These other packet provides information on how the data packets were routed from the source to the destination. Essay
Perform Reconnaissance and Probing Using Zenmap GUI (Nmap)
Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about it. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you planned an attack on 172.30.0.0/24 where the VM server farm resides, and used the Zenmap GUI to perform an “Intense Scan” on the targeted IP subnetwork.
Lab Assessment Questions & Answers
1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually.
Windows Application Loaded Starts as Service Y/N
1. Wireshark q Yes q No
2. Netwitness Investgatorq Yes q No
3. Nessus Server Managerq Yes q No
4. Filezilla Server applicationq Yes q No
5. Tftpd32_SE Adminq Yes q No
2. What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1, LAN Switch 2 and the IP default gateway router? TargetWindows01 server – 172.30.0.8
LAN Switch 1 – 172.16.8.5
LAN Switch 2 – 172.16.20.5
IP default gateway router – 172.30.0.1
3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? Yes ping command worked, 4 packets were sent back to the IP source.
4. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of 172.30.0.0/24? nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.0/24
5. Name at least five different scans that may be performed from the Zenmap GUI. Document under what circumstances you would choose to run those particular scans. Intense Scan –
Ping Scan – informs you on what host is up within the different IP address Quick Scan
Slow Comprehensive Scan
6. How many different tests (i.e., scripts) did your “Intense Scan” definition perform? List them all after reviewing the scan report. 36 scripts NSE, Not shown, Device type, Mac address, Aggressive OS quess, uptime quess, network distance, TCP sequence Prediction, IP ID sequence generation, service info, Read data files, Nmap done.
7. Describe what each of these tests or scripts performs within the Zenmap GUI (Nmap) scan report. NSE informs that the scan is complete and gives you the results. Not shown tells how many ports are closed
Device type Tells what devices are running
Mac address would be the IP address on MAC
Aggressive OS quesses OS test conditions non-ideal
Uptime quess tells how many days it has been since you last logged in Network distance tells you how far the hop is
Tcp sequence Prediction tells you the difficulty number
IP ID sequence generation tells you all zeros
Service Info tells you what operating system you are using
Read data files from tell you were you can read the file.
Nmap done tells you how many IP addresses were scanned and how long it took
8. How many total IP hosts (not counting Cisco device interfaces) did Zenmap GUI (Nmap) find on the network? 5 IP host on the network
9. Based on your Nmap scan results and initial reconnaissance and probing, what next steps would you perform on the VSCL target machines? Use the file transfer buttons to download the Lab #1 LMAP scan.xml and Lab #1 topology fisheye chart.pdf
Soft copy of the Zenmap GUI “Intense Scan” report in XML format
Topology fisheye bubble chart in PDF format
Lab #2 – Assessment Worksheet
Perform a Vulnerability Assessment Scan Using Nessus
This lab demonstrates the first three steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1: Reconnaissance and Probing) on a targeted IP subnetwork using ZenMap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus® vulnerability assessment scanning software. Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found to exploit the vulnerability.
Lab Assessment Questions & Answers
1. What is the application Zenmap GUI typically used for? Describe a scenario in which you would use this type of application. This application is used to perform an intense scan of all 36 test scripts using the profile selection or you can just select a specific IP address using the Target selection. I would use this application to determine the vulnerability of my computer by completing an assessment scan of my entire system.
2. Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan? Nmap-Zenmap GUI
3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Create a custom Security Policy
4. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? CVE listing is standardized identifiers for common computer vulnerabilities and exposures. Cybersecurity and Communications at the U.S. Department of Homeland Security, the MITRE Corporation
5. Can Zenmap GUI detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, service info: OS: Linux
6. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus vulnerability assessment scan? I would know that would be able to perform this scan because Nessus supports Windows XP.
7. Once a vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution? Ports/Protocols, 443/tcp, Plugin Name: Service Detection
8. What is the major difference between Zenmap GUI and Nessus? Nessus scans for vulnerability’s and Zenmap GUI is used to map network host within an open port.
9. Why do you need to run both Zenmap GUI and Nessus to perform the first
three steps of the hacking process? The Zenmap has already run an intense scan on the 254 IP address to map out the network which makes Nessus able to find the vulnerability located within the 254 IP address.
Zenmap GUI scan report in soft copy with your notes on what you found
Nessus vulnerability scan report in HTML soft copy