In-Class Lab –
Active Information Gathering
Objective: to understand the commands of NMAP and it’s output
Objective: to understand web directory enumerations
Lab 1: you are provided with 2 PCAP files, both are communications between attack machine and TWO different destinations, you are required to address the following from each capture
• Which TCP ports were scanned and which port are reported active
• What are the services running on those service ports & the software / version to run those services
• What kind of scanning was being performed (-s
Prepare your write up and to get the above results, with screenshot and command lines when available.
You may refer to manual of NMAP or this link for more details:
https://www.varonis.com/blog/nmap-commands/
One of the commands given on one of the PCAPs
┌──(kali㉿kali)-[~]
└─$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.5 icmp_seq=1 Destination Host Unreachable
From 192.168.1.5 icmp_seq=2 Destination Host Unreachable
From 192.168.1.5 icmp_seq=3 Destination Host Unreachable
From 192.168.1.5 icmp_seq=4 Destination Host Unreachable
From 192.168.1.5 icmp_seq=5 Destination Host Unreachable
From 192.168.1.5 icmp_seq=6 Destination Host Unreachable
From 192.168.1.5 icmp_seq=7 Destination Host Unreachable
From 192.168.1.5 icmp_seq=8 Destination Host Unreachable
From 192.168.1.5 icmp_seq=9 Destination Host Unreachable
From 192.168.1.5 icmp_seq=10 Destination Host Unreachable
From 192.168.1.5 icmp_seq=11 Destination Host Unreachable
From 192.168.1.5 icmp_seq=12 Destination Host Unreachable
From 192.168.1.5 icmp_seq=13 Destination Host Unreachable
From 192.168.1.5 icmp_seq=14 Destination Host Unreachable
From 192.168.1.5 icmp_seq=15 Destination Host Unreachable
From 192.168.1.5 icmp_seq=16 Destination Host Unreachable
From 192.168.1.5 icmp_seq=17 Destination Host Unreachable
64 bytes from 192.168.1.1: icmp_seq=18 ttl=64 time=2049 ms
64 bytes from 192.168.1.1: icmp_seq=19 ttl=64 time=1025 ms
64 bytes from 192.168.1.1: icmp_seq=20 ttl=64 time=1.59 ms
64 bytes from 192.168.1.1: icmp_seq=21 ttl=64 time=0.589 ms
64 bytes from 192.168.1.1: icmp_seq=22 ttl=64 time=0.567 ms
64 bytes from 192.168.1.1: icmp_seq=23 ttl=64 time=0.868 ms
64 bytes from 192.168.1.1: icmp_seq=24 ttl=64 time=0.682 ms
64 bytes from 192.168.1.1: icmp_seq=25 ttl=64 time=0.748 ms
^C
— 192.168.1.1 ping statistics —
25 packets transmitted, 8 received, +17 errors, 68% packet loss, time 24453ms
rtt min/avg/max/mdev = 0.567/384.908/2048.922/712.749 ms, pipe 4
┌──(kali㉿kali)-[~]
└─$ nmap 192.168.1.1
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-03 08:48 EST
Nmap scan report for 192.168.1.1
Host is up (0.0013s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
80/tcp open http
1723/tcp filtered pptp
Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
┌──(kali㉿kali)-[~]
└─$ nmap 192.168.1.1 -sA
You requested a scan type which requires root privileges.
QUITTING!
┌──(kali㉿kali)-[~]
└─$ sudo nmap 192.168.1.1 -sA 1 ⨯
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-03 08:48 EST
Nmap scan report for 192.168.1.1
Host is up (0.0015s latency).
Not shown: 999 unfiltered ports
PORT STATE SERVICE
1723/tcp filtered pptp
MAC Address: F4:28:53:78:F6:14 (Zioncom Electronics (Shenzhen))
Nmap done: 1 IP address (1 host up) scanned in 1.48 seconds
┌──(kali㉿kali)-[~]
└─$ sudo nmap 192.168.1.1 -p1-2000 -T 4
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-03 08:49 EST
Nmap scan report for 192.168.1.1
Host is up (0.0036s latency).
Not shown: 1997 closed ports
PORT STATE SERVICE
80/tcp open http
631/tcp open ipp
1723/tcp filtered pptp
MAC Address: F4:28:53:78:F6:14 (Zioncom Electronics (Shenzhen))
Nmap done: 1 IP address (1 host up) scanned in 1.65 seconds
┌──(kali㉿kali)-[~]
└─$ dirb -h
—————–
DIRB v2.22
By The Dark Raver
—————–
(!) FATAL: Invalid URL format: -h/
(Use: “http://host/” or “https://host/” for SSL)
┌──(kali㉿kali)-[~]
└─$ dirb http://192.168.1.1 255 ⨯
—————–
DIRB v2.22
By The Dark Raver
—————–
START_TIME: Wed Mar 3 08:49:53 2021
URL_BASE: http://192.168.1.1/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
—————–
GENERATED WORDS: 4612
—- Scanning URL: http://192.168.1.1/ —-
+ http://192.168.1.1/admin.cgi (CODE:502|SIZE:88)
+ http://192.168.1.1/AT-admin.cgi (CODE:502|SIZE:88)
+ http://192.168.1.1/cachemgr.cgi (CODE:502|SIZE:88)
+ http://192.168.1.1/cgi-bin (CODE:401|SIZE:173)
+ http://192.168.1.1/cgi-bin/ (CODE:403|SIZE:168)
==> DIRECTORY: http://192.168.1.1/images2/
+ http://192.168.1.1/index.html (CODE:200|SIZE:112)
+ http://192.168.1.1/main (CODE:401|SIZE:170)
+ http://192.168.1.1/version (CODE:200|SIZE:7)
—- Entering directory: http://192.168.1.1/images2/ —-
+ http://192.168.1.1/images2/admin.cgi (CODE:502|SIZE:88)
+ http://192.168.1.1/images2/AT-admin.cgi (CODE:502|SIZE:88)
+ http://192.168.1.1/images2/cachemgr.cgi (CODE:502|SIZE:88)
—————–
END_TIME: Wed Mar 3 08:51:44 2021
DOWNLOADED: 9224 – FOUND: 11
┌──(kali㉿kali)-[~]