Menu.
Here you can also minimize Ping to the system tray and then come back a
few hours later to find it done.
