Chuyển đến nội dung chính

Hướng Dẫn Quét Mạng Nmap: Lesson 2 Basic Usage

{ Nmap Basic Usage }
Section 0: Background Information
  1. NMAP
    • Nmap (Network Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, Nmap accounts for the network conditions (latency fluctuations, network congestion, the target interference with the scan) during the run.
  2. Prerequisite
    • Nmap: Lesson 1: Installing Nmap
  3. Lab Notes
    • In this lab we will do the following:
      1. We will use the PENTEST-WXP VM (Attacker) to NMAP scan the Damn Vulnerable WXP-SP2 VM (Victim)
  4. Legal Disclaimer  (Đào Tạo An Toàn Thông Tin Www.AnToanThongTin.Edu.Vn)
Section 1: Power On PENTEST-WXP
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Click on PENTEST-WXP
      2. Click on Edit virtual machine
  2. Configure Network Adapter
    • Instructions:
      1. Select Network Adapter
      2. Click the radio button "Bridged: Connected directly to the physical network."
      3. Click the Okay button
  3. Start PENTEST-WXP
    • Instructions:
      1. Click on PENTEST-WXP
      2. Click on Play virtual machine
  4. Send Ctrl+Alt+Del
    • Instructions:
      1. Virtual Machine --> Send Ctrl+Alt+Del
  5. Logging into Damn PENTEST-WXP.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.
  6. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  7. Obtain PENTEST-WXP's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • This is the IP Address of the Scanning Machine.
      • In my case, PENTEST-WXP's IP Address is 192.168.1.111.
      • Your IP Address will be different. 
      • Record your PENTEST-WXP's IP Address.
Section 2: Power On Damn Vulnerable WXP-SP2
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button
  3. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine
  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.
  5. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  6. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine that will be attacked by Metasploit.
      • Record your Damn Vulnerable WXP-SP2's IP Address.

Section 3: Perform Nmap Quick Scan
  1. Perform NMAP Quick Scan
    • Instructions:
      1. Make sure you are on the PENTEST-WXP VM Machine
      2. Start Up NMAP by clicking on your NMAP icon located on your desktop.
  2. Perform a quick scan by doing the following: (See Below). 
    • Note(FYI):
      • Replace 192.168.1.116 with Damn Vulnerable WXP-SP2's IP Address obtained in (Section 2, Step 6).
    • Instructions:
      1. Target: 192.168.1.116
        • You will be using PENTEST-WXP to scan Damn Vulnerable WXP-SP2.
      2. Profile:  Select Quick Scan
      3. The Click Scan.
  3. Output Analysis
    • Notes(FYI):
      1. Nmap's quick scan displays the following basic network metrics:
        • If the host is up.
        • How many ports are closed.
        • Which ports are open and their service name.
          • e.g., 21 (ftp)
        • Also, the MAC address is display with Nmap's guess of the OS being VMware.
  4. Click on the Ports / Hosts tab
    • Instructions:
      1. Click on the Ports/Hosts Tab
    • Notes(FYI):
      • This tabs represents all the open ports, protocol, state and service names.
  5. Click on Host Details
    • Instructions:
      1. Click on the Host Details Tab
    • Notes(FYI):
      • This tab represents the status of the host and its corresponding IP and MAC Addresses information.

Section 4: Nmap Intense Scan
  1. Perform Intense Scan
    • Note(FYI):
      • Replace 192.168.1.116 with Damn Vulnerable WXP-SP2's IP Address obtained in (Section 2, Step 6).
    • Instructions:
      1. Target: 192.168.1.116
      2. Change Profile to: Intense scan, all TCP ports
      3. Click Scan.
  2. Version Analysis
    • Notes(FYI):
      1. Notice the results are more verbose.
      2. The actual version of the service was added to service name.
        • You can use this information to investigate possible exploits.
        • For Example, Microsofts ISS http 5.1 webserver.
  3. Operating System Footprinting Analysis
    • Notes(FYI):
      1. The OS details shows us that the actual OS is Windows XP, and it is running SP2.
        • In this case, an attacker might start salivating due to the MS08-067 exploit for SP2.
  4. Host Script Results Analysis
    • Notes(FYI):
      • Nmap runs nbstat to determine the NetBIOS name and user. 
        • This information could be used for a brute force attack.
      • Notice that SMB is running.
        • The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol.
      • SMB Critical Updates

Section 5: Nmap Network Scan
  1. Subnet Ping Scan
    • Instructions:
      1. Change Target to the subnet address of Damn Vulnerable WXP-SP2.
        • In my case, 192.168.1.0/24
        • Notice, that I replaced the last octet of my IP address with a 0.
      2. Change Profile to: Ping Scan
      3. Click Scan
  2. Nmap Output Analysis
    • Instructions:
      1. Big Red Arrow #1
        • This displays a list of all the devices that returned an ICMP packet.
        • You can click on each host to get their specific details.
      2. Big Red Arrow #2
        • This displays a general list of all the devices found which includes
          • IP Address
          • MAC Address
          • And guess as to what it is.
  3. Topology Analysis
    • Instructions:
      1. Click on the Topology Tab.
      2. Click on Fisheye
        • This will allow you to increase the size of the network picture.
      3. Click on Controls
        • This will allow you to increase the size of the network rings.
    • Note(FYI):
      • This will give you a visual representation of how your network is laid out.
      • When presenting a customer or management with a penetration testing analysis, this would be a good picture to throw into the report.

Section 6: Proof of Lab
  1. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  2. Proof of Lab Instruction:
    • Note(FYI):
      • Replace 192.168.1.116 with Damn Vulnerable WXP-SP2's IP Address obtained in (Section 2, Step 6).
    • Instructions:
      1. nmap -O 192.168.1.116
      2. date /t
      3. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions:
      1. Press the PrtScn Button on your keyboard
      2. Paste into a word document
      3. Upload to website Www.AnToanThongTin.Edu.Vn
Nhãn:

Bài đăng phổ biến từ blog này

Tổng Hợp Về Tấn công XSS và Bypass

1-        XSS là gì ?        XSS(  Cross-Site Scripting ) là một trong những kỹ thuật hack website phổ biến nhất hiện nay bằng cách chèn vào url, chèn qua các thanh tìm kiếm hoặc chèn ở bất cứ 1 textbox nào những thẻ HTML hoặc những đoạn mã script nguy hiểm, từ đó chiếm quyền điều khiển của victim hoặc thực hiện những mệnh lệnh mà hacker đưa ra. 2-        Nguyên lý hoạt động XSS        Khi website đã bị chèn các thẻ html hay những đoạn mã script nghĩa là đã gửi các request từ máy client đến server  nhằm chèn vào đó các thông tin vượt quá tầm kiểm soát của server. Khi người sử dụng click vào những link đó thì toàn bộ cookies, mật khẩu lưu trên trình duyệt được gửi về cho hacker qua email hoặc 1 file nào đó trên host đã được thiết lập từ trước hoặc bị dẫn tới 1 trang fishing mà hacker đã thiết lập từ trước hay bị cài đặt các chương trình virus, Trojan, backdoor...
Đọc thêm

Pentest lab - Metasploitable 2

Today I will walk through different ways of exploiting Metasploitable 2, the newer release of Rapid7’s popular vulnerable machine. First, what is Metasploitable? Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. In my lab environment, the IP of the attacker machine is 192.168.127.159, and the victim machine is 192.168.127.154. Since this is a test lab, I won’t be concerned about stealth. Instead, I will try to get the most information out of the scans. Let’s start by port scanning the target with nmap. I did a full port, aggresive scan against the target. Here are the results. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 ...
Đọc thêm

Hack the Pentester Lab: from SQL injection to Shell II (Blind SQL Injection)

Today we are going to perform penetration testing with part II of previous lab, download it from  here . Now install the iso image in VM ware and start it. In this lab task level is intermediate and challenge is to gain access of administration console and then upload a PHP webshell. Start Kali Linux then open the terminal and  type netdiscover  command for scanning network. Here  192.168.1.102  is my target IP which is shown in the screenshot. Now explore this IP in browser. When you will open target IP in browser you will get a web page having heading My Awesome Photoblog . On the top of left side it contains some tags: home; test; ruxcon; 2010; all pictures; admin. Now  Click  on  test . The given URL : http://192.168.1.102/cat.php?id=1  will run sql query for  ID 1  now let try to find out whether the above URL is vulnerable to sql injection or not by adding( ‘) apostrophe at last of URL: http://192.168.1.102/cat.p...
Đọc thêm