Active Discovery Lab - skyleroriordan/my-tech-journal GitHub Wiki

Active Discovery Lab

In this activity you are going to enumerate the hosts in our target network 10.0.5.0/24 using various techniques beginning with "living-off-the-land techniques" and then by adding tools to the mix.

There are live systems on 10.0.5.2,21,22,23 (there may be some more as well).

Use Wireshark on Kali to begin capture on the eth0 Go ahead and manually ping 10.0.5.21 and make sure to capture the ICMP echo request and reply.

  1. Screenshot of a Wireshark capture that shows ICMP requests and replies to and from 10.0.5.2

image

  1. bash script that pings IP’s in the range of 10.0.5.2-10.0.5.50

image

Script

Cat of sweep.txt

image

  1. bash script that uses fping and shows an output of what hosts are up within that same range

image

Script

Cat of sweep2.txt

image

  1. Nmap scan of the IP 10.0.5.21 and a related Wireshark capture

image

  1. Closely examine What destination ports and protocols were used in the use case? What observations do you have when comparing this to the ping and fping tests?

The ping and fping just used ICMP protocol whereas Nmap used TCP as well. The description ports used were 443 for the SYN and 80 for the ACK

  1. bash script that conducts an nmap -sn scan of 10.0.5.2-50 and outputs the list of IP addresses to sweep3.txt

image

Script

Output of sweep3.txt

image