This document provides instructions for conducting a network scan of systems and resources using Advanced IP Scanner. The objectives are to perform a local network scan to discover all resources, enumerate user accounts, execute remote penetration tests, and gather information about local network computers. Students are instructed to launch Advanced IP Scanner on the attacker machine and use it to scan the network of the victim machine in order to identify devices, live hosts, open ports, and vulnerabilities. The results of the network scan should then be analyzed and documented.
El documento describe un ataque Man-in-the-middle (MitM), en el que un atacante puede interceptar y manipular la comunicación entre dos partes sin su conocimiento. La mayoría de los sistemas criptográficos requieren un canal seguro adicional para la autenticación para defenderse contra este tipo de ataques. Algunas defensas incluyen el uso de claves públicas, autenticación mutua fuerte y claves secretas compartidas de alta entropía.
This document discusses intrusion detection systems (IDS), which monitor networks and systems for malicious activity such as malware, attacks, and unauthorized access. An IDS typically consists of sensors to detect security events, an engine to analyze the events and generate alerts, and a console for administrators to monitor alerts and configure sensors. Network and host-based IDS monitor network traffic and host activities respectively. IDS can detect a wider range of attacks than firewalls by analyzing network traffic and system behaviors.
The document discusses demilitarized zones (DMZs) in computer networks. A DMZ is a small subnetwork located between a company's private network and the outside public network. It contains devices like web, FTP, and email servers that are accessible to internet traffic but isolated from the internal network. DMZs provide enhanced security by separating internal and external networks, and only allowing specific services that need to be accessed from the outside. The document outlines common DMZ architectures, security considerations, and the types of servers and services typically located in a DMZ.
The document discusses cyber risks, data privacy breaches, and the regulatory environment surrounding cybersecurity and privacy. It defines cyber risks as those involving computers, the internet, and electronic data. Data breaches involve unauthorized access to or use of sensitive data like financial, health, or personal information. Regulations require notification of breaches and establish security practices. The value of data and risks of breaches impact organizations financially and to their reputation. Cyber insurance can help cover costs of breaches, investigations, liability, and business interruptions.
The document discusses computer and network security threats. It covers several types of threats including passive threats like interception and traffic analysis, and active threats such as masquerade attacks, message modification, and denial-of-service attacks. The document also discusses vulnerabilities, different forms of malware like viruses, worms, Trojan horses, and spyware, as well as common network security attacks and the assets they can target. Network security aims to protect the confidentiality, integrity, and availability of data on a network.
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReZa AdineH
in this presentation we will review all concepts related to event correlation.
Event correlation is the most important concepts in Log management and analysis.
if you considering attack detection and incident detection, it is the fundamental of these topics.
in this presentation we will familiar with event correlation definition, event correlation types and event correlation approaches.
it is simple presentation gathered and presented by Reza Adineh as an instructor in 2018.
Hope to enjoy.
----------------------------------------------
این ارائه در سال 2018 میلادی توسط رضا آدینه تهیه و تدوین شده است.
موضوع این ارائه معرفی مفهوم همبسته سازی، انواع روشها و رویکردهای موجود برای همبسته سازی است که در عموم راهکارهای مدیریت رخداد بکار می رود.
El documento describe un ataque Man-in-the-middle (MitM), en el que un atacante puede interceptar y manipular la comunicación entre dos partes sin su conocimiento. La mayoría de los sistemas criptográficos requieren un canal seguro adicional para la autenticación para defenderse contra este tipo de ataques. Algunas defensas incluyen el uso de claves públicas, autenticación mutua fuerte y claves secretas compartidas de alta entropía.
This document discusses intrusion detection systems (IDS), which monitor networks and systems for malicious activity such as malware, attacks, and unauthorized access. An IDS typically consists of sensors to detect security events, an engine to analyze the events and generate alerts, and a console for administrators to monitor alerts and configure sensors. Network and host-based IDS monitor network traffic and host activities respectively. IDS can detect a wider range of attacks than firewalls by analyzing network traffic and system behaviors.
The document discusses demilitarized zones (DMZs) in computer networks. A DMZ is a small subnetwork located between a company's private network and the outside public network. It contains devices like web, FTP, and email servers that are accessible to internet traffic but isolated from the internal network. DMZs provide enhanced security by separating internal and external networks, and only allowing specific services that need to be accessed from the outside. The document outlines common DMZ architectures, security considerations, and the types of servers and services typically located in a DMZ.
The document discusses cyber risks, data privacy breaches, and the regulatory environment surrounding cybersecurity and privacy. It defines cyber risks as those involving computers, the internet, and electronic data. Data breaches involve unauthorized access to or use of sensitive data like financial, health, or personal information. Regulations require notification of breaches and establish security practices. The value of data and risks of breaches impact organizations financially and to their reputation. Cyber insurance can help cover costs of breaches, investigations, liability, and business interruptions.
The document discusses computer and network security threats. It covers several types of threats including passive threats like interception and traffic analysis, and active threats such as masquerade attacks, message modification, and denial-of-service attacks. The document also discusses vulnerabilities, different forms of malware like viruses, worms, Trojan horses, and spyware, as well as common network security attacks and the assets they can target. Network security aims to protect the confidentiality, integrity, and availability of data on a network.
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReZa AdineH
in this presentation we will review all concepts related to event correlation.
Event correlation is the most important concepts in Log management and analysis.
if you considering attack detection and incident detection, it is the fundamental of these topics.
in this presentation we will familiar with event correlation definition, event correlation types and event correlation approaches.
it is simple presentation gathered and presented by Reza Adineh as an instructor in 2018.
Hope to enjoy.
----------------------------------------------
این ارائه در سال 2018 میلادی توسط رضا آدینه تهیه و تدوین شده است.
موضوع این ارائه معرفی مفهوم همبسته سازی، انواع روشها و رویکردهای موجود برای همبسته سازی است که در عموم راهکارهای مدیریت رخداد بکار می رود.
Firewalls act as a choke point between networks to control and monitor traffic. Packet filters examine each IP packet to allow or deny services based on rules, while stateful packet filters track client-server sessions to better detect invalid packets. Application proxies have full access to protocols and validate requests before fulfilling them, but cannot support all services. Circuit gateways relay TCP connections between trusted internal users and external networks. Bastion hosts are highly secured systems that may run gateway or service functions with connections to multiple networks. Access control determines what resources users can access based on their identity and the classification of the protected objects.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
This document provides information about the Security Lab course conducted at R.M.K. College of Engineering and Technology. It lists the objectives of the course as exposing students to cipher techniques, encryption algorithms like DES, RSA, MD5 and SHA-1, and security tools like GnuPG, KF Sensor and NetStumbler. It provides details of 8 experiments to be performed in the lab related to substitution and transposition ciphers, encryption algorithms, digital signatures, secure data storage and transmission, honeypot setup, rootkit installation and intrusion detection. It also lists the expected outcomes, lab equipment requirements and software to be used for the course.
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
The internet and different computing devices from desktop computers to smartphones have raised many security and privacy concerns, and the need to automate systems that detect attacks on these networks has emerged in order to be able to protect these networks with scale. And while traditional intrusion detection methods may be able to detect previously known attacks, the issue of dealing with new unknown attacks arises and that brings machine learning as a strong candidate to solve these challenges.
In this report, we investigate the use of machine learning in detecting network attacks, intrusion detection, by looking at work that has been done in this field. Particularly we look at the work that has been done by Pasocal et al.
In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization. It is all about the physical security of the of the organization using the information technology and for the purpose of the restricting the access of unauthorized people and unauthorized employees. Saving your organization physically.
This document provides an overview of cryptography and network security concepts from the textbook "Cryptography & Network Security" by William Stallings. It covers topics like confidentiality, integrity, availability, security threats/attacks, security services, security mechanisms, and the OSI security architecture. The document includes chapter objectives, definitions of key terms, descriptions of security concepts, examples, and review questions. The overall purpose is to introduce fundamental cryptography and network security principles.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
A hash function is a mathematical function that converts a variable length input into a fixed length output called a hash value. Hash functions are commonly used to verify data integrity and authenticate digital signatures. They have several key properties including producing identical hashes for identical inputs, being very difficult to reverse to find the original input, and being collision resistant such that it is very unlikely two different inputs will produce the same hash. Common uses of hash functions include storing passwords securely, digital signatures, and file integrity verification.
Slides from our latest webinar "Top 5 Security Threats Facing Businesses Today." Whether or not they are truly the top 5 most dangerous threats may be debatable but the threat they pose to a businesses network are not. Enjoy!
This document provides an overview of cyber security topics including wireless networks, types of attacks, security goals, computer forensics, security threats, examples of cyber crimes, ransomware attacks, strong passwords, malicious code, programming bugs, cryptography, digital signatures, security procedures, guidelines, security laws, intellectual property rights, and security audits. It discusses key concepts such as confidentiality, integrity, and availability as goals for security and describes common cyber crimes like identity theft, hacking, and credit card fraud.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Cybersecurity involves protecting individuals, businesses, and critical infrastructure from threats arising from computer and internet use. It addresses both external attacks by remote agents exploiting vulnerabilities, as well as insider threats from valid users. Cybersecurity deals with a range of technical and human factors, as vulnerabilities usually stem from a mix of these. Key concerns include malware, cyber attacks aiming to cause damage or steal data, and accidental incidents that can also lead to losses.
This document provides an agenda and introduction to operationalizing a cyber security operations center (SOC) using Splunk, a security information and event management (SIEM) solution. It discusses implementing Splunk to detect, control, and resolve various cyber attacks and threats. The document outlines the project components, including Cisco and Windows servers, Ubuntu, and Splunk. It also describes using Splunk to index and analyze log data from multiple sources to help detect issues like brute force attacks and insider threats.
This document discusses keyloggers, malware detection, and forensic investigation of infected systems. It defines keyloggers as hardware or software that captures keystrokes and malware as malicious software like viruses and Trojans. It provides tips for detecting keyloggers and malware through artifacts in the system, registry, prefetch files, and suspicious files and entries. It outlines methods for determining the infection source and timeline, and identifying captured data, attacker information, and next steps for investigators.
The Ethernet LAN has many security weaknesses when facing attacks externally and internally. This Presentation will helps user How they can Secure there LAN Network From unwanted threats
The document discusses key concepts in information security including confidentiality, integrity, availability, threats, attacks, and security design principles. It defines confidentiality as limiting access to authorized parties only, integrity as ensuring information is precise and unmodified, and availability as ensuring timely access. Both active attacks, which modify information, and passive attacks, which observe without modifying, are described. The document also discusses security functional requirements, attack surfaces, and how considering the entire system is important for computer security.
Convegencia de Infraestructuras existentes hacia voip con AsteriskAlberto Sagredo Castro
Este documento describe cómo migrar una infraestructura DECT existente a VoIP usando Asterisk. Se explica cómo configurar las extensiones SIP para cada terminal DECT y registrarlos en la base DECT/SIP. También se mencionan algunos problemas comunes como conflictos de IRQ y errores HDLC que podrían ocurrir durante la implementación.
Este documento describe los pasos para actualizar un sistema MX-ONE de MD110 a RAI5. Estos incluyen retirar placas como LPU5 y LSU e instalar nuevas como LSU-E, DSU/14 e IPLU. También involucran desconectar y volver a conectar cables entre estas placas nuevas y existentes para reconfigurar la red. Se provee documentación adicional sobre el parcheo de la red local y un esquema general del sistema actualizado.
Firewalls act as a choke point between networks to control and monitor traffic. Packet filters examine each IP packet to allow or deny services based on rules, while stateful packet filters track client-server sessions to better detect invalid packets. Application proxies have full access to protocols and validate requests before fulfilling them, but cannot support all services. Circuit gateways relay TCP connections between trusted internal users and external networks. Bastion hosts are highly secured systems that may run gateway or service functions with connections to multiple networks. Access control determines what resources users can access based on their identity and the classification of the protected objects.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
This document provides information about the Security Lab course conducted at R.M.K. College of Engineering and Technology. It lists the objectives of the course as exposing students to cipher techniques, encryption algorithms like DES, RSA, MD5 and SHA-1, and security tools like GnuPG, KF Sensor and NetStumbler. It provides details of 8 experiments to be performed in the lab related to substitution and transposition ciphers, encryption algorithms, digital signatures, secure data storage and transmission, honeypot setup, rootkit installation and intrusion detection. It also lists the expected outcomes, lab equipment requirements and software to be used for the course.
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
The internet and different computing devices from desktop computers to smartphones have raised many security and privacy concerns, and the need to automate systems that detect attacks on these networks has emerged in order to be able to protect these networks with scale. And while traditional intrusion detection methods may be able to detect previously known attacks, the issue of dealing with new unknown attacks arises and that brings machine learning as a strong candidate to solve these challenges.
In this report, we investigate the use of machine learning in detecting network attacks, intrusion detection, by looking at work that has been done in this field. Particularly we look at the work that has been done by Pasocal et al.
In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization. It is all about the physical security of the of the organization using the information technology and for the purpose of the restricting the access of unauthorized people and unauthorized employees. Saving your organization physically.
This document provides an overview of cryptography and network security concepts from the textbook "Cryptography & Network Security" by William Stallings. It covers topics like confidentiality, integrity, availability, security threats/attacks, security services, security mechanisms, and the OSI security architecture. The document includes chapter objectives, definitions of key terms, descriptions of security concepts, examples, and review questions. The overall purpose is to introduce fundamental cryptography and network security principles.
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
A hash function is a mathematical function that converts a variable length input into a fixed length output called a hash value. Hash functions are commonly used to verify data integrity and authenticate digital signatures. They have several key properties including producing identical hashes for identical inputs, being very difficult to reverse to find the original input, and being collision resistant such that it is very unlikely two different inputs will produce the same hash. Common uses of hash functions include storing passwords securely, digital signatures, and file integrity verification.
Slides from our latest webinar "Top 5 Security Threats Facing Businesses Today." Whether or not they are truly the top 5 most dangerous threats may be debatable but the threat they pose to a businesses network are not. Enjoy!
This document provides an overview of cyber security topics including wireless networks, types of attacks, security goals, computer forensics, security threats, examples of cyber crimes, ransomware attacks, strong passwords, malicious code, programming bugs, cryptography, digital signatures, security procedures, guidelines, security laws, intellectual property rights, and security audits. It discusses key concepts such as confidentiality, integrity, and availability as goals for security and describes common cyber crimes like identity theft, hacking, and credit card fraud.
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
Cybersecurity involves protecting individuals, businesses, and critical infrastructure from threats arising from computer and internet use. It addresses both external attacks by remote agents exploiting vulnerabilities, as well as insider threats from valid users. Cybersecurity deals with a range of technical and human factors, as vulnerabilities usually stem from a mix of these. Key concerns include malware, cyber attacks aiming to cause damage or steal data, and accidental incidents that can also lead to losses.
This document provides an agenda and introduction to operationalizing a cyber security operations center (SOC) using Splunk, a security information and event management (SIEM) solution. It discusses implementing Splunk to detect, control, and resolve various cyber attacks and threats. The document outlines the project components, including Cisco and Windows servers, Ubuntu, and Splunk. It also describes using Splunk to index and analyze log data from multiple sources to help detect issues like brute force attacks and insider threats.
This document discusses keyloggers, malware detection, and forensic investigation of infected systems. It defines keyloggers as hardware or software that captures keystrokes and malware as malicious software like viruses and Trojans. It provides tips for detecting keyloggers and malware through artifacts in the system, registry, prefetch files, and suspicious files and entries. It outlines methods for determining the infection source and timeline, and identifying captured data, attacker information, and next steps for investigators.
The Ethernet LAN has many security weaknesses when facing attacks externally and internally. This Presentation will helps user How they can Secure there LAN Network From unwanted threats
The document discusses key concepts in information security including confidentiality, integrity, availability, threats, attacks, and security design principles. It defines confidentiality as limiting access to authorized parties only, integrity as ensuring information is precise and unmodified, and availability as ensuring timely access. Both active attacks, which modify information, and passive attacks, which observe without modifying, are described. The document also discusses security functional requirements, attack surfaces, and how considering the entire system is important for computer security.
Convegencia de Infraestructuras existentes hacia voip con AsteriskAlberto Sagredo Castro
Este documento describe cómo migrar una infraestructura DECT existente a VoIP usando Asterisk. Se explica cómo configurar las extensiones SIP para cada terminal DECT y registrarlos en la base DECT/SIP. También se mencionan algunos problemas comunes como conflictos de IRQ y errores HDLC que podrían ocurrir durante la implementación.
Este documento describe los pasos para actualizar un sistema MX-ONE de MD110 a RAI5. Estos incluyen retirar placas como LPU5 y LSU e instalar nuevas como LSU-E, DSU/14 e IPLU. También involucran desconectar y volver a conectar cables entre estas placas nuevas y existentes para reconfigurar la red. Se provee documentación adicional sobre el parcheo de la red local y un esquema general del sistema actualizado.
This document discusses Denis Gallant's product innovation consulting services. It summarizes that:
1) Denis Gallant is a product management consultant with 25 years of experience helping companies develop the right products.
2) He offers services to help companies select the right ideas to develop, create targeted product concepts, and develop product plans that meet customer expectations and business goals.
3) His experience and track record can help companies establish a strong product foundation to support current products and future requirements with limited resources.
Bolsa De Trabajo Para Colecta Del Centro De Grabacion Para Ciegosguest2fab0b
La bolsa de trabajo del Centro de Grabación para Ciegos está realizando su colecta anual el 28 de abril de 8:30 a 13:00 hrs, donde los alumnos inscritos antes del 23 de abril recibirán el 20% de lo que recolecten. Los estudiantes deben presentarse ese día a las 8:00 hrs con la Srta. Isabel Ahumada para recoger las bolsas en la dirección indicada.
India E News Apr 9, 2009 Bulls Make A Comeback, Push Sensex Up 2 PercentJagannadham Thunuguntla
'This rally has caught quite a lot of people by surprise and has given a breathing space to investors,' said Jagannadham Thunuguntla, equity head at SMC Capitals.
'Markets were in a seemingly safe zone between 8,000 and 10,000, If you had bought in this zone you could have booked profits in the short-term and definitely in the long-run. However markets are now at the higher side of the safe zone and buying at this level does have higher short-term risks,' added Thunuguntla.
Dokumen tersebut berisi kumpulan soal matematika untuk tahun 2014 yang mencakup materi aljabar, geometri, statistika, peluang dan lainnya. Terdapat 40 soal yang mencakup berbagai aspek matematika.
Dokumen tersebut memberikan petunjuk teknis pengelolaan penilaian kurikulum 2013 untuk pengisian laporan hasil belajar peserta didik termasuk cara penilaian pengetahuan, keterampilan, dan sikap serta penentuan kriteria ketuntasan minimal."
Dokumen tersebut membahas tentang persamaan garis lurus yang saling sejajar dan tegak lurus, termasuk syarat-syarat dua garis agar sejajar atau tegak lurus, serta contoh soal dan pembahasan mengenai penentuan persamaan garis, gradien garis, dan hubungan antara dua garis.
As a manager, you try to evaluate people fairly and objectively. But evaluation, by its very nature, calls for your perceptions and judgments about an employee’s performance. Your perceptions are biased by your own value system.
In addition to keeping documentation, another way to reduce rater error is to be aware of some of the common biases that may affect your assessment.....
This document summarizes a study that examined how certain foods can help or hinder quitting smoking. The study found that non-carbonated drinks, fruits, dairy, and vegetables make cigarettes taste bad, reducing cravings, while coffee, alcohol, and meat make cigarettes taste better. It then discusses several foods that can help overcome cravings like oats, oranges, and tomatoes. It also discusses foods like water, fruits and vegetables that can help cleanse the body after quitting, and foods like bananas and apples that can help repair smoking damage.
The document discusses using the OmniPeek Network Analyzer tool to sniff network packets by capturing traffic on the Ethernet adapter and analyzing the incoming and outgoing packets to troubleshoot network performance and security issues like spoofing and man-in-the-middle attacks. It provides instructions on installing OmniPeek, creating a capture window to start sniffing network traffic between hosts, and viewing statistics and protocols from the captured data. The overall goal is to familiarize the user with network sniffing and packet analysis using OmniPeek.
Ceh v8 labs module 02 footprinting and reconnaissanceMehrdad Jingoism
This document provides an overview of footprinting and reconnaissance techniques used during a penetration test. It discusses how penetration testers meticulously gather information about a target network before attempting exploits. The lab objectives are to use ping and other tools to extract information about an organization like its IP address range, network topology, firewalls, and remote access methods. This information gathering process is an important first step of a penetration test to identify vulnerabilities while avoiding damaging the target system.
Vulnerability scanning evaluates an organization's systems and network to identify vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. The document discusses using the Advanced IP Scanner tool to perform a network scan on a target Windows Server 2008 system from a Windows 8 attacker system to check for live systems, open ports, and gather information about computers on the local network. It provides instructions on launching Advanced IP Scanner, entering an IP address range to scan, and viewing the scan results.
Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system. This lab demonstrates how to enumerate a target network using Nmap to obtain lists of computers, open ports, operating systems, machine names, and network services. Specifically, it shows scanning a Windows Server 2008 virtual machine to discover open NetBIOS ports 135, 139, and 445. Nmap output reveals the target is running Windows 7/Vista/2008. Further enumeration using nbtstat extracts additional information like computer names and user names from the target network.
The document discusses using Wireshark and an AirPcap wireless adapter to capture and analyze wireless network traffic including WEP-encrypted packets, with the objectives being to discover vulnerabilities in WEP encryption, protect an organization's wireless network by evaluating weaknesses in WEP, and help students understand wireless concepts and related threats.
Ceh v8 labs module 02 footprinting and reconnaissanceAsep Sopyan
Penetration testers begin the process of footprinting by gathering information about a target network without directly interacting with systems. The ping utility can be used to determine the IP address of a target, check connectivity, and identify the maximum frame size of the network. Footprinting involves meticulously studying publicly available information to gain insights that aid in penetration testing by revealing potential vulnerabilities and pathways for attacks.
This document provides instructions for a lab on configuring and using the open source intrusion detection system Snort to detect network intrusions. The objectives of the lab are to install and configure Snort to monitor network traffic, log alerts to a syslog server, and detect attacks. Students will learn how to set up Snort, validate the configuration, test it by carrying out attacks, and analyze intrusion detection logs.
LCP is a password cracking tool that can extract administrator passwords remotely. The lab demonstrates how to use LCP to crack the administrator password of a Windows Server 2012 system. Key steps include importing the remote computer's registry, selecting a cracking method like dictionary attack, and viewing any cracked passwords in the output window. The goal is to help students learn how easily hackers can obtain passwords and the importance of strong password policies.
Web applications are vulnerable to various attacks such as SQL injection, cross-site scripting, and session hijacking. This document provides instructions on how to test a vulnerable website called Powergym for parameter tampering and cross-site scripting attacks. Learners are shown how to manipulate website parameters to view details without proper authorization, demonstrating the risk of parameter tampering. Countermeasures like validating all parameters are recommended to prevent unauthorized access through tampering.
The document provides instructions for performing network enumeration using various tools. It describes enumeration as extracting usernames, machine names, shares, and services from a system. The objectives are to help students enumerate a target network to obtain lists of computers, users, groups, ports, resources, and services. It provides steps to use Nmap and nbtstat to scan IP addresses, identify open ports, determine operating systems, and extract NetBIOS information like computer names and usernames from target machines on the network.
Ceh v8 labs module 10 denial of serviceAsep Sopyan
The document describes how to perform a denial-of-service (DoS) attack using hping3. It provides instructions on launching BackTrack 5 r3 in a virtual machine, running hping3 to send a flood of SYN packets to a Windows 7 victim machine, and using Wireshark on the victim to observe the incoming SYN packets. The goal is to overload the victim's resources and render it unavailable by saturating it with external communication requests.
(1) The document describes how to perform various SQL injection attacks on a vulnerable web application connected to a Microsoft SQL database, including blind SQL injection, logging in without valid credentials, creating a new user account, creating a new database, and performing denial-of-service attacks.
(2) The objectives of the lab are to provide knowledge on SQL injection attacks and analyze web applications for vulnerabilities using tasks like logging in without valid credentials and creating user accounts and databases.
(3) The lab environment involves using two Windows computers, one as the attacker machine and one as the victim machine running Microsoft SQL Server.
Sniffing tools can capture network traffic to analyze packets and view sensitive information like usernames and passwords transmitted in cleartext. Network administrators can use these same tools legitimately to monitor network traffic and troubleshoot issues. This lab will demonstrate how to install and use the OmniPeek Network Analyzer to sniff network traffic between a host Windows Server 2012 machine and a Windows 8 virtual machine. The objectives are to familiarize students with network sniffing, packet analysis, and securing the network from attacks.
Ceh v8 labs module 06 trojans and backdoorsAsep Sopyan
The document provides instructions for a lab on creating a remote access Trojan using the ProRat tool. The objectives are to create a ProRat server by binding it to an image file, configure options like the server port and password, and send the infected file to a victim machine. Once executed on the victim, the ProRat server would allow remote access and control of the victim system. The lab demonstrates how easily Trojans can be used to gain unauthorized access to computers and networks.
The document provides instructions for creating a virus using the JPS Virus Maker tool. It details the objectives of creating viruses and worms to test a network, outlines the lab environment and tasks, and provides step-by-step directions for using the JPS Virus Maker tool to select options and generate a virus file. The goals are to understand how to make viruses and worms, observe their behavior, and determine if they are detected by security software or able to bypass the firewall.
The document is a presentation on security analytics and finding malicious activities by looking for anomalies in large amounts of data. It discusses challenges such as the increasing spending on cybersecurity while breaches continue to rise. It advocates collecting the right data from the right devices for long enough to enable detection. The presentation outlines techniques for analyzing endpoint, DNS, web proxy, network traffic, and DHCP logs to detect tactics used by adversaries. It emphasizes the importance of profiling normal behavior to identify deviations that could indicate security incidents.
The document discusses network scanning, which involves identifying live hosts, open ports, services, and vulnerabilities on a network. It describes how the Sality botnet was able to scan the entire IPv4 address space in a stealthy manner using "reverse-byte order scanning." Researchers observed this technique being used to map out vulnerable voice-over-IP servers while evading detection. The document also provides an overview of network scanning objectives and techniques.
Network Security Tools and applicationswebhostingguy
The document discusses network security best practices. It covers common network security risks due to issues with the TCP/IP protocol. It then discusses mistakes that users and IT professionals make that compromise security. The document outlines various security best practices for networks, firewalls, intrusion detection systems, and host-level security. These include recommendations around backups, access control, firewall configurations, personal firewalls, and keeping systems patched.
This document outlines the course for the Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker. The course covers topics such as introduction to ethical hacking, footprinting and reconnaissance, scanning networks, enumeration, and system hacking. It details specific methodologies, tools, attacks, and defenses for each of these areas to provide students with the skills of an ethical hacker to conduct security assessments and penetration tests. The course aims to teach students how to identify security vulnerabilities and protect systems by knowing how real-world attackers operate.
Similar to Ceh v8 labs module 03 scanning networks (20)
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
6. M o d u le 0 3 - S c a n n in g N e tw o rk s
/ 7A
dvancedIPScanner
w onW s S
orks
indow erver
2003/ Server 2008andon
W s 7(32bit, 64bit).
indow
■ If you decide to download the
in the lab might differ
■ A computer running W in d o w s
8
la t e s t v e r s io n ,
as die attacker (host machine)
■ Another computer running W in d o w s
machine)
■ A web browser widi In te rn e t
then screenshots shown
se rve r 2008
as die victim (virtual
access
■ Double-click ip s c a n 2 0 .m s i and follow die wizard-driven installation steps
to install Advanced IP Scanner
■
A d m in is tra tiv e
privileges to run diis tool
L a b D u r a t io n
Time: 20 Minutes
O v e r v ie w o f N e t w o r k S c a n n in g
Network scanning is performed to c o lle c t in fo rm a tio n about liv e s y s t e m s , open
ports, and n e tw o rk v u ln e ra b ilitie s. Gathered information is helpful in determining
t h r e a t s and v u ln e r a b ilitie s 111 a network and to know whether there are any
suspicious or u n a u th o rize d IP connections, which may enable data theft and cause
damage to resources.
Lab T asks
S
T A S K
1
1. Go to S ta r t by hovering die mouse cursor in die lower-left corner of die
desktop
L a u n c h in g
A d v a n c e d IP
Scann er
FIG R 1 :W s8- D
U E .1 indow
esktopview
2. Click A d v a n c e d
(Windows 8).
C E H Lab M anual Page 89
IP S c a n n e r
from die S ta r t menu in die attacker machine
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Coundl
A ll Rights Reserved. Reproduction is Strictly Prohibited
7. M o d u le 0 3 - S c a n n in g N e tw o rk s
Admin ^
S ta rt
WinRAR
Mozilla
Firefox
Command
Prompt
it t
Nc m
C om puter
m W A
ith dvancedIP
Scanner, youcanscan
hundreds ofIP addresses
sim
ultaneously.
M icrosoft
Clip
O rganizer
tS
Sports
Fngago
Packet
b uilder
2*
Advanced
IP Scanner
m
C ontrol
Panel
M icrosoft
O ffice 2010
Upload...
i i i l i l i
•
finance
FIG R 1 W s8- A
U E 2. indow
pps
3. The A d v a n c e d
IP S c a n n e r
main window appears.
Y canw any
ou
ake
m
achinerem w
otely ith
A
dvancedIP Scanner, if
theW
ake-on־LA feature
N
is supportedbyyour
netw card.
ork
FIG R 1 : T A
U E 3 he dvancedIPS
cannerm w
ain indow
4. Now launch die Windows Server 2008 virtual machine (v ic tim ’s
C E H Lab M anual Page 90
m a c h in e ).
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Coundl
A ll Rights Reserved. Reproduction is Strictly Prohibited
8. M o d u le 0 3 - S c a n n in g N e tw o rk s
L Y haveto guess a
_/ ou
rangeof IP address of
victimm
achine.
iik
O
jf f lc k 10:09 F J
M
FIG R 1 :T victimm W sserver2
U E .4 he
achine indow
008
a R in2.xand3.x
adm
Integrationenableyouto
connect (ifR inis
adm
installed) to rem
ote
com
puters w just one
ith
dick.
5. Now, switch back to die attacker machine (Windows 8) and enter an IP
address range in die S e le c t ra n g e field.
6. Click die S c a n button to start die scan.
The status of scanis
show at the bottomleft
n
sideofthew .
indow
7.
displays the s c a n
C E H Lab M anual Page 91
scans all die IP addresses within die range and
r e s u lt s after completion.
A d v a n c e d IP S c a n n e r
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Counc11
A ll Rights Reserved. Reproduction is Strictly Prohibited
9. M o d u le 0 3 - S c a n n in g N e tw o rk s
L of com
ists
puters
savingandloadingenable
youtoperformoperations
w aspecificlist of
ith
com
puters.Just savealist
ofm
achines youneedand
A
dvancedIPScanner loads
it at startupautom
atically.
A d v a n c e d IP Scanner
File
Actions
J►
Scar'
View
Heip
IP c d id 3? f i l :
Jl
Like us on
■ 1 Facebook
r=£k=3 r f t o
1.0 .11.0 .1
0 .0 -0 .0 0
R esits
|
Favorites |
r
Status
w
0
MAC address
10.0.a2
DO:67:ES:1A:16:36
00: 5:5D: A8:6E:C6
M icrosoft Corporation
Dell Inc
10.0.03
10.0.05
10.0.07
00:09:5B:AE:24CC
Dell Inc
Microsoft Corporation
10.0.a1
WIN-MSSELCK4K41
WINDOWS#
WIN*LXQN3WR3R9M
WIN-D39MR5H19E4
15
®
Manufacturer
Nlctgear, Inc.
10.0.0.1
*£> ט
® &
m G
roup O
perations:
A featureofA
ny
dvanced
IP Scanner can beused
w anynum of
ith
ber
selectedcom
puters. For
exam youcanrem
ple,
otely
shut dow acom
n
plete
com classw afew
puter
ith
dicks.
Settings
00:15:5D:A8:&E:03
D4:3E.-D9: C3:CE:2D
1
5a iv*, 0 d«J0, S unknown
FIG R 1 :TheA
U E .6
dvancedIPS
cannerm w
ain indowafterscanning
8. You can see in die above figure diat Advanced IP Scanner lias detected
die victim machine’s IP address and displays die status as alive
M
T A S K
2
Extract Victim’
s
IP Address Info
9. Right-click any of die detected IP addresses. It will list Wake-On-LAN. Shut
down, and Abort Shut d o w n
5־
F ie
A d v a n c e d IP Scanner
A ctions
Scan
Settings
View
Helo
II
ip c
u u
*
W
i
Like us on
Facebook
*sS:
1.0 .11.0 .1
0 .0 -0 .0 0
Resuts
Favorites |
Status
Name
1.0 .1
0 .0
IHLMItHMM,
WINDOWS8
hi
WIN-LXQN3WR3
WIN ־D39MR5HL<
1..1
0 01
0
—
t* p ׳ore
Copy
Add to ‘Favorites'
!
n
MAC address
to ru fa c tu re r
Netgear. In c
00:09:5B:AE:24CC
D0t67:E5j1A:16«36
M icrosoft Corporation
M icrosoft Corporation
□0:15 :צU: A8:ofc:Ot>
00:15:SD:A8:6E:03
Dell Inc
CW:BE:D9:C3:CE:2D
Rescan selected
Sive selected...
Wdke־O n־LAN
Shut dcwn...
Abort shut dcwn
W
ake-on-L N Y
A : ou
canw anym
ake
achine
rem w A
otely ith dvancedIP
Scanner, ifW
ake-on-LA
N
featureis supportedby
your netw card.
ork
Radrnir
a
5 alive. 0 dead, 5 unknown
FIG R 1 :T A
U E .7 he dvancedIPS
cannerm w w A H list
ain indow ith live ost
10. The list displays properties of the detected computer, such as IP
address. N a m e , M A C , and N e t B I O S information.
11. You can forcefully Shutdown, Reboot, and Abort S h u t d o w n die
selected victim machine/IP address
C E H Lab M anual Page 92
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
10. M o d u le 0 3 - S c a n n in g N e tw o rk s
״si *
m
&
S h u td o w n o p tio n s
File
Actions
Settings
View
Help
r
Scan
W
infingerprint Input
O
ptions:
■ IPR (N askand
ange etm
InvertedN ask
etm
supported) IPL m
istS gle
H N
ost eighborhood
J!] .■ ]
Use Vtindcms authentifcation
Like us on
Facebook
Jser narre:
3
9essM ord:
11 0.0.0.1-100.0.10
rn e o c t (sec): [60
Results |
Favorites |
Message:
Status
® a
»
$
a
jre r
Name
MAC address
00;C9;5B:AE:24;CC
1a0.0.1
WIN-MSSELCK4K41
W IND O W S
WIN-LXQN3WR3R9M
WIN-D39MR5HL9E4
D0:67:E5:1A:16:36
It ion
I”
00:15:3C:A0:6C:06
It ion
00:13:3D:A8:6E:03
D4:BE:D9:C3:CE:2D
Forced shjtdo/vn
f " Reooot
S alive, Odcad, 5 unknown
FIG R 1 :TheA
U E .8
dvancedIPS
cannerC puterpropertiesw
om
indow
12. Now you have die
machine.
IP address. Nam e,
and other
13. You can also try Angry IP scanner located at
details
of die victim
D:CEH-ToolsCEHv8
Module 03 Scanning NetworksPing Sweep ToolsAngry IP Scanner
It
also scans the network for machines and ports.
L a b A n a ly s is
Document all die IP addresses, open ports and dieir running applications, and
protocols discovered during die lab.
Tool/U tility
Information Collected/Objectives Achieved
Scan Information:
Advanced IP
Scanner
C E H Lab M anual Page 93
■
■
■
■
■
■
IP address
System name
MAC address
NetBIOS information
Manufacturer
System status
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
13. M o d u le 0 3 - S c a n n in g N e tw o rk s
■ You can also download the latest version of ID
http: / / www.grc.com/id/idserve.htm
S e rv e
■
then screenshots shown
If you decide to download the
in the lab might differ
■ Double-click id s e r v e to run
la t e s t v e r s io n ,
ID S e r v e
■ Administrative privileges to run die ID
■ Run this tool on W in d o w s
from the link
S e rv e
tool
S erv er 2012
L a b D u r a t io n
Time: 5 Minutes
O v e r v ie w o f ID S e r v e
ID Serve can connect to any s e r v e r po rt on any d o m a in or IP address, then pull
and display die server's greeting message, if any, often identifying die server's make,
model, and v e r s io n , whether it's for F T P , SMTP, POP, NEW’S, or anything else.
Lab T asks
TASK
1
Id en tify w e b s it e
s e r v e r in fo rm atio n
1. Double-click id s e r v e located at D :C E H -T o o lsC E H v 8
M o d u le 0 3 S c a n n in g
N e tw o rk s B a n n e r G ra b b in g T o o lsID S e r v e
2. 1 1 die main window of ID
1
S e v e r Q u e ry tab
0
S erv e
show in die following figure, select die
ID Serve
ID Serve
Background
ri
Enter
01
r!
-׳r o
In rn tServer Id n a nU ,vl .0
te e
e tific tio tility 2
Personal SecurityFreew bySteveG so
are
ib n
Copyright (c) 2003 by Gibson Research Corp
Server Query | Q&A/Help
copy / paste an Internet server URL 0 * IP address here (example www rmcrosoft com)
Queiy The Server
^
When an Internet URL or IP has been provided above
press this button to rwtiate a query of the speahed server
Server
If anIPaddressis
enteredinsteadof aU L
R,
IDServew attem to
ill
pt
determ thedom
ine
ain
nam associatedw the
e
ith
IP
^
4
Copy
The server identified <se* as
goto ID Serve web page
E*it
FIG R 21: M w
UE
ain indowofIDS e
erv
3. Enter die IP address 01־URL address in E n t e r o r C o p y /p a ste
a n In te rn a l
s e r v e r U R L o r IP a d d r e s s h e re :
C E H Lab M anual Page 96
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
17. M o d u le 0 3 - S c a n n in g N e tw o rk s
■ A computer running Web Services enabled for port
80
■ Administrative privileges to run die A m a p tool
■ Run this tool on W in d o w s
S e rv e r 2012
L a b D u r a t io n
Time: 5 Minutes
O v e r v ie w o f F in g e r p r in t in g
Fingerprinting is used to discover die applications running on each open port found
0 x die network. Fin g erp rin tin g is achieved by sending trig g e r p a c k e t s and looking
1
up die responses in a list of response strings.
at T A S K
1
Id en tify
A p p lic a tio n
Lab T asks
1. Open die command prompt and navigate to die Amap directory. 1 1 diis lab
1
die Amap directory is located at D :C E H -T o o lsC E H v 8 M od ule 0 3 S c a n n in g
N e tw o rk s B a n n e r G ra b b in g T o o lsA M A P
P ro to c o ls R u n n in g
on P o rt 8 0
2. Type a m a p
w w w .c e r t if ie d h a c k e r .c o m 8 0 ,
and press E n te r.
Administrator: Command Prompt
33
[D : C E H ~ T o o ls C E H u 8 M o d u le 03 S c a n n i n g N e t w o r k B a n n e r G r a b b i n g T o o l s A M A P > a n a p uw
[u . c e r t i f i o d h a c h e r . c o m 80
Anap 0 5 . 2 <w w w . t h e . o r g / t h c - a n a p ) s t a r t e d a t 2 0 1 2 - 0 8 - 2 8 1 2 : 2 0 : 4 2 - MAPPING modo
Jn id en tifie d p o rts:
2 0 2 . ? 5 . 5 4 .1 0 1 : 8 0 / t c p < t o t a l 1>.
M ap 0 5 .2 f i n i s h e d a t 2012-08-28 1 2 :2 0 :5 3
D : C EH -T 0 0 1 s C E H 08 M o d u le 03 S c a n n i n g N e t w o r k B a n n e r G r a b b i n g Tool sAMAP>
Syntax: am [-A| ־
ap
B| -P|-W [-1buSR U
]
H dqv]
[[-m -o <file>]
]
[-D<file>] [־t/־T sec] [-c
cons] [-Cretries]
[-pproto] [־i <file>] [target
port [port]...]
FIG R 3 :A apw hostnam w w 1tifiedl1ack 1.com ithPort S
U E .1 m ith
e w .ce
e w
O
3. You can see die specific a p p lic a tio n protocols running 011 die entered host
name and die port 80.
4. Use die IP
a d d re ss
to check die applications running on a particular port.
5. 1 1 die command prompt, type die IP address of your local Windows Server
1
2008(virtual machine) a m a p 1 0 .0 .0 .4 75-81 (lo c a l W in d o w s S e r v e r 2 0 0 8 )
and press E n t e r (die IP address will be different in your network).
✓ For A apoptions,
m
type am -help.
ap
C E H Lab M anual Page 100
6. Try scanning different websites using different ranges of switches like amap
www.certifiedhacker.com 1-200
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Coundl
A ll Rights Reserved. Reproduction is Strictly Prohibited
18. M o d u le 0 3 - S c a n n in g N e tw o rk s
ד
D : C E H -T o o ls C E H u 8 Module 03 S c a n n i n g N e t w o r k B a n n e r G r a b b i n g ToolsAMAP>amap I f
. 0 . 0 . 4 75-81
laroap v 5 . 2 <w w w . t h c . o r g / t h c - a n a p ) s t a r t e d a t 2 0 1 2 - 0 8 - 2 8 1 2 : 2 7 : 5 1 - MAPPING mode
C piles on all U IX
om
N
basedplatform - even
s
M SX C inon
acO , ygw
W s, A M inuxand
indow R -L
Palm S
O
P r o t o c o l on 1 0 . 0 _ 0 . 4 : 8 0 / t c p n a t c h e s h t t p
P r o t o c o l on 1 0 . 0 _ 0 . 4 : 8 0 / t c p n a t c h e s h t t p - a p a c h e - 2
W arn in g : C ould n o t c o n n e c t < u n r e a c h a b le > t o 1 0 . 0 . 0 . 4 : 7 6 / t c p , d i s a b l i n g
p o r t <EUN
KN>
W a rn in g : C ould n o t c o n n e c t < u n r e a c h a b l e ) t o
1 0 .0 .0 .4 :7 5 /tc p , d isab lin g
p o r t <EUN
KH>
W arn in g : Could n o t c o n n e c t < u n r e a c h a b l e > to
K>
H
W arning:
K>
N
1 0 .0 .0 .4 :7 7 /tc p , d isab lin g
p o r t <EUN
Could n o t c o n n e c t ( u n r e a c h a b l e ) to 1 0 . 0 . 0 . 4 : 7 8 / t c p , d i s a b l i n g
p o r t <EUN
W a rn in g : C ould n o t c o n n e c t < u n r e a c h a b l e > t o
|KN>
W arn in g : C ould n o t c o n n e c t < u n r e a c h a b l e > t o
K>
N
1 0 .0 .0 .4 :7 9 /tc p , d isab lin g
p o r t <EUN
1 0 . 0 . 0 . 4 : 8 1 / t c p , d i s a b l i n g p o r t <EUN
P r o t o c o l on 1 0 . 0 _ 0 . 4 : 8 0 / t c p n a t c h e s h t t p - i i s
P r o t o c o l on 1 0 . 0 _ 0 . 4 : 8 0 / t c p n a t c h e s webmin
U n id e n tified p o rts : 1 0 .0 .0 .4 :7 5 /tc p 1 0 .0 .0 .4 :7 6 /tc p 1 0 .0 .0 .4 :7 7 /tc p 1 0 .0 .0 .4 :7 8 /
kcp 1 0 .0 .0 .4 :7 9 / t c p 1 0 .0 .0 .4 :8 1 /tc p < to t a l 6>.
Linap v 5 . 2 f i n i s h e d a t 2 0 1 2 - 0 8 - 2 8 1 2 : 2 7 : 5 4
b : C E H - T o o l s C E H v 8 Module 03 S c a n n i n g N e tw o r k N B a n n e r G r a b b i n g ToolsAMAP>
FIG R 3 :A apw IPaddressandw rangeofsw 7 -8
U E .2 m ith
ith
itches 3 1
L a b A n a ly s is
Document all die IP addresses, open ports and dieir running applications, and die
protocols you discovered during die lab.
Tool/U tility
Information Collected/Objectives Achieved
Identified open port: 80
WebServers:
■ 11ttp-apache2 ־
■ http-iis
■ webmin
Amap
C E H Lab M anual Page 101
Unidentified ports:
■ 10.0.0.4:75/tcp
■ 10.0.0.4:76/tcp
■ 10.0.0.4:77/tcp
■ 10.0.0.4:78/tcp
■ 10.0.0.4:79/tcp
■ 10.0.0.4:81/tcp
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
22. M o d u le 0 3 - S c a n n in g N e tw o rk s
FIG R 4.1T C ortsm w w allprocesses, ports, andIPaddresses
U E : lie urrP ain indow ith
2. CiirrPorts lists all die
/ /C
urrPorts utilityis a
standaloneexecutable,
w doesn't requireany
hich
installationprocess or
additional D L
L s.
and their IDs, protocols used, lo c a l
local and remote ports, and r e m o te h o s t
p ro ce sse s
a n d r e m o te IP a d d r e s s ,
n am e s.
3. To view all die reports as an HTML page, click V ie w
>־H T M L R e p o r t s
־A ll It e m s .
M °- x י
C urrP orts
File
Edit I View | Options
X B
1
Help
Show Grid Lines
Process K a1^ I Show Tooltips
J
Mark Odd/Even Rows
chrome.
C* chromel
HTML Report ־All I'errs
^ chrome.
HTML Report - Selected terns
C* chrome.
Choose Columns
^ chromc.
(£ firc fc x .c
Remote Host Nam *
173.1943526
).7
http
173.194.3526
).7
http
173.194.3526
bcmQ4s0l-in. 2 ־
f61
bcm04s0l-in-f26.1
bcm04s01 - n f 6 1
i-2.
).7
http
23.5720420
a23-57-204-20.dep S
https
173.194.3526
bom04501-in. 2 ־
f61
127.0.0.1
WIN-D39MR5HL9E
).7
R״fr#{h
127.0.0.1
WIN-D39MR5HL9E
443
https
173.1943622
bem04s01-in-f22.1
10.0.0.7
443
https
173.19436.15
bom04i01־in*f15.1
10.0.0.7
443
https
173.19436.0
bcm04s0l*in-f0.1<
100.0.7
1l i
(B fa e fc x u e
1368
TCP
J ftfM c o ta e
I368
TCP
45
16
® fr e fc x e te
1368
TCP
4158
---
4163
h t t o d . e x e
1800
TCP
443
https
741252*4.15
gruC3s05-1n־M5.1e
1800
TCP
1070
Q ls a s s e te
564
TCP
1028
561
TCP
3981
.0.1
oo
.a .o
1070
V h ttp d .e x e
3962
T. , .7
V0
V
F5
ס7קז
443
.0.1
(p firc fo x .e 1
(c
Q In thebottomleft of
theC
urrPorts w , the
indow
status of total ports and
rem connections
ote
displays.
Remote Address
http
Address
A uto Size Columns
g f-e fc x e
Rem..
).7
1028
0.0.0.0
0 .0
.0 .0
aaao
NirSoft Freeware, http.//w w w .rirs o ft.n e t
79Tct«l Ports, 21 Remote Connection!, 1 Selected
FIG R 4.2T C
U E he urrPortsw H LR - A Item
ith TM eport ll s
4. The HTML Report
a u t o m a t ic a lly
opens using die default browser.
E<e Ldr View History Bookmarks 1001 Hdp
צ
I TCP/UDP Ports List
^
j j f j__
( J f t e /// C;/User1/ Ad mini st ralor/Desfctop/ cp0fts-xt>£,repcriJit ml
' •£־־־*־
- Google
P
^
י
T C P /U D P P o r ts L is t
=
E3 To checkthe
countries of therem IP
ote
addresses, youhaveto
dow thelatest IPto
nload
C
ountryfile. Y haveto
ou
put the IpToC
ountry.csv״
fileinthe sam folder as
e
cports.exe.
C re a te d b v u sing C u rrP o rts
P m « j .Nam•
P ro titi
ID
P ro to co l
I.o ra l
I A ra l P o rt
P o rt
X lB t
L o c a l A d d iv it
Remote
P o rt
Rcm oU ׳
P o rt
R tm v l« A d d r t it
Name .
chxame rx c
2988
TCP
4052
10 0 0 7
443
https
173 194 36 4
chiome.exc
2988
TCP
4059
10.0.0.7
80
http
173.194.36.17
bo
bo
ch101nc.exe
2988
TCP
4070
10.0.0.7
80
http
173.194.36.31
bo
daom e.exe
2988
TCP
4071
10.0.0.7
80
h ltp
173.194.36.31
bo!
daom e.exe
2988
TCP
4073
1 00.0.7
80
hup
173.194.36.15
boi
daom e.exe
2988
TCP
4083
10.0.0.7
80
http
173.194.36.31
bo!
cfcrorae.exe
2988
TCP
4090
100.0.7
80
hnp
173.194.36.4
bo!
chfomc.cxc
2988
TCP
4103
100.0.7
80
hup
173.194.36.25
bo
chrome exe
2988
TCP
4104
10 0 0 7
80
hnp
173 194 36 25
bo
>
FIG R 4 :HieW brow d lay gC ortsR - A Item
U E .3
eb ser isp in urrP eport ll s
5. To save the generated CurrPorts report from die web browser, click
F ile >־S a v e P a g e A s ...C t r l+ S .
C E H Lab M anual Page 105
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
23. M o d u le 0 3 - S c a n n in g N e tw o rk s
■ 5 3ד
TCP/UDP Ports List - Mozilla Firefox
m C
urrPorts allow you
s
to saveall changes (added
andrem connections)
oved
into alogfile. In order to
start w to thelogfile,
riting
checkthe ,LogC
hanges'
optionunder the F
ile
m
enu
«ry> Hitory
1
ו ז קid *
Bookmaikt Took Hrlp
fJcw l i b
CW*T
N*w’ ׳Mnd<*1*
Ctrt*N
Cpen Fie..
CcrUO
» ׳Dcsttop/q)D1ts-x64/rEpor: html
f1
C
*
S*.« Page As.. Ctr1*S
Send LinkPag* Setup-.
PrmtPi&Kw
E rrt.
ti*
!, r o t i f j j >111•
!.o ra l
I o r a l P o rt
P o rt
!'! ־o to co l
Name
Remote
Local A d d rv u
K em otc
P o rt
P o ri
chiom c.exe
2988
TCP
4052
cfc10 me.exe
2988
TCP
4059
10.0.0.7
chrome.exe
2988
TCP
4070
10.0.0.7
chrome.exe
2988
TCP
4071
10.0.0.7
chrome exe
2988
TCP
4073
chrome exe
2988
TCP
408;
K e u io l* A d d n i t
Name
ID
2Z B default, the logfile
y" y
is savedas cports.loginthe
sam folder w
e
here
cports.exeis located. Y
ou
canchangethe default log
filenam bysettingthe
e
L
ogFilenam entryinthe
e
cports.cfgfile.
P
i f ' Google
https
173.194.36.4
boj
80
http
173.194.36.17
bo:
80
hnp
173.194.36.31
bo:
80
http
173.194.36.31
boi
100 0 7
80
http
173 194 36 15
boi
100 0 7
80
http
173 194 36 31
bo!
10.0.0.7
443
ch*omc exe
2988
TCP
4090
100 0 7
80
http
173 194 36 4
boi
chiome.exe
2988
TCP
4103
10.0.0.7
80
http
173.194.36.25
boj
daom e.exe
2988
TCP
4104
10.0.0.7
80
http
173.194.36.25
b03
FIG R 4 : T W brow toS eC
U E .4 he eb ser av urrPortsR - A Item
eport ll s
6. To view only die selected report as HTML page, select reports and click
V ie w >־H T M L R e p o r t s ־S e l e c t e d Ite m s .
1-1° ׳x-
C urrP orts
File
X
Edit | View | Options
S
(3
Help
Show Grid Lא חו
Process Na P I
^ B aw The logfile
e are!
isupdatedonlyw you
hen
refreshtheports list
m
anually, orw the
hen
A R
uto efreshoptionis
turnedon.
Show Tooltips
C chrome.
Mark Odd/Even Rows
Address
).7
).7
O'chrome “
® ,fir e fc x e
(gfircfcxe:
HTML Report ■ Selected terns
Choose Columns
Auto Size Columns
Rem...
Remote Address
Remote Host Nam
h ttp
175.19436.26
bom04s01-1n־f26.1
bom04s01-1n-f26.1
80
h ttp
173.1943626
80
h ttp
173.1943626
bcm04s01-in־f26.1f
■0.7
HTML Report - All Items
C c h ro m e f
Rem...
80
80
h ttp
215720420
323-57-204-20.dep
P7
.0.1
445
h ttp :
F
Ctrl ♦■Plus
Refresh
F5
fircfcx e<
v
.0.1
bcm04s01-in-f26.1
WIN-D39MR5HL9E
127JX011
3981
173.1943526
127.0.0.1
3982
WIN-D39MR5HL9E
J>.7
443
https
173.1943622
bom04s01 -in-f22.1
h ttp ;
173.194.36.15
bomOlsOl -in ־f1 5.1
L f ircfox.cxc
1368
TCP
4163
1000.7
443
fircfcx.cxc
1368
TCP
4166
1000.7
443
h ttp :
173.194360
bomOlsOI -in ־f0.1c
^ firc fc x .c x c
1368
TCP
-4168
100.0.7
443
https
74125234.15
gruC3s05 in -f 15.1c
httpd.exe
1000
TCP
1070
0.0.0.0
1000
TCP
1070
Q lsa sse xe
httpd.exe
564
TCP
1028
Q b a s te x e
« -------a .--------
564
14nn
TCP
T rn
1028
י«׳*־ו־
79 ~ctel Ports. 21 Remote Connections, 3 Selected
a Y canalsorightou
clickonthe W pageand
eb
savethe report.
C E H Lab M anual Page 106
0.0.0.0
s
00.0.0
___
0.0.0.0
AAA A
AAAA
Hi1 Soft Freew are. http. ,׳,׳w w .r irsoft.net
w
FIG R 4 :C
U E .5 urrPortsw H M R - S
ith T L eport electedItem
s
7. Tlie selected
re p o rt
automatically opens using the
d e fa u lt b r o w s e r .
E th ic a l H ackin g and Counterm easures Copyright O by EC-Coundl
A ll Rights Reserved. Reproduction is Strictly Prohibited
24. M o d u le 0 3 - S c a n n in g N e tw o rk s
TCP/UDP Ports List - Mozilla Firefox
ffi'g |d : Vico
[ j TCP/UDP Ports List
In the filters dialog
bos, youcanaddone or
m filter strings
ore
(separatedbyspaces,
sem
icolon, or C L ).
RF
^
1 n J~x
־
I
Hatory Bookmaiks Toob Help
| +
P
W c/'/C /lherv׳Admin 1strotor/Dr5fctop/'cport5־r64/rcpoדיi«0T1l
(? ־Google |,f t I
T C P /V D P P o rts L is t
C reated b y m in g C iir r P o m
P
rocess
N e
am
P
rocess
ID
ol
Local I> ca Local K u R o
«m t« em te
Port
P
rotocol Port Port A
ddress Port
N e
am
.Nm
ae
K
vuiotc
A
ddress
R o H N e
em te ost am
State
dbiome.cxc
2988
TCP
4148
10.0.0.7
443
https
173.194.36-26
bom04sC 1 m. £26.1 e 100.net
Established
c:
fire fo x exe
1368
TCP
4163
10 0 0 7
443
https
173 194 36 15
bom 04s01 tn - fl 5. Ie l0 0 .n e t
Established
C:
1800
TCP
1070
Listening
C:
h ttp d
cc
x
FIG R 4 : T W brow d lay gC
U E .6 he eb ser isp in uaPortsw H M R - S
ith T L eport electedItem
s
/ / The Syntaxfor Filter
S [include | exclude]:
tring:
[local | rem | both |
ote
process]: [tcp | udp |
tcpudp] : [IPR | Ports
ange
R
ange].
8. To save the generated CurrPorts report from the web browser, click
F ile >־S a v e P a g e A s ...C t r l+ S
TCP/׳UDP Ports List ־M ozilla Firefox
Edfe Vir*
׳
r= > r* י
Hutory Boolvfmki Took HWp
N**׳T*b
Clfl*T
|+ |
Open Fie...
Ctrl»0
S*.« P a g e A ;.
fi
1r/Desktop/cpo»ts x6Crepwthtml
an*N
*
Ctrl-S
Sir'd linkPage :er.p.
Pnnt Preview
P rm L .
fic it Offline
N e
am
Local Local T o ral
Po rt
Pori Nam e A
ddress
ID
Rem ote
Port
Kcm ole
Po rt
Nam e
R ote
em
A
ddress
Rem ote Ilo t l .N io it
2988
TCP
4148
1 0 0 0 .7
443
https
1 73 .19 43 6 26
boxu04s01 -ui-1‘26. Ie l0 0 .n e t
Established
C
fiiefox-cxc
1368
TCP
4163
100.0.7
443
https
173.19436 15
bom04s01-1a-115.lel00.net
Established
C
http de xe
10
80
TCP
1 0׳
0
chtoxne.exe
שC m
om and-line option:
/stext < 11enam m
F
e> eans
savethelist of all opened
TCP/UDPports into a
regular text file.
C E H Lab M anual Page 107
FIG R 4 :TheW b v toSawQ
U E .7
eb rcn ser
irrPortsw H M R - S
ith T L eport electedItem
s
9. To view the
p r o p e r t ie s
of a port, select die port and click F ile
>־
P r o p e r tie s .
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
25. M o d u le 0 3 - S c a n n in g N e tw o rk s
C urrP orts
r®
1 File J Edit
I
View
Options
I - ] “
'
*
m
Help
C trM
P N ctlnfo
Close Selected TCP Connections
Ctri+T
Local Address
Alt^Entei
Process Properties
b&i C m
om and-line option:
1
C tiU P
Remote Address
Remote Host Nam 1 י׳
http
173.194.3626
bom04301 - in-f26.1
10.0.0.7
CtiUS
Properties
Rem..
80
80
http
16263.491.3׳־
bom04501 ־in-f26.1
10.0.0.7
80
http
1^3.194.36.26
10J3J3.7
Save Selected Items
Rem...
10.0.0.7
Kill Processes Of Selected Ports
80
http
23.57.204.20
https
bom04s01-in-f26.1
a23*57204-20.־dep ■
443
127.0.0.1
3982
Open Log File
127.0.0.1
3031
Clear Log File
10.0.0.7
443
httpc
10.0.0.7
443
https
173.194.3615
bom04s01-m-f15.1
10.0.0.7
/stab <Filenam m
e> eans
savethelist of all opened
TCP/UDP ports intoa
tab-delim text file.
ited
10.00.7
Log Changes
443
https
173.194.360
bom04s01 m־f0.1c
10.0.0.7
443
https
74.12523415
gru03s05-in־f15.1 e
CtrU O
Advanced Options
Exit
j 1 .e x e
ttjd
1800
TCP
1070
h tto d .e x e
1800
TCP
lsass.exe
564
TCP
1028
Q lsass-exe
$64
TCP
1028
״
bom 04s01-in-f2M
WIN-D39MR5Hl9f
127.0L0L1
WIM-D30MRSH10F
12263.491 1 ־
,
bom04e01-m־f22.1
0 D S )S )
1070
□
1Ti 194.36.26
127.aa1
oaao
::
aao.o
0D S J J J
r.
>
־T
NirSoft Freeware, h ttp :'w w w .n irso ft.n e t
|7 9 Tctel Ports, 21 Remote Connections, 1 Selected
FIG R 4 :C
U E .8 unPoitstoviewproperties foraselectedport
10. The P r o p e r t ie s window appears and displays all the properties for the
selected port.
11. Click O K to close die
P r o p e r t ie s
window
Properties
C m
om and-line option:
/shtm <Filenam m
l
e> eans
savethelist of all opened
TCP/UDP ports into an
H Lfile(H
TM
orizontal).
Process Nam
e:
Process ID:
Protocol:
Local Port:
Local Port Nam
e:
Local Address:
Remote Port:
Remote Port Nam
e:
Remote Address:
Remote Host Nam
e:
State:
Process Path:
Product Nam
e:
File Description:
File Version:
Com
pany:
Process Created O
n:
User Nam
e:
Process Services:
Process Attributes:
Added O
n:
Module Filename:
Remote IP Country:
Window Title:
*
firefox.exe
1368
TCP
4166
10.0.0.7
443
|https________________
1 7 .194.36.0
13
bom
04s01-in-f0.1e100.net
Established
C:Program Files (x86)M zilla Firefoxfirefox.exe
0
Firefox
Firefox
1 .0
4 .1
Mozilla Corporation
8/2 /2 1 2:36:28 PM
5 02
WIN-D39MR5HL9E4Administrator
8/2 /2 1 3:32:58 PM
5 02
O
K
FIG R 4 :TheC
U E .9
urrPortsPropertiesw
indowfortheselectedport
C E H Lab M anual Page 108
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
26. M o d u le 0 3 - S c a n n in g N e tw o rk s
12. To close a TCP connection you think is suspicious, select the process
and click F ile >־C lo s e S e l e c t e d T C P C o n n e c t io n s (or C trl+ T ).
S
T A S K
2
-_,»r
C urrPorts
ד
C lo s e T C P
C o n n e c tio n
IPNetlnfo
Ctrt+1
Close Selected TCP Connections
C trl-T
Local Address
Save Selected Items
AH- Enter
Ctrl—
P
Process Properties
Remote Address
Remote Host Nam י ׳I
http
173.19436.26
bom04s01-in־f26.1
80
http
173.19436.26
bom04s01-in־f26.1
10.0.0.7
CtH-S
Properties
Rem...
6
10.0.0.7
OSelected Ports
f
Rem...
10.0.0.7
80
http
173.19436.26
bom04sC1 in-f26.1
10.0.0.7
Kill Processes
80
http
23.5730430
023-57 204 2C.dep =
https
0
10.0.0.7
43
4
Log Changes
127.00.1
3932
Cpen Log File
127.00.1
A d/snced Options
10.0.0.7
CtH+G
Exit
^
3931
43
4
43
4
43
4
43
4
10.0.0.7
Clear Log File
10.0.0.7
httpd.exe
1£03
TCP
1070
httpd.exe
1800
TCP
564
TCP
1028
Q toS fcC N e
564
TCP
127.0.0.1
WIN-D39MR5HL9£
173.19436.22
bom04s01 -in-f22.1
https
173.19436.15
bom04s01-in-f15.1
https
173.19436.0
bom04s01 ■in-f0.1s
https
74.125.234.15
gru03s05-in-f151e
1Q28
^
J
III
bom04s01 in ־f26.1
WIN-D39MR5HL9e
http:
1070
□ is a s s ^ x e
173.19436.26
127.0.0.1
0D.0.0
0.0.0.0
r
om o
o .a a o
r
I>
־r
J
IlirSort fre e w a re . r-tto :׳v/Yv*/n rso tt.n et
7? Tot«! Porte, 21 Remote Connection! 1 Selected
FIG R 4 0 ,H C
U E .1 : ie unPoitsC S
lose electedT PC
C onnectionsoptionw
indow
13. To
k ill
the
p ro ce sse s
of a port, select die port and click F i le
>־K ill
P r o c e s s e s o f S e l e c t e d P o r ts .
I ~ I * 'ם
C urrP orts
f i TASK 3
File
j Edit
View
Options
Help
PNetlnfo
K ill P r o c e s s
a♦
n!
Close Selected TCP Connection*
C*rt*־T
Loral Address
CtrKP
Remote Host Nam *
173.14436.26
bom04t01*in-f26.1
80
http
173.194.3626
bomC4t01-in־f26.1
80
http
173.194.3626
bomC4j01 -in-f26.1
10.0.0.7
Process Properties
Remote Addrect
http
10.0.0.7
A t-E n te r
Rem..
80
10.0.0.7
Clri-S
5ave Selected Items
P ro p e rties
Rem...
10.0.07
kin Processes Of Selected Ports
80
http
215720420
a23-57-204-20.dep s
https
173.1943636
bcmC4s01-in-f26.1
127.0.0.1
WIN-D39MR5HL9E
10.0.0.7
443
Log Changes
127.0.0.1
3962
Open Log File
127.0.0.1
3981
127.0.0.1
WIN-D39MR5HL9E
Clear Log file
10.0.0.7
443
https
173.1943632
bomC4s01-in-f22.1
10.0.07
443
https
173.19436.15
bom04s01־in־f15.1
10.0.0.7
443
https
173.19436.0
bom04$0l־in־f0.1e
10.0.0.7
443
https
74125334.15
gru03s05-1n-M5.1e
Advanced Options
Exit
V httod.exe
1800
TCP
1800
TCP
1070
□ lw s s .e r e
564
TCP
1028
□
561
TCP
O. .
.Q
QO
1070
V h ttp d .e x e
1028
ר
k a tc *re
0.0.0.0
oa
.a o
___
/ )A A A
II
79 Tctel Ports, 21 Remote Connections, 1 Selected
MirSoft Freeware. http-Jta/ww.rirsoft.net
FIG R 4 1 T C ortsK P
U E .1 : he urrP ill rocessesofS
electedPortsO W
ption indow
14. To e x it from the CurrPorts utility, click F ile
window c l o s e s .
C E H Lab M anual Page 109
>־E x it .
The CurrPorts
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Coundl
A ll Rights Reserved. Reproduction is Strictly Prohibited
27. M o d u le 0 3 - S c a n n in g N e tw o rk s
1-1° ’ - ׳
C u rrP on s
File
Edit
View
Options
Help
GH+I
P N etlnfo
Close Selected TCP Connections
CtrK T
..
Local Address
Rem..
Rem״
Remcte Address
Remcte Host Nam
10.0.0.7
80
http
173.194.36.26
bom04s01-in-f26.1
10D.0.7
80
http
173.194.3626
bom04s01-in-f26.1
10.0.0.7
80
http
173.1943626
bom04s01-in־f26.1r
10.0.0.7
80
http
21 57.204.20
a23-57-204-20.de
10.0.0.7
443
httpt
173.194.3626
bom04t01-in-f26.1|
lo g Changes
127.0.0.1
3082
127.0.0.1
WIN-D3QMR5H19P
Open Log File
127.0.0.1
3981
127X10.1
WIN-039MR5HL9E
10.0.0.7
443
https
173.19436.22
bomC4101-in-f22.1
10.0.0.7
443
https
173.194.36.1S
bemC4i01 in ־f15.1
10.0.0.7
443
https
173.194.36i)
bcmC4s01 in f0.1q
10.0.0.7
443
https
74.125.234.15
gru03s05in-f15.1e
K il Processes O f Selected Ports
hid C m
om and-line option:
/sveihtm <Filenam
l
e>
S thelist of all opened
ave
TCP/UDP ports into
H Lfile(V
TM
ertical).
Save Selected Items
Ctifc-S
A t-E a te r
Properties
CtH«־P
Procccc Properties
Clear Log File
Advanced O ption!
C tH -0
Ext
1
th ttp d .e x e
1800
TCP
1070
0.0.0.0
J
0.0.0.0
=
th ttp d .e x e
1800
TCP
1070
=
Q lsa s& e xe
564
TCP
1028
0.0.00
0.0.0.0
H ls a is - a c
■
־־
564
TCP
rrn
1028
/ וa / a
=
AAAA
__
79 זctal Ports. 21 Remote Connections. 1 Selected
Nil Soft free were. Mtpy/vvwvv.r it soft.net
FIG R 4 2 T C
U E .1 : he urrPoitsE optionw
xit
indow
L a b A n a ly s is
Document all die IP addresses, open ports and their running applications, and
protocols discovered during die lab.
feU In com andline, the
I
m
syntaxof /close
com and:/close <L
m
ocal
A
ddress> <Local Port>
<R oteA
em ddress>
<R ote Port.* נ
em
Tool/U tility
Profile Details: Network scan for open ports
CurrPorts
C E H Lab M anual Page 110
Information Collected/Objectives Achieved
Scanned Report:
■ Process Name
■ Process ID
■ Protocol
■ Local Port
■ Local Address
■ Remote Port
■ Remote Port Name
■ Remote Address
■ Remote Host Name
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Counc11
A ll Rights Reserved. Reproduction is Strictly Prohibited
31. M o d u le 0 3 - S c a n n in g N e tw o rk s
Lab T asks
Follow die wizard-driven installation steps to install die GFI LANguard network
scanner on die host machine windows 2012 server.
B
TASK
1
1. Navigate to W in d o w s S e r v e r 2 0 1 2 and launch the S t a r t menu by
hovering the mouse cursor in the lower-left corner of the desktop
S c a n n in g for
V u ln e r a b ilitie s
Zenm fileinstalls
ap
the follow files:
ing
■ N apC F
m ore iles
■ N apPath
m
■W
inPcap 4
.1.1
■ N orkInterface
etw
Im
port
■ Zenm (G I frontend)
ap U
■ N (M N
eat odern etcat)
■N
diff
FIG R 5 :W sS 2012- D
U E .1 indow erver
esktopview
2. Click the
window
G F I L an G u ard 2 0 1 2
Windows
app to open the
G FI L an G u ard 2 0 1 2
Google
Marager
bm
r
♦
*
£
SI
Nnd
V
e
FT־
2)12
0
FIG R 5.2W sS 2012- A
UE
indow erver
pps
3. The GFI LanGuard 2012 m ain
A u d it tab contents.
w in d o w
appears and displays die N e tw o rk
/ / To executeascan
successfully, G
FI
LA guardm rem
N
ust otely
logonto target com
puters
w adm
ith inistrator
privileges.
C E H Lab M anual Page 114
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
32. M o d u le 0 3 - S c a n n in g N e tw o rk s
GFI LanGuard 2012
I
-|
dashboard
Seen
Remedy
ActMty Monitor
Reports
Configuration
UtSties
W
D13CIA3 this ■
י
W elcome to GFI LanG uard 2012
GFI LanGuard 2012 is ready to audit your network fc* rtireta&dites
Local Computer Vulnerability Level
e a The default scanning
us• ־
Nana9#*gents־or Launch a scan ־options 10,
the entile network.
options w provide
hich
quickaccess to scanning
m are:
odes
■ Q scan
uick
■ Full scan
■ Launcha customscan
■ Set up aschedule scan
JP
9
%
M
<
{ 'M
o w
c a f h 'e .
—
iim jIW - .
Cunent Vulnerability Level is: High
V ie w D a s h b o a rd
Inve30gate netvuor*wjinerawiir, status and audi results
R e m o diate S e cu rity Iss u e s
Deploy missing patches uninstaiwwuihortwd *!*rare. turn on onllvirus and m
ore
M anage A g e n ts
Enable agents to automate netooric secant? audit and totfstribute scanning load
across client machines
L a u n c h a S can
Manually set-up andtnuser an aoerSess neVrxt seajrit/ audrt.
I
LATES1 NLWS
1
־
V# ?4-A*j-7017 -Patch MmuxirTimri -N n pi txkul a fy n le d ID I -XI }u n jp fe»g 1! Ttft ■ u lar ־l w mr»־
m
1 ( 74 A q 701?
Patch Mfwtgnnnnl Added DCport for APS81? IS. Mohr. Arrvhm !) 5 2 Pro nnd Standivd
tr.v •ni
V*, 24-AJO-2012 -Patch M4uu«m< -Aiktod kuxkI 1 1APS812-1S. Mobm A uob* 10.1.4 Pro mtd St—a-0 - -M j ut
0
FIG R 5 :T G L N m w
U E .3 he FI A guard am indow
m C
ustomscans are
recom ended:
m
■ W perform a
hen
ing
onetim scanw
e
ith
particular scanning
param
eters/profiles
■ W perform ascan
hen
ing
for particular netw
ork
threats and/or system
inform
ation
■ Toperformatarget
com scanusinga
puter
specific scanprofile
4. Click die L a u n c h
a Scan
option to perform a network scan.
GFI LanGuard 2012
Doshboerd
> I « ־I
Scan
Remediate
AdMty Monitor
Reports
Configuration
Ut*oes
«t
Di»e1«s thb version
W elcome to GFI LanG uard 2012
1
GFI LanGuard 2012 &ready to audit your network k* *AmafrMws
Local Computer Vulnerublllty Level
use ־a;# Agents־or Launch a scan ־options 10 auoa
van
the entire network.
JP
9
t - &־.יז
^-־־־
iim jIM :
Cunent Vulnerability Luvul is; High
%
V ie w D a s h b o a rd
Investigate network!wjineraMit, status andauairesults
R e m e diate S e cu rity Issu e s
Deploy missing patches unirwta■urau*>0rf2e430**are. turn on antivirus ana m
ore.
M anage A g e n ts
Enable agents to automate neteror* secant* aud* and totfstnbute scanning load
across client machines
L a u n c h a Scan
Manually * rt- p andtnwer anagerttest network»taint/ autirl
< u
LAI LSI NLWS
<j
?4-Ajq-TOI? - fa it h M<au»)«nenl - N r . pnxkjrf !^ported POF-XLhan^r Mena 2 לTOb
V* 24A jq2012
mla e
u
IW 3 1
Patch MnnnQcjncnr Added support forAPS812-16. Adobe Acrobat 9 5 2 Pro and Standard
-־»«
־
24-Aju-2012 -Patch Md11r u ! 1t*t -Added support t rAPS812-16. Adobe Acrobat 10.1.4 Pro and Stand f d - F=ad ■»־
ft«
o
cf
^ If intrusiondetection
softw (ID is running
are S)
duringscans, G
FI
LA guard sets off a
N
m
ultitude of ID w
S arnings
andintrusionalerts inthese
applications.
FIG R 5 :T G L N m w indicatingtheL aC
U E .4 he FI A guard ain indow
aunch ustomS option
can
5.
Launch a N ew sca n
i.
ii.
iii.
window will appear
1 1 die Scan Target option, select lo c a lh o s t from die drop-down list
1
1 1 die Profile option, select F u ll
1
1 1 die Credentials option, select
1
drop-down list
Scan
from die drop-down list
c u rre n tly lo g g ed on u s e r
from die
6. Click S c a n .
C E H Lab M anual Page 115
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Counc11
A ll Rights Reserved. Reproduction is Strictly Prohibited
33. M o d u le 0 3 - S c a n n in g N e tw o rk s
’ ° ן ־r x ־
GF! LanGuard 2012
• l«- I
>
Ds b a
a h o rd
S n
ca
Ranrdijle
A
ctiv.tyM n r
o ito
R p rts
eo
Cn u Un
o f!g ra o
C Uiscuuttm1
J,
Jt Urn
ta u a d ia tn e S a n
Scar־a02׳t:
b a te :
P10•*:
jf-J S^n
v M
Ot0en:־fck»/T«rt(r ockcCon uso־
v *
?axrrard:
V
IIZ
* 1
1
״
Scar Qaccre...
Son ■ n d ti Ovrrvlew
SOM R ru lti Dcta ll<
m For largenetw
ork
environm aM
ents, icrosoft
SQ Server/M E
L
SD
database backendis
recom endedinsteadof
m
theM
icrosoft A
ccess
database.
FIG R 5 : S ganoptionfornetw scanning
U E .5 electin
ork
7.
Scanning will s ta rt; it will take some time to scan die network. See die
following figure
m Q scans have
uick
relativelyshort scan
durationtim com to
es pared
full scans, m because
ainly
quickscans perform
vulnerabilitychecks of only
asubset of the entire
database. It is
recom endedto runa
m
quickscanat least once a
w
eek.
8. After completing die scan, die s c a n
C E H Lab M anual Page 116
re s u lt
will show in die left panel
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
34. M o d u le 0 3 - S c a n n in g N e tw o rk s
&
yI
I
Ds b a
a h o id
S n
ca
Rm u
e cd te
, ־I□ ־x
GFI Lar> uard2012
G
A ty M n r R p rts C n u tio
ctw o ito
eo
o fig ra n
L fr
ttr tm
ta u K k a lm k in
Kte
a:
ScanTarget
ccaftoct
V
H
... | FalSar
jsandffc:
C tbcaed on iser
j-rr&
Eaaswofd:
II
V
Scan R r u ik i ovrrvm n
Scan R r a k i Details
4 Scan target: locatbo»t
- y) 52 10 0 0 7 IWDI-039MR5II19C4] (WhkJ
vws .
m
T of scans:
ypes
Scana singlecom
puter:
Select this optionto
scanalocal host or one
specificcom
puter.
Scanarange of
com
puters: Select this
optionto scananum
ber
of com
puters defined
throughanIPrange.
Scanalist of com
puters:
Select this optionto
im alist of targets
port
fromafileor to select
targets fromanetw
ork
list.
Scancom
puters intest
file: Select this optionto
scantargets enum
erated
inaspecific text file.
Scanadom or
ain
w
orkgroup: Select this
optionto scanall targets
connectedto adom
ain
or w
orkgroup.
*
S ca n c o m p le te d !
Summ 8f *ear resufs 9eneraf0fl <Jut>51
ary
V u ln e ra b ility le v e l:
The average vulnerabilty le.ei lor ttus sea־nr s 1
Results statistics:
Audit operations processed;
1>703 aw*! operations processed
Missing scftwaie updates:
Other vulnerabilities:
20 <20 C tcai׳Hgr>
׳
1313 Crecol'-.qh)
Potential vulnerabilities:
3
•
Scanner ActMty Wkxkm
*ו^יז
W fa :ili« !* W
CanptJer
VJUH> ra W J t« !a
Citar
n » 1 ״t41:ate 101 r r s q v
1
i K t - n •can
wunr is*lvatd or not found
i
----------12- 1
FIG R 5 :T G L uardC scanw
U E .7 he FI anG ustom
izard
9. To check die Scan Result Overview, click IP
right panel
10. It shows die V u ln e ra b ility A s s e s s m e n t
click V u ln e ra b ility A s s e s s m e n t
ad d ress
of die machiiiein die
an d N e tw o rk & S o ftw a re A udit:
GFI LanGuard 2012
E-
J |^
|
Daihboard
Sean
R nrw U r
AdMyMorilor
Reports
PceSe
v j. . . | |F״IS1״־
ocafost
Q3~t..
i3iT.i
Cj־end, bcaec
UtMws
W,
Dis c u m tvs vtssaan
* *ו
Userrvaae:
oue
nsr
Configuration
?a££.׳C
rd:
II
J
•••
1 ___^
____
1
1Results Details
#
V a n t n r y t : lornlhost
| - 1000
|
ר־V |WIW l)J9MIC>Mt9L4l (Window.
«
,
־
•
J] j
[ ׳W»UJ39MRSHL9f4| (Windows Server ?01? 164)
<
1>rrafcj1 W ^ n r r n t |
ty
n N ar* & Softwire Audit
et-w
Vulnerability level:
T • corrvwar dues not have a Vuhe'aHty te.el •VII. * :
►*
Y/lttt dim
irean?
Po s s ib le reaso n s:
t. Th• •can b not Inched yet
2.O ectbn of m
sC
issing paiches and vane ׳abiEe* 8
s U * » »ליינca1׳nir aerode used to performthe scan.
mta
3 ־The credentials used 10 scan this confute ג 0 ׳not »1: * 9 * «cnty ecamer 10 retrieve an required tafomwtion 10•
escmatra we Vjheraoity Level An account wth s M i r r a , • :rvjeges or rne target computer B requrM
* Certan securty srttnqs on the remote conpuler Dtoct r * access 0( Ite security scanner. Betam s a fa of most
rt
Scaruicr ActMty Window
flteetlKMQL
liv dl(l•
lr ^ kh)
u. M
.
״
•■V> I c tfiiS
'< I —
ldriI
ftwwl
I
FIG R 5 : S gV
U E .8 electin ulnerabilityA ent option
ssessm
C E H Lab M anual Page 117
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
35. M o d u le 0 3 - S c a n n in g N e tw o rk s
11. It shows all the V u ln e r a b ilit y
V
/ 7D
uringa full scan,
GFI L N
A guard scans
target com
puters to retrieve
setupinform and
ation
identifyall security
vulnerabilities including:
■M M
issing icrosoft
updates
■ Systemsoftw
are
inform including
ation,
unauthori2ed
applications, incorrect
antivirus settings and
outdatedsignatures
■ Systemhardw
are
inform including
ation,
connectedm s and
odem
U Bdevices
S
A ssessm en t
indicators by category
־־T ^ P
GFI LanGuard 2012
L
d
>
Dashboard
«־
Scan
Rernediate
Activity Men!tor
Reports
Configuration
UUkbes
W,
־
x
Di 8cub 8 •»a v«a«on._
l a — d i a Merc Scan
Bar Target;
»roS»:
H i scar-
v | | .. .
3 $
Jgynang:
c/fomess
[am r#y iC jjetf onuser
Q
Password:
or
5
V1
Scmi Rr»ulU Ov*rvt*%»
Sc4nR*M1ft>0«UNk
<0 $ u a U r « « t : l1 ) u lm l
V u ln e ra b ility A sse ssm e n t
f S I S ItM J(m R-K M M U H U M ](W M tom .
-
s«tea ene of the folowno wjfcerabilry 01*99'** ייה»*ל
• Yuhefablty Assessment
A * *־יsecurity wirerablofa (3)
J l MeCtomSearity Vuherabirtes (6)
*qn security Vumeratxaties (3)
Xbu you toanalyze the ־ ״security vjre tb i'.a
4
t
A
10
j , low Searity Viinerablitfes (4J
PofanBd Vuherabltea (3)
Meshc service Packs and U3cate =&u>s (1}
^
■
Jedium Security VulneraNKies )6 (
, וגיtoanajy7e thsrredun !earitytfjrerabises
.
Low Security Vulnerabilities 1 (
4
ycu to a ׳iy» thelc« 9eculty
# Msarvs Security Updates (3)
- _* Hee*ak & Software Ault
^
.
1
5
Potential vulnerabilities )1(
Xb>.s you to a-elvre tiie inform
ationsecurity aJ־־o
«
1
Ufesing S vtca P acks and Updala RolHipc (1)
U>»3vcutoane(yK thcrm eiroiervm pK tsnV m evn
thread I (Idle) |Scan Pvead 7 (•is' I 5 u n t1 « : 3 O
tfic] Bras
FIG R 5 :L ofV
U E .9 ist ulnerabilityA
ssessm categ ries
ent o
12. Click N e tw o rk
in die right panel, and then click S y s te m
S t a t u s , which shows all die system patching statuses
P a tc h in g
& S o ftw a re A u d it
1 ״r 1 ״
-
C r i L in O u a rd 2012
to■ >
•4 -
1
Dashboard
Sran
Re*»״Aate
Activity Monitor
Rrpoits
Configuration
JM M et
<U) '
D iic in t llm vm*an
la u a d ia New Sean
Scar ’ • o e ־
-
Ho ft*.
- 11
'־״
v |•
^
O afattab:
|0 rrentf> o g c « or u er
Sari
1 ־
SCM R « M b Overview
-
9
P315/.ord:
Jse n re ;
1Rem its Detais
Scan ta rve t iocalhost
- 3 1 8 I M A / [W » 0 3 9 N R S W « 4 ] ( I M l t K -
System Patching Status
m
Select one of tte Mtahg systemwtchro M U
S -4 (U!־f(hilY to n T e il
Duetothelarge
am ofinform
ount
ation
retnevedfromscanned
targets, full scans often
tendto belengthy. It is
recom endedtorunafull
m
scanat least onceevery2
w
eeks.
* *hevyV1eMe( )
e Sclt 1 r it t3
*at
X rvfcdun Security VUrtrabilBe• (6)
X
*nrM • )
J aa t•(ג
)
t
SricPrn i1t3datr Roittn (1)
e en m
v i
f •1su1sSeu1UyUl>0at«*(3)
I ״aa fracutI
foy ^tar rO
tr
.
X
Minting Service P acks ■ nit llpduir Rciaup* )1(
•
AI3v»1 you to andyM f*r rrs «־K! server parW r>f»—j i w
יי»־Sec“ ' >ty1h»ab4U»» (4)
S %
■
Alotwt Mu U nWy.'t u!« mistfio mcuICv update I
- Jb j
Alan* you to analyie the rwn-security ipaaws rfamssen
rtor&Atrc
A
'0
m Missing Non-Security Updates )16(
Ports
U
)Mk Missing Security Updates (,
J
J%
staled Security Updates )2(
A q syou ■־ טc tJic knitaifedsecurity!edatehfanala
t>
nay
1
2
J !astaaed Non-SecurityUpdates )1(
%
*»- f i Software
a
system mibnnaaon
Alo״יyou to analyze thenstslicd nor-securty5
Scanner A ctm ty Wmdow
X
Starting security scan of host VIM.I)MMRSMl«4[100.0 T
g
!■nr: I M k U PM
10
: ry Scan thread 1(idle) S a tllia i IM t ' . !
: יt «. 3
™
FIG R 5 0 S patchingstatusreport
U E .1 : ystem
13. Click P o rts, and under diis, click O p en
C E H Lab M anual Page 118
T C P P o rts
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Counc11
A ll Rights Reserved. Reproduction is Strictly Prohibited
36. M o d u le 0 3 - S c a n n in g N e tw o rk s
m Acustomscanis a
netw audit basedon
ork
param w you
eters, hich
configure onthe flybefore
launchingthe scanning
process.
V
anous param canbe
eters
custom duringthis type
ized
of scan, including:
■ T of scanningprofile
ype
(L the typeof checks
e.,
to execute/type ofdata
toretrieve)
■ Scantargets
■ Logoncredentials
&
S n
ca
• l«- I
>
jbcahoK
V I ... I |MSw1
Oc0en־dfe.
.
|0xt«rtK ocKcCon us®
־
-
J l )*־h Sacuity »jh*r<t14t*» (!)
M«Jum Sttuity VllnefdMIUe( « }
Law Seeunty VUnerabttiei (4}
^
0
• ft) so iDf*crpno :״Mytxrtrrt trerwfrr Protocol {^> ליודז
sr-wr: http (kt/ er r « t Tfonjfcr rvotocoOI
5 (Cwucto- D w»i1u ״l «׳sOl)0«־
כג
CC
£ 1 ►**CTt*0׳V HMKCR 5M»1 ׳S*rM» S*׳VCT r « » ״n]
^ 44J Pfiapton: MooioftOS k tt * Omlav, VNntfcM V a n
*
Lrtnamn]
B £ !027 piM otOor: !r#l»1fo, 1( tM *e ׳v<e h no* t1
&
»׳Urt(d :*•>*«
&• Croj^r: Ctandwone, Ditdflpy *rd others / Sev»C
s ^ t-.H |Deunpecr: LSASS, If Iha » m « is not ratafc*
ratfc ;< » o w : Ctotafipy Network x, Oath a owers / Ser
■
^9
10.0.0.7 |WIN-D39MR5H19C4| (W m d v n _
X
1 * = ____1
___
II
• viAwjBM y **OMtwrnt
POCWlOai Viiic'attittet (3)
f)
!
b-*e
ea
MsangSecuity Updates (3)
f it :
imw
cJ
aO
m
3
::- 2 |C«SObacn: M Protect. MSrtQ, t ״te 1 . M>)eic * » -י- »-־c ro( IrsUltod D*m«r* could ttt trojan: BLA trojan . Se 4
e
V
׳
- 9
« £
9 ^
# Moang Service Pocks 0״d tp d str lo tto s CO
#
•ויי
-
^
1- 1■■
C Uiscuu tin 1
J,
s
S w
asG ord:
Uenvaae:
9 sr.Mi f .׳רget ־torn lhot
־R : ;
•
B
GF! LanGuard 2 1
02
£ 1 M n r R p rts C rrfig ra
*!vty o ito
eo
o u
Rancdijlr
l2^l|t«croor:N fss1i5Jcar1ty5canr*rr/servct:1r*n0M ^
1433 [CesccCcr: Microsoft SQL Server database r a ־j r w :
a
stc Server /S«>־ic*: LTknown]
rsn
*•ernoHc 8 Software Audit
1
*. ( ( System Patchrg Status
]333־
I . S n P a W|
e HPr
e a
•V Coen LC» Ports (5)
I
A Hardware
.if Software
II
System [nfbmodon
YVlndvw
a — er ActKRy
*' f..<»t»*׳ceve ׳y v a n thread 1 (tdlr)
S o ״nr rad ) יdp ( | 5 0 ־r * .׳vl ! ;<*)
error•
FIG R 5 1 TCP/U PPortsresult
U E .1 :
D
14. Click S y s t e m In fo rm atio n in die light side panel; it shows all die details of
die system information
15. Click P a s s w o r d
P o lic y
r °־־n n
GH LanGuard 2012
E
B
> 1 4 -1
Dathboaid
Scan
fn m ijlr
Act*«y Monitor
Reports
Corriiguratioo
Ualiwt
W
.
1)1*1 lew •«« vnun
launch a Mewsean
ScarTarget
ocaKx:
P0. ־t:
«
v |... I (׳SjIScan
&ederate:
Z~M~CTt, bcced on toe־
3
?aaiwd:
•
1
U1J
V
1
__
Scaf 0 0 .-.^כפ
Scan R rta tf Overview
%
Sf A
open IX P Ports (5)
r1ard*«e
*50 ־1־ ׳fr»ane
|
Systsn Infer׳T h
M arj
a 9ki .׳W
|l HW.fxC. !■>• 1
■>>
L_J The next jobafter a
netw securityscanis to
ork
identifyw areas and
hich
system requireyour
s
im ediateattention. D
m
o
this byanalyzingand
correctlyinterpretingthe
inform collectedand
ation
generatedduringanetw
ork
securityscan.
,
Scan le a k ! Detalie
J *!־*׳run poaaw d length: chars
J **״!־unoaa'w ordsgeiodays
J >Mgw rfl mtary: n o h ttay
0
Vaxnuri EMSSiwrd age: 42days
J
J ! f a s « p f f r m ׳force
0
• S«r.c1ll> Audit Policy (OtO
Wf Re0**v
ft Net&OS M
ao*3) ) ״
%
Computet
tj| 610Lpt (28)
& Users (4)
•!_ LoggedCnUsers (11)
^
Sesscre (2)
% J<rvcc5 {148}
■U Processes (76)
,
Remote TOO (Tme Of Oay)
Scanner AcUv«y Window
״ ׳ ••־I I > - ׳V 1״n thn-rtd I (Klfc•) ScantheflUC*) i f<* 41'׳' ! ־
«
A
’ ) I '"׳י י
FIG R 5.12Inform ofP ordP
UE
ation assw ohcy
16. Click G ro u p s: it shows all die groups present in die system
C E H Lab M anual Page 119
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Counc11
A ll Rights Reserved. Reproduction is Strictly Prohibited
37. M o d u le 0 3 - S c a n n in g N e tw o rk s
m Ahighvulnerability
level is the result of
vulnerabilities or m
issing
patches w average
hose
severityis categorizedas
high.
*
>
־
Ds b a
a h o rd
Sun
ftftnca&e
vl W
**Scan
CrM e re s t
ר
Password:
*1
■ ':e r a
cc
Sc*• RevuJU DeUik
1R«f»*lt» Overview
%
* tt Control AucUat* Cws abx1
■ft * P n t t a w i
*i.s u1to׳
•ft 0J 0«»1
fcw # cm ra
•X cm aw dc w
C0«nUOPPwts(5)
r A Hentesrc
• . 1 Soffaart
• ^
Symrm tnk׳m»t»n
( y ו׳ <׳
V • a O 'tejM^ויו^ו
• a CfctrtutedCCMUser*
יa Guests
• a K>pe ׳V
•a
ייa E5JUSRS
• a r.etY>=<׳Ccnfig.rstcn
-״a Pr־fty1r5rcc 'r~ users
a
•a
• a PM^lSers
» a RES Ehdpcut Servers
•«
זa
*k SN r~ W
-4* Pd«wo1 ) ׳Pdiy
- i» Sxunty Ault Pokey (Off)
& *n t Log Straefcrs
# ־lUotetry
f t NetflCCS Narres (3)
%
Adrritstrators
Computer
l* gop(aI
i rus2)
I W
4}
Cp־rators
Psrfertrsnce Log Users
•?. -OXfC0 ״users (1 )נ
Ascheduled scanis a
netw audit scheduledto
ork
run autom
aticallyona
specificdate/tim and at a
e
specific frequency.
Scheduledscans canbe set
toexecuteonce or
periodically.
U9 U3U V ttK —
1 C B ltt W JR
H
-igemane:
[cuT€r*f eooed cn user
-׳o T
GFI LanGuard 2 1
02
A tm M n r R p rts C n u tio
c rty o ito
eo
o fig ra n
%
S«ss»ns (2)
%51 8:*)
«4 »ל
) a
**?Operators
Ht ®rocrase* (76)
PCS Manage»״ent s « vers
גen»te too מיוחןOf 0»y)
W w rt* . - ״
S*rf« 1 l1f1 .nl 1 (tdl• | )׳Scan tfve*0 ? frt*)
*r«*d S * fe ) | & u « |
FIG R 5 3 Inform ofG
U E .1 :
ation roups
17. Click die D a sh b o a rd tab: it shows all the scanned network information
1 °n ^ ׳
GFI LanGuard 2012
I Dashboardl
>«
5 ״I q
Sun
Km•*•(•
!t
Activity Monitor
Reports
i
'
^
f#
C
emctm
Gmp
it 6mel1n*ork
•w«v
Configuration
1
ViAirrnhlfces
UUkbe;
4
־./זיOitcuMlna vwawn.-
fei
*J
V
* t
Pale►**
►
aH
v
(
SdNiare
E n tire N e tw o rk -1 c o m p u te r
f j UKJ»-c«t: ttlh-03»M
a.5rt.4£-»
Security Seniors
^' ־ucj1!)<»w>:y10«j<1iR<x1>
It is recom ended to
m
use scheduled scans:
■ Toperform
periodical/regular
netw vulnerability
ork
scans autom
aticallyand
usingthe sam scanning
e
profiles andparam
eters
• To tngger scans
autom
aticallyafter office
hours andto generate
alerts andautodistributionof scan
resultsviaem
ail
■ To autom
aticallytrigger
auto-rem
ediation
options, (e.g., A
uto
dow anddeploy
nload
m updates)
issing
m
rS
wnwarn iwuw•
1
0 cX 1 ־
« T|H tcrs
^
Service Packs and U
Most M rarane cawoJSfS
V. S C 3 y ^ ׳L 3 6 4
Oaxrputers
VulncraWWies
1co״pot«r9
כO
_
I o
o
זK-p-w!
Lratra-onied Aco*c
0 coneuteis
Malware Protection ...
cj
Cco־pu־crj
Ault SMTUt
: _
0 « ! »י ״י ד
j
•
וcom
puters
Agent Hemtn Issues
0C n u 8 8
0p1C
,AiirraNity Trend Owe' tme
w
C pu V 4 era feyCBtnbulivi
om ter 1 > b
Maraqe saerts
*41 •»?i ■ .KTJlii...
Z a-cn.
j r sa.
H .
Sc-= a d rsfrar. !TfaraaLgi p yy
r
.g
Sec :ppdy-.ai -
Cp :-jr_
^m
1
*aer*Stofcg|>3tStafcg|
: o ־fu t M By Gperatng System
o
Computes S■O
0«ath■ ■| Compjters By rfeUai... |
.
FIG R 5 4 scannedreportofthenetvrork
U E .1 :
L a b A n a ly s is
Dociunent all die results, direats, and vulnerabilities discovered during die scanning
and auditing process.
C E H Lab M anual Page 120
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
40. M o d u le 0 3 - S c a n n in g N e tw o rk s
■ Record and save all scan reports
/—j T o o ls
d e m o n stra te d in
th is la b a r e
■ Compare saved results for suspicious ports
L a b E n v ir o n m e n t
a v a ila b le in
D:CEH-
To perform die lab, you need:
T o o ls C E H v 8
■ Nmap located at D :C E H -T o o lsC EH v 8
M o du le 0 3
M o d u le 0 3 S c a n n in g
N e tw o rk s S c a n n in g T o o lsN m ap
S c a n n in g
N e tw o rk s
■ You can also download the latest version of N m a p from the link
http: / / nmap.org. /
■ If you decide to download die la t e s t
die lab might differ
.Q Zenm w on
ap orks
W s after including
indow
W s 7, and S
indow
erver
2003/2008.
■ A computer running W in d o w s
■
W in d o w s S e r v e r 2 0 0 8
v e r s io n ,
S e rv e r 2012
dien screenshots shown in
as a host machine
running on a virtual machine as a guest
■ A web browser widi Internet access
■ Administrative privileges to run die Nmap tool
L a b D u r a t io n
Time: 20 Minutes
O v e r v ie w o f N e t w o r k S c a n n in g
Network addresses are scanned to determine:
■ What services
a p p lic a t io n n a m e s
and v e r s i o n s diose hosts offer
■ What operating systems (and OS versions) diey run
■ The type of p a c k e t
characteristics
T AS K
1
In te n s e S c a n
f ilt e r s / f ir e w a lls
that are in use and dozens of odier
Lab T asks
Follow the wizard-driven installation steps and install Nmap (Zenmap) scanner
in die host machine (W in d o w S e r v e r 2 0 1 2 ).
1. Launch the S t a r t menu by hovering die mouse cursor in the lower-left
corner of the desktop
FIG R 6 :W sS 2012—esktopview
U E .1 indow erver
D
C E H Lab M anual Page 123
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
42. M o d u le 0 3 - S c a n n in g N e tw o rk s
7. Click S c a n to start scantling the virtual machine.
Zn a
e mp
Scan
I o o ls
Target:
P ro file
1 10.0.0.4|
C om m and:
Profile:
Intense scan
nm a p -T4 -A - v 10.0.0.4
H o s t!
W N ap attem
hile m
pts
toproduce accurateresults,
keepinm that all ofits
ind
insights are basedon
packets returned bythe
target m
achines or the
firew in front ofthem
alls
° ׳-׳r x
Help
Services
icc>
|
Nm ap O utput
Ports
f Hosts | T o po lo gy | Host Details | Scans
OS < Host
FIG R 6 : T Z apm w w T andP entered
U E .4 he enm ain indow ith arget rofile
!S "The sixport states
recognized byN ap:
m
■O
pen
■C
losed
■ Filtered
■U
nfiltered
■ O | Filtered
pen
■ C |U
losed nfiltered
8. Nmap scans the provided IP address with
the
s c a n r e s u lt
below the
N m a p O u tp u t
Scan
I o o ls
E rofile
C om m and:
ז ם י
X
ן
H elp
10.0.0.4
׳י
Profile:
Intense scan
Scan:
nm a p -T4 -A - v 10.C0.4
N n ■ap O utp ut [p o rts / Hosts | T o p o lo g ) | H o st Details | Scans
OS < Host
׳׳
n m ap -T4 •A ■v 10.00.4
^
|
| Details
10.0.0.4
S t o r t i n g Nmap C .O l ( h t t p : / / n m s p . o r g
N ap accepts
m
m
ultiple host specifications
onthe com andline, and
m
theydon't needto be ofthe
sam type.
e
^
Zenm ap
Target:
and displays
In te n s e s c a n
tab.
) at
2012 0 8 24
NSE: Loaded 9 3 s c r i p t s f o r s c a n n in g .
MSE: S c r i p t P r e - s c a n n in g .
I n i t i a t i n g ARP P in g Scan a t 1 5 :3 5
S c a n n in g 1 0 . 0 . 0 . 4 [ 1 p o r t ]
C o m p le te d ARP P in e S can a t 1 5 : 3 5 , 0 . 1 7 s e la p s e d
h o s ts )
I n i t i a t i n g P a r a l l e l DNS r e s o l u t i o n o f 1 h o s t , a
C o m p le te d P a r a l l e l DNS r e s o l u t i o n o f 1 h o s t , a t
0 .5 0 s e la p s e d
I n i t i a t i n g SYN S t e a l t h S can a t 1 5 :3 5
S c a n n in g 1 0 . 0 . 0 . 4 [1 0 0 0 p o r t s ]
D is c o v e r e d o pe n p o r t 135! ׳t c p on
D is c o v e r e d o pe n p o r t 1 3 9 / t c p on
D is c o v e r e d o pe n p o r t 4451 ׳t c p on
I n c r e a s in g se n d d e la y f o r 1 6 . 0 . 0 . 4 f r o « 0 t o צ
o u t o f 179 d ro p p e d p ro b e s s in c e l a s t in c r e a s e .
D is c o v e r e d o pe n p o r t 4 9 1 5 2 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o p e n p o r t 4 9 1 5 4 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o pe n p o r t 4 9 1 5 3 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o pe n p o r t 4 9 1 5 6 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o pe n p o r t 4 9 1 5 5 / t c p o n 1 0 . 0 . 0 . 4
D is c o v e r e d o pe n p o r t 5 3 5 7 / t c p on 1 0 . 6 . 0 . 4
(1 t o t a l
t 1 5 :3 5
1 5 :3 5 ,
1 6 .0 .0 .4
1 0 .0 .0 .4
1 6 .0 .0 .4
d ee t o 72
Filter Hosts
FIG R 6 :TheZ apm w w theN apO tabforIntenseS
U E .5
enm ain indow ith m utput
can
9. After the scan is c o m p le t e , Nmap shows die scanned results.
C E H Lab M anual Page 125
E th ic a l H ackin g and Counterm easures Copyright O by E C ־Counc11
A ll Rights Reserved. Reproduction is Strictly Prohibited
44. M o d u le 0 3 - S c a n n in g N e tw o rk s
12. Click the T o p o lo g y tab to view Nmap’s topology for the provided IP
address in the In t e n s e s c a n Profile.
7^t B default, N ap
y
m
perform ahost discovery
s
andthenaport scan
against eachhost it
determ to be online.
ines
FIG R 6 :TheZ apm w w T
U E .8
enm ain indow ith opologytabfor IntenseS
can
13. Click the H o s t D e t a ils tab to see die details of all hosts discovered
during the intense scan profile.
Zn a
e mp
Scan
lo o ls
Target:
P rofile
10.0.0.4
C om m and:
Hosts
7^ ׳B default, N ap
y
m
determ your D S
ines
N
servers (for rD S
N
resolution) fromyour
resolv.conffile(U IX or
N )
the R
egistry(W
in32).
Scan
Conccl
nm a p -T4 -A - v 10.0.0.4
||
Services
I
I N m ap O utp ut I Porte / H o c tt | T o po lo g yf * Hn^t
Scan?
O.O.C.4
OS < Host
-־׳
r^ r°r* 1
Help
10.0.0.4
H Host Status
State:
up
O pen p o rtc
Q
Filtered ports:
0
Closed ports:
991
Scanned ports:
1000
U p tim e :
22151
Last b oo t:
Fri A u g 24 09:27:40 2012
#
B Addresses
IPv4:
10.0.0.4
IPv6:
N o t available
M AC:
00:15:50:00:07:10
- Operating System
Nam e:
M ic ro s o ft W ind ow s 7 o r W indow s Server 2008 SP1
Accuracy:
Ports used
Filter Hosts
FIG R 6 :TheZ apm w w H D tabforIntenseS
U E .9
enm ain indow ith ost etails
can
C E H Lab M anual Page 127
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited
45. M o d u le 0 3 - S c a n n in g N e tw o rk s
14. Click the
Scans
tab to scan details for provided IP addresses.
1- 1 ° ׳x
Zenm ap
Scan
Tools
C om m and:
Profile:
Services
|
Cancel
N m ap O u tp u t J P crts.' Hosts | T o po lo gy | H ost D e ta il;| S:an;
Status
< Host
Com׳r»ard
Unsaved nmap -T4-A •v 10.00.4
1 0 0 .0 4
i f ■ A pp e nd Scan
a InN ap, option-p
m
<port ranges> m scan
eans
onlyspecifiedports.
Intense scan
nm a p •T4 •A -v 100.0.4
Hosts
OS
Help
10.0.0.4
Target:
a N ap offers options
m
for specifyingw ports
hich
are scannedandw
hether
the scanorder is
random2edor sequential.
!
Profile
»
Remove Scan
Cancel Scan
FIG R 6 0 TheZ apm w w S tabforIntenseS
U E .1 :
enm ain indow ith can
can
15. Now, click the S e r v i c e s tab located in the right pane of the window.
This tab displays the li s t of services.
16. Click the h ttp service to list all the HTTP Hostnames/lP
Ports, and their s t a t e s (Open/Closed).
Zn a
e mp
Scan
Tools
Target:
ד * מ ° י ־ז
Help
10.0.0.4
Comman d:
Hosts
Profile
v]
Profile:
Intense scan
v|
Scan |
nm ap •T4 -A -v 10.0.0.4
|
Services
ad d re sse s.
Cancel
ו
N m ap O utput
Ports / Hosts
Topology | H o c tD rtJ iik | S ^ jn t
< Hostname A Port < Protocol « State « Version
Service
i
10.0.04
5357
tcp
open
M icroso ft HTTPAPI hctpd 2.0 (SSI
msrpc
n etb io s5 5 ־n
Q InN ap, option-F
m
m fast (lim port)
eans
ited
scan.
<L
FIG R 6 1 TheZ apm w w S icesoptionforIntenseS
U E .1 :
enm ain indow ith erv
can
C E H Lab M anual Page 128
E th ic a l H ackin g and Counterm easures Copyright O by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited