...CSS200-1401B-01 Principals of Network Security Instructor: Gregory Roby Phase 2, Individual Project Date: March 08, 2014 By: Gil Palacio Lab #3 Overview: In this Lab I am learning how to use the Zenmap Graphical User Interface (GUI) for the free Nmap Security Scanner application. This application is an open source tool that automates network exploration to perform several different types of security audit scans of large IP networks (LAB 3, CTU. 2014). SO here is what I gather while doing this Lab: I added several IPs to putty in order to build information or to give information to the GUI that I am looking into. I copy pasted the two interfaces that are up,up in the 1st question from the Lab Assessment sheet of the putty profile created: Interface Ethernet0/0 "", is up, line protocol is up Hardware is 88E6095, BW 100 Mbps Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) Available but not configured via nameif MAC address c84c.7556.de9e, MTU not set IP address unassigned 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 L2 decode drops 0 switch ingress policy drops 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier 0 rate limit drops ...
Words: 1306 - Pages: 6
...Use offense to inform defense. Find flaws before the bad guys do. Copyright SANS Institute Author Retains Full Rights This paper is from the SANS Penetration Testing site. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering "Hacker Techniques, Exploits & Incident Handling (SEC504)" at https://pen-testing.sans.org/events/ Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 A Management Guide to Penetration Testing David A. Shinberg © SANS Institute 2003, © SA NS In sti tu As part of GIAC practical repository. te 20 03 ,A ut ho rr Version 2.1a eta Practical Assignment ins SANS Hacker Techniques, Exploits, and Incident Handling (GCIH) fu ll r igh ts. Author retains full rights. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Abstract Penetration tests are an excellent method for determining the strengths and weaknesses of a network consisting of computers and network devices. However, the process of performing a penetration test is complex, and without care can have disastrous effects on the systems being tested. This paper provides guidance, primarily focused around planning and management, on how to conduct a penetration test comprised of five phases – Preparation, Public Information, Planning, Execution and Analysis and Reporting. However, due to the technical and sometimes...
Words: 4111 - Pages: 17
...market, I’ve researched three and wrote about them. The three tools that I’ve research are Nmap, Nessus, and Chkrootkit. In this paper I’ll go over how they enforce security, what threats these tools are designed to eliminate, and what organization is behind the tool. The first security tool I researched is called Nmap Security Scanner. Nmap stands for “Network Mapper”. It can be downloaded for free and comes with a full source code that you can modify and redistribute. Nmap has been used to scan huge networks of literally hundreds of thousands of machines and also works fine with a single host. Not only is it used for Linux, but it runs on all other major computer operating systems like Windows and Mac OS X. Nmap allows you to explore and audit a network. It uses IP packets to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of firewalls are being used, and many other characteristics. Network administrators find it useful for tasks like network inventory, managing service upgrade schedules, and monitoring host or service uptime. In addition to the classic command-line, the Nmap suite includes an advanced GUI called Zenmap. Nmap comes with no warranty and there is no organization behind it. It is supported by a community of developers and users. Another cool thing I found out is that Nmap was seen in eight movies including, The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum...
Words: 1070 - Pages: 5
...Certified Ethical Hacker Unit 2 Project Presented By Sandra Grannum To Dr. Pace On December 13, 2011 Table of Contents Abstact………………………………………………………………………………………………………..3 Seven steps of Information gathering…………………………………………………..………..4 Popular Reconnaissance tools……………………………………………………………………….5 Methods to crack passwords on windows linux and Mac…………………………….…..8 Password Cracker downloads…………………………………………………………….………….9 Security Plan……………………………………………………………………………………………….. 9-11 Steps to remove evidence……………………………………………………………………………. 11 References:…………………………………………………………………………………………………..12 Abstract This paper list and describe the seven steps of information gathering and describe some of the most popular reconnaissance tools while explaining the benefits and limitations of each. Included as well is the method to crack passwords on Windows, Linux, and Mac. There is also a password cracker tool that was downloaded on my home computer that describes the steps and outcomes. Least but not last, a security plan is also included in this project and the steps to remove evidence of an attack on a network. Define the seven-step information gathering process • Information gathering is divided into seven steps. These steps include gathering information, determining the network range, identifying active machines, finding open ports and access points, OS fingerprinting, fingerprinting services, and mapping the network. Define footprinting ...
Words: 2645 - Pages: 11
...In 2006, a small business was created to provide customers with a close to real-time analysis of their stock portfolios. After months of doing business, several IT Administrators began to notice subtle changes in the corporate network. Shortly after that, the CEO began calling high-level meetings, especially with marketing and finance, to determine why the company’s profits for the last five months (July to December) began to take a downward spiral. Though it seemed that all operations and processes remained unchanged it seemed that the number of new customers registering through their customer portal had dropped drastically over the past last five months. The company has noticed anomalous traffic on port 80 of the Web Server on the DMZ. The edge router’s logs showed that the traffic started six months ago and ended five months later. They noticed five months ago that traffic from the Web servers to the internal application servers decreased each day, although the inbound requests on port 80 remained about the same. Over the last four months, Web server logs contained many http “Post” statements followed by the Website address of one the company’s main competitors. All of the post statements seemed to appear in the logs after new users would click “submit” to register. Based on the information that has been provided it seems that a competitor has been able to compromise the company’s network. This has allowed them to reroute network traffic from users that are attempting to register...
Words: 1289 - Pages: 6
...workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains. 1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities. 2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon. 3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such. 4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform? Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace route 5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security Appliance device? 443/tcp open ssl/http, No exact OS matches for host, Aggressive OS guesses: Cisco Catalyst 1900 Switch, Software v9.00.03 (89%)...
Words: 870 - Pages: 4
...Assessment Worksheet 15 1 Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) LAB #1 – ASSESSMENT WORKSHEET Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about the target. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, students planned an attack on 172.30.0.0/24 where the VM server farm resides. Using Zenmap GUI, students then performed a “Ping Scan” or “Quick Scan” on the targeted IP subnetwork. Lab Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. WINDOWS APPLICATION LOADED 1. 2. 3. 4. 5. STARTS AS SERVICE Y/N ❑ Yes ❑ Yes ❑ Yes ❑ Yes ❑ Yes ❑ No ❑ No ❑ No ❑ No ❑ No 2. What was the allocated source IP host address for the TargetWindows01 server, TargetUbuntu01 server, and the IP default gateway router? TargetWindows01 IP 172.30.0.8 Default gateway 172.30.0.1 TargetUbuntu01 IP 172.30.0.4 Default gateway 172.30.0.1 TargetUbuntu01 credentials are not given...
Words: 786 - Pages: 4
...SEC280 | Week 1 | Case study on Port scans & sweeps | | Jared's | 11/3/2012 | Brief description of what they are and are they dangerous to company! | To answer the main questions for the concerns of our network, NO. These items that have been heard about do not require immediate attention as they are considered normal. We are protected behind our firewall as well as if the employees do as asked at the end of their shift, we will have absolutely nothing to worry about. As more in likely that situation was handled when we brought the network online. Here is a brief rundown on your concerned areas: Ping Sweeps and Port Scans are the two most common network probes that serve as important clues in sensing invasions or intrusions that can harm any type of network. Network probes are not actual intrusions, although, they could be potential causes of actual intrusions. Port scans and ping sweeps can lead to an intrusion of companies’ network system, however, with today’s technological advancements, these activities can be detected and prevented. Ping Sweeps; Ping sweeps are a set of ICMP Echo packets that are sent out to network of computers, actually a range of IP addresses, to see if there are any responses. As an intruder sends out the ping sweeps, he looks for responses so he can figure out which machines he can attack. “Note that there are legitimate reasons for performing ping sweeps on a network—a network administrator may be trying to find out which...
Words: 1129 - Pages: 5
...Starting Nmap 5.21 ( http://nmap.org ) at 2014-02-26 15:13 Pacific Standard Time NSE: Loaded 36 scripts for scanning. Initiating ARP Ping Scan at 15:13 Scanning 2 hosts [1 port/host] Completed ARP Ping Scan at 15:13, 0.38s elapsed (2 total hosts) Nmap scan report for 172.30.0.0 [host down] mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers Initiating SYN Stealth Scan at 15:13 Scanning 172.30.0.1 [1000 ports] Discovered open port 22/tcp on 172.30.0.1 Discovered open port 23/tcp on 172.30.0.1 Discovered open port 111/tcp on 172.30.0.1 Completed SYN Stealth Scan at 15:13, 0.36s elapsed (1000 total ports) Initiating Service scan at 15:13 Scanning 3 services on 172.30.0.1 Completed Service scan at 15:13, 6.00s elapsed (3 services on 1 host) Initiating RPCGrind Scan against 172.30.0.1 at 15:13 Completed RPCGrind Scan against 172.30.0.1 at 15:13, 0.00s elapsed (1 port) Initiating OS detection (try #1) against 172.30.0.1 Retrying OS detection (try #2) against 172.30.0.1 Retrying OS detection (try #3) against 172.30.0.1 Retrying OS detection (try #4) against 172.30.0.1 Retrying OS detection (try #5) against 172.30.0.1 NSE: Script scanning 172.30.0.1. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 15:13 Completed NSE at 15:13, 0.09s elapsed NSE: Script Scanning completed. Nmap scan report for 172.30.0.1 Host is up (0.00s latency). Not shown: 997 closed...
Words: 8899 - Pages: 36
...vulnerabilities. The main goal of this memo is to assess or evaluate the network penetration tools available in the market. Compare the tools. Cost to buy and implement these tools internally. Hire a professional service to evaluate these tools. In this memo we will cover the internal implementation at high level. In the market there are many penetration tools like a. Nmap - Worlds Best Port Scanner b. Nessus - Vulnerability Scanner c. Metasploit - Exploit framework For testing Vulnerabilities I picked the above three mentioned tools which are widely used in many organizations and would be perfect for this scenario. The penetration tools that could be used to conduct a vulnerability analysis are; Nmap and Nessus which provide a number of penetration testing techniques such as port scanning, Credentialed and uncredentialed scans, enumeration, patch, configuration network mapping, and cracking the password and Metasploit will help us in exploiting all the vulnerabilities found. Every tool needs an extensive knowledge and user to perform the Vulnerability Assessments. The Tools Nmap is a sophisticated scanning tool that is used to perform tasks, such as discovering open ports, remote scanning, version of service running, operating...
Words: 1156 - Pages: 5
...source or proprietary port scanning software? Answer: Many people in the business world prefer to use proprietary software instead of open source software due to the misconception that proprietary software is better supported than open source software. After several years of supporting both open source software and proprietary software, it becomes clearly evident that just because you pay for proprietary software does not mean that supporting that software is any easier; in fact, there are plenty of reasons why supporting open source software is actually easier. (Mandelbaum, 2012) 4. What port scanning software would you recommend to your Senior Administrator? Explain why. Answer: Perhaps the best known port scanner is NMAP. The NMAP command...
Words: 367 - Pages: 2
...The Hacker’s Underground Handbook Learn What it Takes to Crack Even the Most Secure Systems By: David Melnichuk http://www.learn-how-to-hack.net http://www.MrCracker.com 1 Copyright Notice This report may not be copied or reproduced unless specific permissions have been personally given to you by the author David Melnichuk. Any unauthorized use, distributing, reproducing is strictly prohibited. Liability Disclaimer The information provided in this eBook is to be used for educational purposes only. The eBook creator is in no way responsible for any misuse of the information provided. All of the information in this eBook is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” in this eBook should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk. © Copyright 2008 Learn-How-To-Hack.net. All Rights Reserved. 2 Table of Contents A. Introduction..............................................................................................5 1. How can I use this eBook? 2. What is a hacker 3. Hacker Hierarchy 4. What does it take to become a hacker? 5. Disclaimer B. Programming............................................................................................9 1. Do I really need it? 2. Where should I...
Words: 16651 - Pages: 67
...of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.1. What are the differences between ZeNmap GUI (Nmap) and Nessus?ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such.4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace route5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security Appliance device? 443/tcp open ssl/http, No exact OS matches for host, Aggressive OS guesses: Cisco Catalyst 1900 Switch, Software v9.00.03 (89%).6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the pdf report)? Nmap scan report for 172.30.0.17. How...
Words: 310 - Pages: 2
...The Hacker’s Underground Handbook Learn What it Takes to Crack Even the Most Secure Systems By: David Melnichuk http://www.learn-how-to-hack.net http://www.MrCracker.com 1 Copyright Notice This report may not be copied or reproduced unless specific permissions have been personally given to you by the author David Melnichuk. Any unauthorized use, distributing, reproducing is strictly prohibited. Liability Disclaimer The information provided in this eBook is to be used for educational purposes only. The eBook creator is in no way responsible for any misuse of the information provided. All of the information in this eBook is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” in this eBook should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk. © Copyright 2008 Learn-How-To-Hack.net. All Rights Reserved. 2 Table of Contents A. Introduction..............................................................................................5 1. How can I use this eBook? 2. What is a hacker 3. Hacker Hierarchy 4. What does it take to become a hacker? 5. Disclaimer B. Programming............................................................................................9 1. Do I really need it? 2. Where should I start? 3. Best way to...
Words: 16651 - Pages: 67
...Ports are 80 (http) 2869(http) 2. Yes ,Nmap is able to identify the operating system that’s running on each system. Yes, there are many techniques that can be used to determine the OS of the host and feature raw IP packets in order to determine the hosts that are available on the network, the services the hosts are offering, the Os they are running on and the type of packets that are in use (Kanclirz & Baskin, 2008). For instance OS fingerprinting technique can be used. In OS finger printing Nmap is used to discover the device type , running operating system, OS details and network distance.. Using the open ports on 192.68.1.1 which are 80 and 2869 the OS is determined from the Zenmap scan as shown below OS CPE: cpe:/h:3com:7760 cpe:/h:netgear:wgt624 cpe:/o:netgear:vxworks:5 OS details: 3Com 7760 WAP, Linksys WRT54G or WRT54G2, or Netgear WGR614 or WPN824v2 wireless broadband router, Netgear WGT624 WAP, Netgear WGR614v7, WGT624v3, or WPN824v2 WAP (VxWorks 5.4.2) The services of the open ports are Port 80 Service(http) Port 2869 Service(http) 3. The host which is more secure is the one which has features that enable it to be protected by default in the background and is less prudent to virus attacks. The system that does not contain such services is not protected by the features that protect it by default and thus it is found to be least secure (Kanclirz & Baskin, 2008). 4.Uses of Nmap 1. Nmap can be used to detect the open ports that are...
Words: 770 - Pages: 4
