...Vulnerability scanning Lab #2 1. Zenmap is a tool used for scanning remote computers. Zenmap can retrieve the following information from the target machine: Type of operating system List of open ports Mac Address A hacker plans to carry out an attack on a company network. In order to carry out the attack, the attacker will require some basic information about the target machine on the company network. Zenmap could be used to probe the network and target machine and retrieve basic information needed to stage an attack. 2. Nessus 3. Before the reconnaissance step it is important to formulate a plan. You would also require some information such as host IP address in order to probe the target machine using tools like Nessus. 4. CVE listing is a publicly available and free list of standardized identifiers for common computer vulnerabilities. MITRE is a not-for-profit organization responsible for hosting CVE. MITRE operates research and development centers sponsored by the federal government. 5. Zenmap is capable of identifying operating systems that are present on IP server and workstation. This can be achieved by using the Intense Scan option. 6. Knowing that the target host is running Windows XP workstation gives better sense of what kind of vulnerabilities to expect. You can focus the scan on Windows using some plugins in Nessus and concentrate on services that run on the windows workstation. You can also look out for unpatched and outdated...
Words: 493 - Pages: 2
...and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.1. What are the differences between ZeNmap GUI (Nmap) and Nessus?ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such.4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace route5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security Appliance device? 443/tcp open ssl/http, No exact OS matches for host, Aggressive OS guesses: Cisco Catalyst 1900 Switch, Software v9.00.03 (89%).6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the pdf report)? Nmap scan report for 172.30...
Words: 310 - Pages: 2
...initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? A. Yes, 4 4. If you ping the “WindowsTarget01” VM server and the “UbuntuTarget01” VM server, which fields in the ICMP echo-request / echo-replies vary? A. The TTL on Windows was 128 while on Ubuntu the TTL was 64 5. What is the command line syntax for running an “Intense Scan” with ZenMap on a target subnet of 172.30.0.0/24? A. Nmap –T4 –A –V –PE –PS22, 25, 80 –PA21, 23, 80, 3389 10.96.109.30 6. Name at least 5 different scans that may be performed from the ZenMap GUI and document under what circumstances you would choose to run those particular scans. A. Ping Scan Quick Scan Intense Scan Regular Scan Intense Scan, No Ping 7. How many different tests (i.e., scripts) did your “Intense Scan” definition perform? List them all after reviewing the scan report. A.36 1.Nbstat 2. Smb-os-discovery 3. Smbv2-enabled 8. Describe what each of these tests or scripts performs within the ZenMap GUI (Nmap) scan report. A. 1....
Words: 407 - Pages: 2
...Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: IA5010 13020 Found of Information Assurance Student Name: Zhen Sun Instructor Name: Professor Themis Papageorge Lab Due Date: 09/19/13 Lab Assessment Questions & Answers Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. Note: These forms have been formatted to allow you to complete the form online and save it using Adobe Reader. You may experience problems with either or both of these actions if you are using any other software program. indows Application Loaded Starts as Service Y/N 1.WireShark NO 2.Nessus Client NO 3.Tftpd32 YES 4.Mozilla Firefox NO 5.Nmap-Zenmap GUI NO What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1,LAN Switch 2, and the IP default gateway router? TargetWindows01 server: 172.30.0.8 LAN Switch 1: 172.16.8.5 LAN Switch 2: 172.16.20.5 Default gateway router: 172.30.0.1 Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? YES. 4 packets were sent back to the IP source. 4.What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of 172.30...
Words: 523 - Pages: 3
...TargetWindows01 – 10.96.109.30 c. TargetUbunto01 – 10.96.109.36 d. TargetUbuntu02 – 10.96.109.40 3. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? e. Yes. f. 4 4. If you ping the “WindowsTarget01” VM server and the “UbuntuTarget01” VM server, which fields in the ICMP echo-request / echo-plies vary? g. The TTL on Windows was 128 while on Ubuntu the TTL was 64. 5. What is the command line syntax for running an “Intense Scan” with ZenMap on a target subnet of 172.30.0.0/24? h. Nmap –T4 –A –V –PE –PS22, 25, 80 –PA21, 23, 80, 3389 10.96.109.30 6. Name at least 5 different scans that may be performed from the ZenMap GUI and document under what circumstances you would choose to run those particular scans. i. Ping Scan j. Quick Scan k. Intense Scan l. Regular Scan m. Intense Scan, No Ping 7. How many different tests did your “Intense Scan” definition perform? List them all after reviewing the scan report. n. 36 o. Nbstat p. Smb-os-discovery q. Smbv2-enabled 8. Describe what each of these tests or scripts performs...
Words: 415 - Pages: 2
...Lab Assessment Questions & Answers 1. Name at least five applications and tools used in the lab. Tftpd64, Zenmap, NetWitness Investigator, OpenVAS, and Wireshark. 2. What is promiscuous mode? Promiscuous mode allows Wireshark to capture packets destined to any host on the same subnet or virtual LAN (VLAN). 3. How does Wireshark differ from NetWitness Investigator? Wireshark is a network packet analyzer, it will capture network packets and will try to display every detail of that packet. NetWitness Investigator is interactive threat analysis application, it provides the power to perform free-form contextual analysis of raw network data. 4. Why is it important to select the student interface in the Wireshark? When student is not selected the activity is from different computers on the server. When student is selected you get the activity from the computer you are using. 5. What is the command line syntax for running an Intense Scan with Zenmap on a target subnet of 172.30.0.0/24? The command line syntax is nmap-t4-a-v172.30.0.0/24 2 | Lab #1: Performing Reconnaissance Using Common Tools 6. Name at least five different scans that may be performed with Zenmap. Intense Scan, Ping Scan, Quick Scan, Regular Scan, and Quick Scan Plus. 7. How many different tests (i.e., scripts) did your Intense Scan perform? 256 tests 8. Based on your interpretation of the Intense Scan, describe the purpose/results of each tests script performed during the report. ...
Words: 315 - Pages: 2
...Assessment Worksheet 15 1 Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) LAB #1 – ASSESSMENT WORKSHEET Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about the target. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, students planned an attack on 172.30.0.0/24 where the VM server farm resides. Using Zenmap GUI, students then performed a “Ping Scan” or “Quick Scan” on the targeted IP subnetwork. Lab Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. WINDOWS APPLICATION LOADED 1. 2. 3. 4. 5. STARTS AS SERVICE Y/N ❑ Yes ❑ Yes ❑ Yes ❑ Yes ❑ Yes ❑ No ❑ No ❑ No ❑ No ❑ No 2. What was the allocated source IP host address for the TargetWindows01 server, TargetUbuntu01 server, and the IP default gateway router? TargetWindows01 IP 172.30.0.8 Default gateway 172.30.0.1 TargetUbuntu01 IP 172.30.0.4 Default gateway 172.30.0.1 TargetUbuntu01 credentials are not given...
Words: 786 - Pages: 4
... 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and identify critical vulnerabilities. * Make recommendations for mitigating the identified risks, threats, and vulnerabilities as described on the CVE database listing ------------------------------------------------- ...
Words: 559 - Pages: 3
...Scan" with Zenmap on a target subnet of 172.30.0.0/24? • nmap -T4 -A -v 3. Name at least five different scans that may be performed from the Zenmap GUI. Document under what circumstances you would choose to run those particular scans. • Quick Scan – You can use this to quickly determine information about the network. It is faster than regular scans because it limits the number of port it scans. General information gathering • Regular Scan – Great scan to just get back information on ports; nothing extra. • Ping Scan – This will find any targets that are up. Make sure target machines are up and responding. • Slow Comprehensive Scan - It is slow but it will give you more information that all of the scans. It includes every port UDP and TCP. Plus you can enable different switches like operating system detection. This is an intrusive scan, so I guess if you where enumerating and trying to find out information about the network, you would use this. • Intense Scan – This is like the comprehensive scan. The intense scan is slow but not as slow as comprehensive. You can still run switches like operating system detection and version detection. 4. How many different tests (i.e., scripts) did your "Intense Scan" definition perform? List them all after reviewing the scan report. • It loaded 36 scripts, but I only saw a few performed. APR scan, SYN Stealth Scan, Service Scan, OS detection 5. Describe what each of these tests or scripts performs within the Zenmap GUI (Nmap)...
Words: 424 - Pages: 2
...this at the Microsoft site: http://support.microsoft.com/kb/962007 Lab #4 Assessment Worksheet Compromise and Exploit a Vulnerable Microsoft Workstation/Server Overview During this Lab the student will learn the running of a port scan using Zenmap GUI for the discovery of running systems and services as well as open ports listening on the network. A vulnerability assessment scan will then be performed using Nessus® to identify known software vulnerabilities. Finally, a system running a vulnerable application will be exploited using a Backtrack 4 Live CD and the Metasploit Framework application. 1. What are the five steps of a hacking attack? There are different words and phrases on which step is labeled as what. a. Reconnaissance b. Scanning c. Gaining Access d. Maintaining Access e. Covering Tracks 2. During the Reconnaissance step of the attack, describe what ZenMap GUI performs to do passive OS fingerprinting? ZenMap (Nmap) doesn’t use probes to sniff specific hosts on the network. It rather doesn’t “touch” any systems on the network. It sniffs what is going on in the network and creates a fundamental report off of that. 3. What step in the hacking attack process uses ZenMap GUI? It is used during the Reconnaissance/Scanning step. 4. What step in the hacking attack process identifies known vulnerabilities and exploits? It is used during the Reconnaissance/Scanning step. 5. During the scanning step of...
Words: 574 - Pages: 3
...to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains. 1. What are the differences between ZeNmap GUI (Nmap) and Nessus? ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities. 2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon. 3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such. 4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform? Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace route 5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security Appliance device? 443/tcp open ssl/http, No exact OS matches for host, Aggressive OS guesses: Cisco Catalyst 1900 Switch, Software v9.00.03 (89%). 6. What is the source IP address of the Cisco Security Appliance device (refer to page...
Words: 870 - Pages: 4
...BALTIMORE CITY COMMUNITY COLLEGE DIVISION OF BUSINESS, HEALTH, MATHEMATICS AND SCIENCE BUSINESS, MANAGEMENT AND TECHNOLOGY DEPARTMENT ITSA 255 – Information Systems Security Assignment 4 – Network System Administrator Tools/Utilities Students are to perform independent Internet research and write a short paragraph describing the functionality and utilization for each of the following Network System Administrator Tools/Utilities: * FileZilla FileZilla is a cross platform File Transfer Protocol (FTP) application software that allows the ability to transfer multiple files over the internet. It is made up of a FileZilla client and a FileZilla server. It is available for use with Windows, Linux and MAC OSX. It supports FTP, SFTP (SSH File Transfer protocol), FTPS (FTP secure). Some of the features include support in IPv6, Drag and Drop, Filename feature, Remote file editing, FTP proxy support and much more. It includes two methods to invoke security which is the explicit method and implicit method. Many bug fixes and vulnerability patches were made over the initial release of June 22, 2001. * Nessus Nessus is a open source cross-platform network vulnerability scanner software developed by Tenable Network Security. First introduced during 1998; it was created to be used as a free remote security scanner to the internet community. It allows for various scanning which scans a computer and raises an alert if it discovers any vulnerability that hackers could use...
Words: 856 - Pages: 4
...ISSC362 Week 2 Lab #4: Lab Assessment Questions 1. What are the five steps of a hacking attack? Reconnaissance (Footprinting) Scanning (Port Scanning, Enumeration) Gaining Access (System Hacking) Maintaining Access (Planting Backdoors, Rootkits, Trojans) Covering Tracks (Disabling Auditing, Data Hiding) 2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting. A) Nmap uses the –O option to perform OS fingerprinting. The process monitors and captures network traffic. The traffic is then analyzed for patterns that would suggest which operating systems are in use. 3. 3. What step in the hacking attack process uses Zenmap GUI? A) The Zenmap GUI is used during scanning 4. What step in the hacking attack process identifies known vulnerabilities and exploits? A) Vulnerabilities and exploits are identified by enumeration, which is the most aggressive of the scanning stage. 5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft® vulnerabilities identified. What is vulnerability “MS08-067”? MS04-022: Microsoft Windows Task Scheduler Remote Overflow (841873) MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741) MS03-043: Buffer Overrun in Messenger Service (828035) MS06-035: Vulnerability...
Words: 579 - Pages: 3
..._____________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you performed all five phases of ethical hacking: reconnaissance (using Zenmap GUI for Nmap), scanning (using OpenVAS), enumeration (exploring the vulnerabilities identified by OpenVAS), compromise (attack and exploit the known vulnerabilities) using the Metasploit Framework application), and conducted post-attack activities by recommending specific countermeasures for remediating the vulnerabilities and eliminating the possible exploits. Lab Assessment Questions & Answers 1. What are the five steps of ethical hacking? reconnaissance, scanning,enumeration, compromise, post-attack activities: recommended countermeasures for remediation. 2. During the reconnaissance step of the attack, what open ports were discovered by Zenmap? What services were running on those ports? There were several Ports, I will list onl a few POrts, 21,3306,22,53,445,111,25, all running TCP: the services running were Linux telneted, smtp Postfix, Apache Tomcat/Coyote JSP 3. What step in the hacking attack process uses Zenmap? Reconnaissance 4. What step in the hacking attack process identifies known vulnerabilities? Enumeration 5. During the vulnerability scan, you identified a vulnerable service in the Linux victim system. What was the name of the vulnerable service? I believe that...
Words: 285 - Pages: 2
...Netwitness Investigator must be run manually. 3. Nessus starts as a service. 4. Firezilla starts as a service. 5. Zenmap GUI must be run manually. 2. The allocated source IP host address for the TargetWindows01 server is 172.30.0.8. The allocated source IP host address for the LAN Switch 1 server is 172.16.8.5. The allocated source IP host address for the LAN Switch 2 server is 172.16.20.5. The allocated source IP host address for the IP default gateway router is 172.30.0.1. 3. The targeted IP hosts did respond to the ICMP echo-request packet with an ICMP echo-reply packet when I intiated the ping command and four packets were sent back to the IP source. 4. The command line syntax for running an Intense Scan with Zenmap on a target subnet of 172.30.0.0/24 is nmap-t4-A-v-PE-PS22,25,80-PA21,23,80,3389 172.30.0.0/24. 5. Five different scans that may be performed from the Zenmap GUI are Ping scan, a basic info and host availability and mac address, Intense Scan, Quick Scan, Regular Scan, and Slow Comprehensive Scan. 6. There were thirty six different tests or scripts that the Intense Scan performed. 7. Nmap Output shows Raw Nmap Outdata Ports/Hosts shows IP Hosts and open ports Topology shows Fisheye bubble chart of IP hosts Host Details shows IP host OS fingerprint details Scans shows completed scans performed 8. Zenmap GUI found 256 IP Addresses, 6 hosts up and 1000 ports open. 9. Based on the Nmap scan I would start getting rid of all...
Words: 340 - Pages: 2