Lab 2.2 ‐ Port Scanning 2 - skyleroriordan/my-tech-journal GitHub Wiki

ICMP and Windows 10

  1. Windows icmp

Observe and repeat the following interaction between kali and your win10 system (substitute your IP addresses). Provide screenshot(s) similar to the one below that show:

  1. Determine your Windows 10 IP address (.131 in the example)
  2. Ping Windows 10 from Kali (it should fail)
  3. Ping Kali from Windows 10 (it should work) Use the 10.0.17.x address!
  4. Wireshark on eth0 (not wg0) using a capture filter for your windows host ip address
  5. nmap against tcp/9999
  6. results indicate filtered
  7. display your wireshark capture, there should be an ARP request (this is how the host was found, not ICMP!)

image

image

  1. nmap rdp Figure out how to enable Remote Desktop Services on your windows 10 system using powershell or the command prompt and conduct an nmap scan against the rdp tcp port from your kali system. Show the nmap command and results similar to the one below.

to enable remote desktop go to settings, system, remote desktop, and then turn on enable remote desktop. The TCP port associated with RDP is 3389.

image

  1. remmina

On Kali, make sure remmina is installed and figure out how to initiate an RDP session to your windows box. Provide a screenshot similar to the one below.

image

  1. -sV

Add the -sV flag to your previous nmap scan against rdp on windows 10(include your nmap command). You will note a bit more verbiage than seen without the flag

image

  1. -A

Replace -sV with -A to attempt to derive more information on the host and exposed service. You will notice that the rdp-ntlm-info script provides a good deal of information (1) and that the OS detection output is not very accurate at all

image

image

  1. nmap 1000-6000

Run an nmap scan against your windows 10 system. Only target tcp ports 1-6000. Provide a screenshot showing your command and output.

image

  1. New Ports

Rescan ports 1-6000. Provide a screenshot similar to the one below that shows your command and results. You will note that 3 new ports have been exposed

image

  1. Version against select ports

Figure out how to run a version scan against only the ports exposed above. Provide a screenshot showing your nmap command and the output.

image

  1. -A against select ports

Increase the output by running OS Detection, Version Detection, Script Scanning and traceroute against your windows 10 target. Provide a screenshot showing your command and output. You will notice we have smb and netbios related information.

image

image

  1. Nmap command reference: Link

  2. Reflection: I found this lab to be fairly straightforward other than I couldn't get xfreerdp to work at first. It turned out to just be a simple syntax error but it did take up like two hours.