• Port scanning and network reconnaissance.
• Understanding ICMP, ARP, and firewall filtering behaviors.
• Enabling and testing Remote Desktop Protocol (RDP).
• Advanced Nmap scanning techniques for service and OS detection.

---

Objective: Use Bash and Nmap to perform port scanning and analyze network traffic with Wireshark.

1. TCP Handshake and Wireshark:

   • Ran a Bash command to initiate a connection to port 80:

     echo > /dev/tcp/<target_ip>/80

   • Captured the TCP handshake (SYN, SYN/ACK, ACK) and teardown (FIN, ACK) in Wireshark.

   Deliverable: Screenshot showing TCP flags during setup and teardown.

2. Bash Script for Scanning Multiple Ports:

   • Created a script to scan a list of targets (sweep.txt) and ports (mytcpports.txt):

     ./portscanner.sh sweep.txt mytcpports.txt

   • Enhanced the script with error handling and output in CSV format.

   Deliverable: Screenshot of the script output.

3. Nmap Default and Single Port Scans:

   • Conducted a default Nmap scan on 10.0.5.31:

     sudo nmap 10.0.5.31

   • Performed a single-port scan on port 3389:

     sudo nmap 10.0.5.31 -p 3389

   Deliverables: Screenshots of Wireshark captures for both scans, showing TCP SYN and SYN/ACK flags.

4. SYN Scan with -Pn:

   • Ran an Nmap scan with the -Pn flag to bypass host discovery:

     sudo nmap -Pn 10.0.5.31 -p 3389

   Deliverable: Screenshot showing the SYN, SYN/ACK, and RST packets in Wireshark.

---

Objective: Analyze ICMP, ARP, and advanced Nmap features while enabling and testing RDP on Windows.

1. ICMP and ARP Testing:

   • Verified ICMP behavior between Kali (10.0.17.45) and Windows (10.0.17.25):
     • Ping from Kali to Windows failed (ICMP blocked).
     • Ping from Windows to Kali succeeded.
   • Captured ARP requests in Wireshark during an Nmap scan on port 9999:

     sudo nmap -p 9999 10.0.17.25

   Deliverable: Screenshots showing failed ping, successful ping, and ARP request in Wireshark.

2. Enabling Remote Desktop:

   • Enabled RDP on Windows via PowerShell:

     reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
     netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes

   • Verified port 3389 was open using Nmap:

     sudo nmap -p 3389 10.0.17.25

   Deliverable: Screenshot of the Nmap results confirming port 3389 is open.

3. RDP Session:

   • Connected to the Windows VM via RDP from Kali:

     xfreerdp /u:<username> /p:<password> /v:10.0.17.25

   • Verified functionality with an RDP session.

   Deliverable: Screenshot of the RDP session.

4. Advanced Nmap Features:

   • Conducted a version scan (-sV) and OS detection (-A) on port 3389:

     sudo nmap -p 3389 -sV 10.0.17.25
     sudo nmap -p 3389 -A 10.0.17.25

   Deliverables: Screenshots showing detailed version and OS information from Nmap.

5. Rescanning Ports 1-6000:

   • Scanned ports 1-6000 on Windows before and after enabling File and Print Sharing:

     sudo nmap -p 1-6000 10.0.17.25

   • Identified additional open ports (e.g., SMB and NetBIOS).

   Deliverable: Screenshot of the updated scan results.

6. Version Scan on New Ports:

   • Ran a version scan on newly exposed ports:

     sudo nmap -sV -p <new_ports> 10.0.17.25

   Deliverable: Screenshot showing version details of new services.

7. Comprehensive Scanning:

   • Combined OS detection, version detection, script scanning, and traceroute:

     sudo nmap -A -p <new_ports> 10.0.17.25

   Deliverable: Screenshot showing detailed SMB and NetBIOS information.

---

• Key Takeaways:

  • ICMP and ARP are critical for host discovery when firewalls block ping.
  • Advanced Nmap flags like -sV and -A provide detailed service and OS information.
  • Enabling RDP and File and Print Sharing exposes additional ports and services for scanning.
  • Proper firewall configuration is essential for controlling access to sensitive services.

• Challenges:

  • Ensuring ICMP was blocked while ARP still worked for host discovery.
  • Configuring Remote Desktop on Windows securely and confirming connectivity.

• Reflections:

  • These assignments reinforced the importance of network reconnaissance in penetration testing.
  • Understanding Nmap's output is crucial for identifying vulnerabilities and misconfigurations.

---

Back to Main Page