eJPT
  • 👋Welcome
  • Tools
    • 🔭Escaneo y Enumeración
  • SECTION 1: Assessment Methodologies
    • Assessment Methodologies: Information Gathering
      • Introducción a la Recopilación de Información
        • Start Quiz
      • Passive Information Gathering
      • Active Information Gathering
    • Assessment Methodologies: Footprinting & Scanning
      • Introduction
      • Networking Primer
      • Host Discovery
      • Port Scanning
      • Evasion, Scan Performance & Output
      • Page
      • Challenges
    • Assessment Methodologies: Enumeration
      • Overview
      • SMB Lesson
      • FTP Lesson
      • SSH Lesson
      • HTTP Lesson
      • SQL Lesson
    • Assessment Methodologies: Vulnerability Assessment
      • Vulnerability Assessment
      • Course Labs
  • SECTION 2: Host & Networking Auditing
    • Assessment Methodologies: Auditing Fundamentals
      • Assessment Methodologies
      • Practice
  • SECTION 3: Host & Network Penetration Testing
    • Host & Network Penetration Testing: System/Host Based Attacks
      • Introduction to Attacks
      • Windows Vulnerabilities
      • Exploiting Windows Vulnerabilities
      • Windows Privilege Escalation
      • Windows File System Vulnerabilities
      • Windows Credential Dumping
      • Linux Vulnerabilities
      • Exploiting Linux Vulnerabilities
      • Linux Privilege Escalation
      • Linux Credential Dumping
      • Conclusion
    • Host & Network Penetration Testing: Network-Based Attacks
      • Network-Based Attacks
    • Host & Network Penetration Testing: The Metasploit Framework (MSF)
      • Metasploit
        • Metasploit Fundamentals
      • Information Gathering & Enumeration
        • Nmap
        • Enumeration
      • Vulnerability Scanning
        • MSF
        • Nessus
        • Web Apps
      • Client-Side Attacks
        • Payloads
        • Automating
      • Exploitation
        • Windows Exploitation
        • Linux Exploitation
        • Post Exploitation Fundamentals
        • Windows Post Exploitation
        • Linux Post Exploitation
      • Armitage
        • Metasploit GUIs
    • Host & Network Penetration Testing: Exploitation
      • Introduction To Exploitation
      • Vulnerability Scanning Overview
      • Exploits
        • Searching For Exploits
        • Fixing Exploits
      • Shells
      • Frameworks
      • Windows
      • Linux
      • Obfuscation
    • Host & Network Penetration Testing: Post-Exploitation
      • Introduction
      • Windows Enumeration
      • Linux Enumeration
      • Transferring Files
      • Shells
      • Escalation
        • Windows Privilege Escalation
        • Linux Privilege Escalation
      • Persistence
        • Windows Persistence
        • Linux Persistence
      • Dumping & Cracking
        • Windows Password Hashes
        • Linux Password Hashes
      • Pivoting Lesson
      • Clearing
  • Host & Network Penetration Testing: Social Engineering
    • Social Engineering
  • SECTION 4: Web Application Penetration Testing
    • Introduction to the Web & HTTP Protocol
      • Web Applications
      • HTTP Protocol
        • HTTP/S Protocol Fundamentals
        • Website Crawling & Spidering
Powered by GitBook
On this page
  • Task: Scan The Server 1
  • Conclusion
  • Task: Scan the Server 2
  • Conclusion
  • Task: Scan the Server 3
  • Conclusion
  1. SECTION 1: Assessment Methodologies
  2. Assessment Methodologies: Footprinting & Scanning

Challenges

PreviousPageNextAssessment Methodologies: Enumeration

Last updated 7 months ago

Task: Scan The Server 1

Solution

Step 1: Open the lab link to access the Kali Linux terminal instance

Step 2: Identify the target IP address

Before we begin performing a port scan with Nmap, we will need to identify the target IP address.

We can identify the target IP address by running the following command:

Command:

ip a

As shown in the following screenshot, identify the IP address associated with the eth1 interface, this is the Kali Linux IP. The target IP address is always the next IP in the subnet.

So if the Kali Linux IP is 192.148.40.2 the target IP will be 192.148.40.3.

Note: In your case, the target IP address will be different, ensure you replace the IP of the target system in your lab environment with the IP address outlined below.

We can ping the target IP to verify that it is active, this can be done by running the following command:

Command:

ping 192.148.40.3

As shown in the following screenshot, the host is online and is reachable from our Kali Linux system.

Step 3: Port scanning with Nmap

We can now perform a default Nmap port scan on the target to identify the open ports on the target system, this can be done by running the following command:

Command:

nmap 192.148.40.3

As shown in the following screenshot, the default Nmap scan does not reveal any open ports. This is because the default Nmap scan profile only scans 1000 of the most commonly used ports.

In order to get an accurate idea of the open ports on the target system, we will need to scan the entire TCP port range (65,535 ports). This can be done by running the following command:

Command:

nmap 192.148.40.3 -p-

As shown in the following screenshot, the Nmap scan reveals that the target system has 3 open ports.

Step 4: Service detection with Nmap

Now that we have identified the open ports on the target, we can learn more about the services running on the open ports by performing a service detection scan with Nmap.

This can be done by running the following command:

Command:

nmap 192.148.40.3 -p 6421,41288,55413 -sV

As shown in the following screenshot, the Nmap service detection scan reveals the names and versions of the services running on the open ports on the target system.

Conclusion

In this lab, we explored the process of performing port scanning and service detection with Nmap.

Task: Scan the Server 2

Solution

Step 1: Open the lab link to access the Kali Linux terminal instance

Step 2: Identify the target IP address

Before we begin performing a port scan with Nmap, we will need to identify the target IP address.

We can identify the target IP address by running the following command:

Command:

ip a

As shown in the following screenshot, identify the IP address associated with the eth1 interface, this is the Kali Linux IP. The target IP address is always the next IP in the subnet.

So if the Kali Linux IP is 192.206.172.2 the target IP will be 192.206.172.3.

Note: In your case, the target IP address will be different, ensure you replace the IP of the target system in your lab environment with the IP address outlined below.

We can ping the target IP to verify that it is active, this can be done by running the following command:

Command:

ping 192.206.172.3

As shown in the following screenshot, the host is online and is reachable from our Kali Linux system.

Step 3: Port scanning with Nmap

To begin with, we can perform an Nmap port scan on the target system to identify whether the BIND DNS server is open. This can be done by running the following command:

Command:

nmap 192.206.172.3 -p 177 -A

As shown in the following screenshot, the DNS BIND server is running on port 177.

We can now perform a UDP port scan on the port range 1-250, this can be done by running the following command:

Command:

nmap 192.206.172.3 -p 1-250 -sU

As shown in the following screenshot, the Nmap scan reveals that the target system has 3 open UDP ports.

Step 4: Service detection with Nmap

Now that we have identified the open UDP ports on the target, we can learn more about the services running on the open ports by performing a service detection scan with Nmap.

This can be done by running the following command:

Command:

nmap 192.206.172.3 -p 134,177,234 -sUV

As shown in the following screenshot, the Nmap service detection scan reveals the names and versions of the services running on the open UDP ports on the target system.

The Nmap scan reveals the services running on ports 177 and 234, but not 134. We can perform an Nmap script scan to enumerate information from port 134 by running the following command:

Command:

nmap 192.206.172.3 -p 134 -sUV --script=discovery

As shown in the following screenshot, the Nmap script scan does not reveal any useful information regarding the service running on port 134.

Given that we have discovered that UDP ports 177 and 234 are running a DNS and SNMP server respectively, we can assume that port 134 is running the TFTP server.

We can confirm this by running the following command:

Command:

tftp 192.206.172.3 134

As shown in the following screenshot, the authentication with the TFTP server is successful and we are provided with an FTP console.

We have successfully been able to identify the ports running the BIND DNS server, SNMP server and TFTP server.

Conclusion

In this lab, we explored the process of performing port scanning and service detection with Nmap.

Task: Scan the Server 3

Solution

Step 1: Open the lab link to access the Kali Linux terminal instance

Step 2: Identify the target IP address

Before we begin performing a port scan with Nmap, we will need to identify the target IP address.

We can identify the target IP address by running the following command:

Command:

ip a

As shown in the following screenshot, identify the IP address associated with the eth1 interface, this is the Kali Linux IP. The target IP address is always the next IP in the subnet.

So if the Kali Linux IP is 192.57.232.2 the target IP will be 192.57.232.3.

Note: In your case, the target IP address will be different, ensure you replace the IP of the target system in your lab environment with the IP address outlined below.

We can ping the target IP to verify that it is active, this can be done by running the following command:

Command:

ping 192.57.232.3

As shown in the following screenshot, the host is online and is reachable from our Kali Linux system.

Step 3: Port scanning with Nmap

To begin with, we can perform an Nmap port scan on the entire TCP port range (65,535 ports) to identify all the open ports on the target system. This can be done by running the following command:

Command:

nmap 192.57.232.3 -T4 -p-

As shown in the following screenshot, target system does not have any open TCP ports.

Given that the target system does not have any TCP ports open, we can perform a UDP port scan do discover any open UDP ports on the target system.

This can be done by running the following command:

Command:

nmap 192.57.232.3 -T4 -sU

As shown in the following screenshot, the Nmap scan reveals that the target system only has one UDP port open (port 161) that is typically used by the SNMP service.

Step 4: Service detection with Nmap

Now that we have identified the open UDP port on the target, we can learn more about the service running on the open port by performing a service detection and script scan with Nmap.

This can be done by running the following command:

Command:

nmap 192.57.232.3 -T4 -sU -p 161 -A

As shown in the following screenshot, the Nmap service detection scan confirms that an SNMP server is running on port 161, the scan also enumerates information from the SNMP server.

Go through the results produced by the aforementioned Nmap scan to learn more about the target system.

Conclusion

In this lab, we explored the process of performing port scanning and service detection with Nmap.

2
3
4
5
1
2
3
4
5
6
7
1
2
3
4
5