SlideShare a Scribd company logo

Lab-5 Scanning and Enumeration Reconnaissance and inform.docx

Download as DOCX, PDF
L
LaticiaGrissomzz

Lab-5: Scanning and Enumeration Reconnaissance and information gathering methods were passive methods, meaning that they did not cause any alarm, alerts, and log file creation on the target systems: franklin.edu computers. In Lab-5, you will actively scan and enumerate target systems. These actions would cause some log files and probably trigger alerts if the target systems were used by a sensitive organization, such as a military or financial institution. You will perform Lab-5 by using the Netlab environment provided by Franklin University. Netlab environment is an isolated environment with no Internet connection so that none of your actions will cause anything harmful for you or the target system. Section-1: Scan the Network Using nbtscan Tool nbtscan is used for scanning networks to obtain NetBIOS names, file shares, and other information. It is one of the tools that come with Kali Linux. Nbtscan is a convenient tool to scan the active computers on the network quickly. Windows machines have NetBIOS names by default. Linux/Unix computer may also have NetBIOS names if the Samba interoperability suite is installed. Before starting scanning the network from Kali Linux, you have to learn the network address first. 1) Enter the Netlab environment 2) Open Kali Linux and enter the password (password: toor) 3) Open a terminal window 4) Type this command: ifconfig The IP address of your computer is 192.168.2.10, and the netmask is 255.255.255.0. That means the network address is 192.168.2.0/24. You will use this in your nbtscan. 5) Run a nbtscan by typing nbtscan 192.168.2.0/24 to the terminal window. You will see all active computers along with IP addresses, NetBIOS names, and MAC addresses. That is an essential piece of information for a pentester and can be regarded as your initial attack surface. Take a screenshot of the terminal window. Section-2: Scan the Network by Using Nmap You will perform another network scan by using a more versatile tool called Nmap. Nmap is one of the swiss knives of the pen-testers. It is a free and open-source tool and comes with Kali Linux. Nmap has many different scanning options; it can even perform vulnerability scanning in addition to network and host scanning. In this lab, you will first use Nmap's network/host scanning features, and then you will perform vulnerability scanning with Nmap. 1) Type in nmap 192.168.2.0/24 -n -sn in the terminal window. Take a screenshot of the terminal window. Type in mannmap in the terminal window to see the help page of the Nmap tool. Find why you used n and sn options. Section-3: Perform a Port Scan Against a Host In the previous section, you scanned the network by using Nmap. In this section, you will scan a specific host for open ports. 1) Type in nmap 192.168.2.14 -n in the terminal window. Take a screenshot.

Education
1 of 5
Lab-5: Scanning and Enumeration Reconnaissance and information gathering methods were passive methods, meaning that they did not cause any alarm, alerts, and log file creation on the target systems: franklin.edu computers. In Lab-5, you will actively scan and enumerate target systems. These actions would cause some log files and probably trigger alerts if the target systems were used by a sensitive organization, such as a military or financial institution. You will perform Lab-5 by using the Netlab environment provided by Franklin University. Netlab environment is an isolated environment with no Internet connection so that none of your actions will cause anything harmful for you or the target system. Section-1: Scan the Network Using nbtscan Tool nbtscan is used for scanning networks to obtain NetBIOS names, file shares, and other information. It is one of the tools that come with Kali Linux. Nbtscan is a convenient tool to scan the active computers on the network quickly. Windows machines have NetBIOS names by default. Linux/Unix computer may also have NetBIOS names if the Samba interoperability suite is installed. Before starting scanning the network from Kali Linux, you have to learn the network address first. 1) Enter the Netlab environment 2) Open Kali Linux and enter the password (password: toor) 3) Open a terminal window 4) Type this command: ifconfig The IP address of your computer is 192.168.2.10, and the netmask is 255.255.255.0. That means the network address is 192.168.2.0/24. You will use this in your nbtscan.
5) Run a nbtscan by typing nbtscan 192.168.2.0/24 to the terminal window. You will see all active computers along with IP addresses, NetBIOS names, and MAC addresses. That is an essential piece of information for a pentester and can be regarded as your initial attack surface. Take a screenshot of the terminal window. Section-2: Scan the Network by Using Nmap You will perform another network scan by using a more versatile tool called Nmap. Nmap is one of the swiss knives of the pen-testers. It is a free and open-source tool and comes with Kali Linux. Nmap has many different scanning options; it can even perform vulnerability scanning in addition to network and host scanning. In this lab, you will first use Nmap's network/host scanning features, and then you will perform vulnerability scanning with Nmap. 1) Type in nmap 192.168.2.0/24 -n -sn in the terminal window. Take a screenshot of the terminal window. Type in mannmap in the terminal window to see the help page of the Nmap tool. Find why you used n and sn options. Section-3: Perform a Port Scan Against a Host In the previous section, you scanned the network by using Nmap. In this section, you will scan a specific host for open ports. 1) Type in nmap 192.168.2.14 -n in the terminal window. Take a screenshot of the terminal window.
192.168.2.14 is the Metasploitable machine. There are many open ports on this machine. It is an intentionally vulnerable Linux machine used for training purposes. As the pentester, you determined your initial attack surface using nbtscan and nmap tools, which can be thought of as the active computers on the network. The list of open ports of the Metasploitable computer is also an attack surface specific to a host. An open port can be considered one of the most valuable attack surfaces. Because an attacker can attack computers by using open ports in many ways, such as: a) By flooding the port, such as SYN flood to port 80, b) By exploiting the service using the port, such as an SQL injection attack against web application using Port 443 c) By brute-forcing the login forms, d) By using default usernames or passwords, such as accessing to wireless modem management interface by default username: admin/password: admin credentialsSection-4: Scanning for Top 1000 Ports Top 1000 ports are a list of statistically most popular 1000 ports used by the network-enabled applications and services. In this lab, you will scan the same target (Metasploitable) to check for the top 1000 ports. 1) Type in nmap 192.168.2.14 -n --top-ports 1000 --open in the terminal window. --open switch only shows the open ports on the target machine. 2) Now, type in the command with an extra switch -sV: nmap 192.168.2.14 -n --top-ports 1000 --open -sV sV switch fingerprints the service running on the port. Take a screenshot of the terminal window. Section-5: OS (Operating System) Detection by using Nmap One of Nmap's features is remote OS detection by using TCP/IP stack fingerprinting. In this lab, you will detect the operating
systems of the live hosts in the 192.168.2.0/24 network. 1) Type in nmap 192.168.2.0/24 -n -O --osscan-guess Note that you have to make the "O" letter uppercase. Notice the operating system info at the command output. Find the command output showing the operating system of 192.168.2.12 and Take a screenshot of the terminal window. Section-6: Vulnerability Scanning by Using Nmap Now, it is time to perform vulnerability scanning by using Nmap. The first vulnerability will be the use of an FTP service with anonymous login is enabled. In the previous lab, you found that 192.168.2.14 (Metasploitable) has the FTP service enable. Let's check whether it has anonymous login enabled. Anonymous login is a common feature among FTP services. 1) Type in nmap 192.168.2.14 -n --script ftp-anon -p 21 in the terminal window. In this command, you use Nmap scripts, which is a powerful and flexible feature of Nmap. Nmap scripting engine allows security researchers to prepare scripts to perform particular tasks such as finding FTP services (port 21) with anonymous login is enabled. In this section, you used anonymous ftp logins detect script (ftp-anon). Now, you will use another Nmap script to detect SMB vulnerability. SMB is a standard protocol used by the Windows operating system to share files and printers among computers. You check another host (192.168.2.13) for any SMB protocol vulnerability. 192.168.2.13 is a Windows computer. In Section- 5, you detected the operating system of this host remotely as Windows 7. 2) Type in
nmap 192.168.2.13 -n --script smb-vuln* -p 445 In this example, you used a wild chart. smb-vuln* use all scripts which start with "smb-vuln." Take a screenshot of the terminal window. Weekly Learning and Reflection In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class. image2.png

Recommended

Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 

Recommended

Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Harsh Desai
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Lab-2 Buffer Overflow In this lab, you will gain insight
Lab-2 Buffer Overflow In this lab, you will gain insightLab-2 Buffer Overflow In this lab, you will gain insight
Lab-2 Buffer Overflow In this lab, you will gain insightsimisterchristen
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxpauline234567
 
This Assignment consists of Amazon Web services
This Assignment consists of Amazon Web servicesThis Assignment consists of Amazon Web services
This Assignment consists of Amazon Web servicesMahesh688216
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationAsep Sopyan
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Dane presentation
Dane presentationDane presentation
Dane presentationAnkit Singh
 
The Art of Grey-Box Attack
The Art of Grey-Box AttackThe Art of Grey-Box Attack
The Art of Grey-Box AttackPrathan Phongthiproek
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basicsamiable_indian
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityIOSR Journals
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 
MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docx
MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docxMGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docx
MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docxLaticiaGrissomzz
 
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docx
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docxMEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docx
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docxLaticiaGrissomzz
 

More Related Content

Similar to Lab-5 Scanning and Enumeration Reconnaissance and inform.docx

A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Lab-2 Buffer Overflow In this lab, you will gain insight
Lab-2 Buffer Overflow In this lab, you will gain insightLab-2 Buffer Overflow In this lab, you will gain insight
Lab-2 Buffer Overflow In this lab, you will gain insightsimisterchristen
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxpauline234567
 
This Assignment consists of Amazon Web services
This Assignment consists of Amazon Web servicesThis Assignment consists of Amazon Web services
This Assignment consists of Amazon Web servicesMahesh688216
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationAsep Sopyan
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Dane presentation
Dane presentationDane presentation
Dane presentationAnkit Singh
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityIOSR Journals
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Nikhil Raj
 

Similar to Lab-5 Scanning and Enumeration Reconnaissance and inform.docx (20)

Nmap commands
Nmap commandsNmap commands
Nmap commands
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Lab-2 Buffer Overflow In this lab, you will gain insight
Lab-2 Buffer Overflow In this lab, you will gain insightLab-2 Buffer Overflow In this lab, you will gain insight
Lab-2 Buffer Overflow In this lab, you will gain insight
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
 
This Assignment consists of Amazon Web services
This Assignment consists of Amazon Web servicesThis Assignment consists of Amazon Web services
This Assignment consists of Amazon Web services
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumeration
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Dane presentation
Dane presentationDane presentation
Dane presentation
 
The Art of Grey-Box Attack
The Art of Grey-Box AttackThe Art of Grey-Box Attack
The Art of Grey-Box Attack
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 

More from LaticiaGrissomzz

MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docx
MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docxMGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docx
MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docxLaticiaGrissomzz
 
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docx
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docxMEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docx
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docxLaticiaGrissomzz
 
Mass MurderersIn the aftermath of mass murders, the news media a.docx
Mass MurderersIn the aftermath of mass murders, the news media a.docxMass MurderersIn the aftermath of mass murders, the news media a.docx
Mass MurderersIn the aftermath of mass murders, the news media a.docxLaticiaGrissomzz
 
Marketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docx
Marketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docxMarketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docx
Marketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docxLaticiaGrissomzz
 
MGT 4337 Business Policy and Decision Making Module 3 .docx
MGT 4337 Business Policy and Decision Making Module 3 .docxMGT 4337 Business Policy and Decision Making Module 3 .docx
MGT 4337 Business Policy and Decision Making Module 3 .docxLaticiaGrissomzz
 
MedWatch The FDA Safety Information and Adverse Event Reporting.docx
MedWatch The FDA Safety Information and Adverse Event Reporting.docxMedWatch The FDA Safety Information and Adverse Event Reporting.docx
MedWatch The FDA Safety Information and Adverse Event Reporting.docxLaticiaGrissomzz
 
Mass Murderers and Serial KillersReview the two case studies out.docx
Mass Murderers and Serial KillersReview the two case studies out.docxMass Murderers and Serial KillersReview the two case studies out.docx
Mass Murderers and Serial KillersReview the two case studies out.docxLaticiaGrissomzz
 
Memorandum of Understanding The Norwalk Agreement” .docx
Memorandum of Understanding The Norwalk Agreement” .docxMemorandum of Understanding The Norwalk Agreement” .docx
Memorandum of Understanding The Norwalk Agreement” .docxLaticiaGrissomzz
 
Minimum of 200 words Briefly share a situation in which you h.docx
Minimum of 200 words Briefly share a situation in which you h.docxMinimum of 200 words Briefly share a situation in which you h.docx
Minimum of 200 words Briefly share a situation in which you h.docxLaticiaGrissomzz
 
MGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docx
MGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docxMGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docx
MGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docxLaticiaGrissomzz
 
Meeting or Beating Analyst Expectations in thePost-Scandals .docx
Meeting or Beating Analyst Expectations in thePost-Scandals .docxMeeting or Beating Analyst Expectations in thePost-Scandals .docx
Meeting or Beating Analyst Expectations in thePost-Scandals .docxLaticiaGrissomzz
 
Mental Status ExaminationThe patient is who is 70 years old who.docx
Mental Status ExaminationThe patient is who is 70 years old who.docxMental Status ExaminationThe patient is who is 70 years old who.docx
Mental Status ExaminationThe patient is who is 70 years old who.docxLaticiaGrissomzz
 
MEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docx
MEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docxMEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docx
MEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docxLaticiaGrissomzz
 
Memo ToSally JonesFromJames StudentDate Ja.docx
Memo ToSally JonesFromJames StudentDate Ja.docxMemo ToSally JonesFromJames StudentDate Ja.docx
Memo ToSally JonesFromJames StudentDate Ja.docxLaticiaGrissomzz
 
Metabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docx
Metabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docxMetabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docx
Metabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docxLaticiaGrissomzz
 
McDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docx
McDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docxMcDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docx
McDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docxLaticiaGrissomzz
 
may use One of the following formats for reflection.; all conc.docx
may use One of the following formats for reflection.; all conc.docxmay use One of the following formats for reflection.; all conc.docx
may use One of the following formats for reflection.; all conc.docxLaticiaGrissomzz
 
master budget problem. only part B  in attached filePa.docx
master budget problem. only part B  in attached filePa.docxmaster budget problem. only part B  in attached filePa.docx
master budget problem. only part B  in attached filePa.docxLaticiaGrissomzz
 
MAT 133 Milestone One Guidelines and Rubric Overview .docx
MAT 133 Milestone One Guidelines and Rubric Overview .docxMAT 133 Milestone One Guidelines and Rubric Overview .docx
MAT 133 Milestone One Guidelines and Rubric Overview .docxLaticiaGrissomzz
 
Master of Business Analytics BUS5AP .docx
Master of Business Analytics BUS5AP .docxMaster of Business Analytics BUS5AP .docx
Master of Business Analytics BUS5AP .docxLaticiaGrissomzz
 

More from LaticiaGrissomzz (20)

MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docx
MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docxMGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docx
MGMT665, MBA CapstoneLive Chat #3 Focus on Organizatio.docx
 
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docx
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docxMEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docx
MEDICAL IMAGING THROUGH HEALTHCARE 17MEDICAL IMAGING THRO.docx
 
Mass MurderersIn the aftermath of mass murders, the news media a.docx
Mass MurderersIn the aftermath of mass murders, the news media a.docxMass MurderersIn the aftermath of mass murders, the news media a.docx
Mass MurderersIn the aftermath of mass murders, the news media a.docx
 
Marketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docx
Marketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docxMarketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docx
Marketing Plan Goals, Objectives, and Strategy WorksheetIII.M.docx
 
MGT 4337 Business Policy and Decision Making Module 3 .docx
MGT 4337 Business Policy and Decision Making Module 3 .docxMGT 4337 Business Policy and Decision Making Module 3 .docx
MGT 4337 Business Policy and Decision Making Module 3 .docx
 
MedWatch The FDA Safety Information and Adverse Event Reporting.docx
MedWatch The FDA Safety Information and Adverse Event Reporting.docxMedWatch The FDA Safety Information and Adverse Event Reporting.docx
MedWatch The FDA Safety Information and Adverse Event Reporting.docx
 
Mass Murderers and Serial KillersReview the two case studies out.docx
Mass Murderers and Serial KillersReview the two case studies out.docxMass Murderers and Serial KillersReview the two case studies out.docx
Mass Murderers and Serial KillersReview the two case studies out.docx
 
Memorandum of Understanding The Norwalk Agreement” .docx
Memorandum of Understanding The Norwalk Agreement” .docxMemorandum of Understanding The Norwalk Agreement” .docx
Memorandum of Understanding The Norwalk Agreement” .docx
 
Minimum of 200 words Briefly share a situation in which you h.docx
Minimum of 200 words Briefly share a situation in which you h.docxMinimum of 200 words Briefly share a situation in which you h.docx
Minimum of 200 words Briefly share a situation in which you h.docx
 
MGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docx
MGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docxMGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docx
MGT576 v1Learning OrganizationsMGT576 v1Page 3 of 3Lea.docx
 
Meeting or Beating Analyst Expectations in thePost-Scandals .docx
Meeting or Beating Analyst Expectations in thePost-Scandals .docxMeeting or Beating Analyst Expectations in thePost-Scandals .docx
Meeting or Beating Analyst Expectations in thePost-Scandals .docx
 
Mental Status ExaminationThe patient is who is 70 years old who.docx
Mental Status ExaminationThe patient is who is 70 years old who.docxMental Status ExaminationThe patient is who is 70 years old who.docx
Mental Status ExaminationThe patient is who is 70 years old who.docx
 
MEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docx
MEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docxMEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docx
MEMODate SEPTEMBER 29, 2022 To CITY OF COLUMBUS MA.docx
 
Memo ToSally JonesFromJames StudentDate Ja.docx
Memo ToSally JonesFromJames StudentDate Ja.docxMemo ToSally JonesFromJames StudentDate Ja.docx
Memo ToSally JonesFromJames StudentDate Ja.docx
 
Metabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docx
Metabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docxMetabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docx
Metabolic acidosis A decrease in serum HCO3 of less than 24 mEqL.docx
 
McDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docx
McDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docxMcDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docx
McDonald’s—The Coffee Spill Heard ’Round the WorldThe McDonald’s.docx
 
may use One of the following formats for reflection.; all conc.docx
may use One of the following formats for reflection.; all conc.docxmay use One of the following formats for reflection.; all conc.docx
may use One of the following formats for reflection.; all conc.docx
 
master budget problem. only part B  in attached filePa.docx
master budget problem. only part B  in attached filePa.docxmaster budget problem. only part B  in attached filePa.docx
master budget problem. only part B  in attached filePa.docx
 
MAT 133 Milestone One Guidelines and Rubric Overview .docx
MAT 133 Milestone One Guidelines and Rubric Overview .docxMAT 133 Milestone One Guidelines and Rubric Overview .docx
MAT 133 Milestone One Guidelines and Rubric Overview .docx
 
Master of Business Analytics BUS5AP .docx
Master of Business Analytics BUS5AP .docxMaster of Business Analytics BUS5AP .docx
Master of Business Analytics BUS5AP .docx
 

Recently uploaded

Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 

Recently uploaded (20)

OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 

Lab-5 Scanning and Enumeration Reconnaissance and inform.docx

  • 1. Lab-5: Scanning and Enumeration Reconnaissance and information gathering methods were passive methods, meaning that they did not cause any alarm, alerts, and log file creation on the target systems: franklin.edu computers. In Lab-5, you will actively scan and enumerate target systems. These actions would cause some log files and probably trigger alerts if the target systems were used by a sensitive organization, such as a military or financial institution. You will perform Lab-5 by using the Netlab environment provided by Franklin University. Netlab environment is an isolated environment with no Internet connection so that none of your actions will cause anything harmful for you or the target system. Section-1: Scan the Network Using nbtscan Tool nbtscan is used for scanning networks to obtain NetBIOS names, file shares, and other information. It is one of the tools that come with Kali Linux. Nbtscan is a convenient tool to scan the active computers on the network quickly. Windows machines have NetBIOS names by default. Linux/Unix computer may also have NetBIOS names if the Samba interoperability suite is installed. Before starting scanning the network from Kali Linux, you have to learn the network address first. 1) Enter the Netlab environment 2) Open Kali Linux and enter the password (password: toor) 3) Open a terminal window 4) Type this command: ifconfig The IP address of your computer is 192.168.2.10, and the netmask is 255.255.255.0. That means the network address is 192.168.2.0/24. You will use this in your nbtscan.
  • 2. 5) Run a nbtscan by typing nbtscan 192.168.2.0/24 to the terminal window. You will see all active computers along with IP addresses, NetBIOS names, and MAC addresses. That is an essential piece of information for a pentester and can be regarded as your initial attack surface. Take a screenshot of the terminal window. Section-2: Scan the Network by Using Nmap You will perform another network scan by using a more versatile tool called Nmap. Nmap is one of the swiss knives of the pen-testers. It is a free and open-source tool and comes with Kali Linux. Nmap has many different scanning options; it can even perform vulnerability scanning in addition to network and host scanning. In this lab, you will first use Nmap's network/host scanning features, and then you will perform vulnerability scanning with Nmap. 1) Type in nmap 192.168.2.0/24 -n -sn in the terminal window. Take a screenshot of the terminal window. Type in mannmap in the terminal window to see the help page of the Nmap tool. Find why you used n and sn options. Section-3: Perform a Port Scan Against a Host In the previous section, you scanned the network by using Nmap. In this section, you will scan a specific host for open ports. 1) Type in nmap 192.168.2.14 -n in the terminal window. Take a screenshot of the terminal window.
  • 3. 192.168.2.14 is the Metasploitable machine. There are many open ports on this machine. It is an intentionally vulnerable Linux machine used for training purposes. As the pentester, you determined your initial attack surface using nbtscan and nmap tools, which can be thought of as the active computers on the network. The list of open ports of the Metasploitable computer is also an attack surface specific to a host. An open port can be considered one of the most valuable attack surfaces. Because an attacker can attack computers by using open ports in many ways, such as: a) By flooding the port, such as SYN flood to port 80, b) By exploiting the service using the port, such as an SQL injection attack against web application using Port 443 c) By brute-forcing the login forms, d) By using default usernames or passwords, such as accessing to wireless modem management interface by default username: admin/password: admin credentialsSection-4: Scanning for Top 1000 Ports Top 1000 ports are a list of statistically most popular 1000 ports used by the network-enabled applications and services. In this lab, you will scan the same target (Metasploitable) to check for the top 1000 ports. 1) Type in nmap 192.168.2.14 -n --top-ports 1000 --open in the terminal window. --open switch only shows the open ports on the target machine. 2) Now, type in the command with an extra switch -sV: nmap 192.168.2.14 -n --top-ports 1000 --open -sV sV switch fingerprints the service running on the port. Take a screenshot of the terminal window. Section-5: OS (Operating System) Detection by using Nmap One of Nmap's features is remote OS detection by using TCP/IP stack fingerprinting. In this lab, you will detect the operating
  • 4. systems of the live hosts in the 192.168.2.0/24 network. 1) Type in nmap 192.168.2.0/24 -n -O --osscan-guess Note that you have to make the "O" letter uppercase. Notice the operating system info at the command output. Find the command output showing the operating system of 192.168.2.12 and Take a screenshot of the terminal window. Section-6: Vulnerability Scanning by Using Nmap Now, it is time to perform vulnerability scanning by using Nmap. The first vulnerability will be the use of an FTP service with anonymous login is enabled. In the previous lab, you found that 192.168.2.14 (Metasploitable) has the FTP service enable. Let's check whether it has anonymous login enabled. Anonymous login is a common feature among FTP services. 1) Type in nmap 192.168.2.14 -n --script ftp-anon -p 21 in the terminal window. In this command, you use Nmap scripts, which is a powerful and flexible feature of Nmap. Nmap scripting engine allows security researchers to prepare scripts to perform particular tasks such as finding FTP services (port 21) with anonymous login is enabled. In this section, you used anonymous ftp logins detect script (ftp-anon). Now, you will use another Nmap script to detect SMB vulnerability. SMB is a standard protocol used by the Windows operating system to share files and printers among computers. You check another host (192.168.2.13) for any SMB protocol vulnerability. 192.168.2.13 is a Windows computer. In Section- 5, you detected the operating system of this host remotely as Windows 7. 2) Type in
  • 5. nmap 192.168.2.13 -n --script smb-vuln* -p 445 In this example, you used a wild chart. smb-vuln* use all scripts which start with "smb-vuln." Take a screenshot of the terminal window. Weekly Learning and Reflection In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class. image2.png