9.3.8 Lab Exploring Nmap - PanamaP/KEST3CO05DU GitHub Wiki

Part 1: Exploring Nmap In this part, you will use manual pages (or man pages for short) to learn more about Nmap. The man [ program |utility | function] command displays the manual pages associated with the arguments. The manual pages are the reference manuals found on Unix and Linux OSs. These pages can include these sections: Name, Synopsis, Descriptions, Examples, and See Also. a. Start CyberOps Workstation VM. b. Open a terminal. c. At the terminal prompt, enter man nmap. [analyst@secOps ~]$ man nmap Questions: What is Nmap?

Nmap is a open sourced network exploration tool and security scanner.

What is nmap used for?

Nmap is used to scan a network.

What is the nmap command used?

Nmap -A -T4 scanme.nmap.org

Use the search function to answer the following questions. Questions: What does the switch -A do?

-A: Enable OS detection, version detection, script scanning, and traceroute

What does the switch -T4 do?

-T4 prohibits the dynamic scan delay from exceeding 10 ms for TCP ports.

Step 1: Scan your localhost. a. If necessary, open a terminal on the VM. At the prompt, enter nmap -A -T4 localhost. Depending on your local network and devices, the scan will take anywhere from a few seconds to a few minutes. [analyst@secOps ~]$ nmap -A -T4 localhost Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-01 17:20 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000056s latency). Other addresses for localhost (not scanned): ::1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 996 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.0.8 or later | ftp-anon: Anonymous FTP login allowed (FTP code 230) |_-rw-r--r-- 1 0 0 0 Apr 19 15:23 ftp_test b. Review the results and answer the following questions. Questions: Which ports and services are opened?

22/tcp ssh, 23/tcp telnet

For each of the open ports, record the software that is providing the services.

ssh - OpenSSH, telnet - Openwall

Record the IP address and subnet mask for your VM. Question: Which network does your VM belong to?

10.0.2.15/24

b. To locate other hosts on this LAN, enter nmap -A -T4 network address/prefix. The last octet of the IP address should be replaced with a zero. For example, in the IP address 10.0.2.15, the .15 is the last octet. Therefore, the network address is 10.0.2.0. The /24 is called the prefix and is a shorthand for the netmask 255.255.255.0. If your VM has a different netmask, search the internet for a “CIDR conversion table” to find your prefix. For example, 255.255.0.0 would be /16. The network address 10.0.2.0/24 is used in this example

How many hosts are up?

einn

Step 3: Scan a remote server. a. Open a web browser and navigate to scanme.nmap.org. Please read the message posted. Question: What is the purpose of this site?

Að kenna fólki á nmap

c. Review the results and answer the following questions. Questions: Which ports and services are opened?

22/tcp ssh, 80/tcp http, 9929/tcp nping-echo, 31337/tcp tcpwrapped

Which ports and services are filtered?

996 filtered ports

What is the IP address of the server?

**IPv4 address: 45.33.32.156 ** IPv6 address: 2600:3c01::f03c:91ff:fe18:bb2f

What is the operating system?

Ubuntu Linux