Reconnaissance and Probing Using Zenmap

Overview

Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about it. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you planned an attack on 172.30.0.0/24 where the VM server farm resides, and used the Zenmap GUI to perform an “Intense Scan” on the targeted IP subnetwork. Note:

These forms have been formatted to allow you to complete the form online and save it using Adobe Reader. You may experience problems with either or both of these actions if you are using any other software program.

Lab Assessment Questions & Answers

1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify

whether that application starts as a service on the system or must be run manually.

windows applicaTion loaded

1. 2. 3. 4. 5.

sTarTs as service Y/n

q Yes q Yes q Yes q Yes q Yes q No q No q No q No q No

tftpd32 filezilla wireshark Nessus NetWitness Investigator

16

Lab #1 | Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) 2. What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1,

The Term Paper on Server 2012 Lab Questions Ch. 1

Each lab in this manual requires that you answer questions, create screen shots, and perform other activities that you will document in a worksheet named for the lab, such as Lab01_worksheet.docx. It is recommended that you use a USB flash drive to store your worksheets, so you can submit them to your instructor for review. As you perform the exercises in each lab, open the appropriate worksheet ...

LAN Switch 2, and the IP default gateway router?

TagetWindows01 Server- Source IP = 172.30.0.8 TargetUbuntu01 Server – Source IP = 172.30.0.4 TargetUbuntu02 Server – Source IP = 172.30.0.9 The Default Gateway IP is = 172.30.0.1

3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when

you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? Yes, the targeted IP host responded back with 4 echo-replies.

4. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of

172.30.0.0/24?

The fields that vary is the Time To Live (TTL) fields. For the TargetUbuntu01 it’s 64 and the TargetWindows01 is 128.

5. Name at least five different scans that may be performed from the Zenmap GUI. Document under what

circumstances you would choose to run those particular scans. The syntax for an Intense Scan in Zenmap is as followed: nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.0/24

Assessment Worksheet

6. How many different tests (i.e., scripts) did your “Intense Scan” definition perform? List them all after

17

1

Perform Reconnaissance and Probing Using Zenmap GUI (Nmap)

reviewing the scan report.

ZenMap GUI (Nmap) Learning Objectives and Outcomes Upon completing this lab, students will be able to perform the following tasks: Obtain, access, and copy the Virtual Machines (server farm and workstations) needed for this course onto your removable hard drive Use VMware Player to enable and power-up the VMs (server farm and workstations)…

7. Describe what each of these tests or scripts performs within the Zenmap GUI (Nmap) scan report.

8. How many total IP hosts (not counting Cisco device interfaces) did Zenmap GUI (Nmap) find on the

network?

9. Based on your Nmap scan results and initial reconnaissance and probing, what next steps would you

perform on the VSCL target machines?

xzhaedria tucker