Chat with us, powered by LiveChat Write this reflection for the lab: In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this | Wridemy

Write this reflection for the lab: In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this

Write this reflection for the lab: In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this

   Write this reflection for the lab:

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.

Lab-5: Scanning and Enumeration

Reconnaissance and information gathering methods were passive methods, meaning that they did not cause any alarm, alerts, and log file creation on the target systems: franklin.edu computers. In Lab-5, you will actively scan and enumerate target systems. These actions would cause some log files and probably trigger alerts if the target systems were used by a sensitive organization, such as a military or financial institution.

You will perform Lab-5 by using the Netlab environment provided by Franklin University. Netlab environment is an isolated environment with no Internet connection so that none of your actions will cause anything harmful for you or the target system.

Section-1: Scan the Network Using nbtscan Tool

nbtscan is used for scanning networks to obtain NetBIOS names, file shares, and other information. It is one of the tools that come with Kali Linux. Nbtscan is a convenient tool to scan the active computers on the network quickly.

Windows machines have NetBIOS names by default. Linux/Unix computer may also have NetBIOS names if the Samba interoperability suite is installed.

Before starting scanning the network from Kali Linux, you have to learn the network address first.

1) Enter the Netlab environment

2) Open Kali Linux and enter the password (password: toor)

3) Open a terminal window

4) Type this command: ifconfig

The IP address of your computer is 192.168.2.10, and the netmask is 255.255.255.0. That means the network address is 192.168.2.0/24. You will use this in your nbtscan.

5) Run a nbtscan by typing nbtscan 192.168.2.0/24 to the terminal window. You will see all active computers along with IP addresses, NetBIOS names, and MAC addresses. That is an essential piece of information for a pentester and can be regarded as your initial attack surface.

Take a screenshot of the terminal window.

Section-2: Scan the Network by Using Nmap

You will perform another network scan by using a more versatile tool called Nmap. Nmap is one of the swiss knives of the pen-testers. It is a free and open-source tool and comes with Kali Linux. Nmap has many different scanning options; it can even perform vulnerability scanning in addition to network and host scanning. In this lab, you will first use Nmap's network/host scanning features, and then you will perform vulnerability scanning with Nmap.

1) Type in nmap 192.168.2.0/24 -n -sn in the terminal window.

Take a screenshot of the terminal window.

Type in man nmap in the terminal window to see the help page of the Nmap tool. Find why you used n and sn options.

Section-3: Perform a Port Scan Against a Host

In the previous section, you scanned the network by using Nmap. In this section, you will scan a specific host for open ports.

1) Type in nmap 192.168.2.14 -n in the terminal window.

Take a screenshot of the terminal window.

192.168.2.14 is the Metasploitable machine. There are many open ports on this machine. It is an intentionally vulnerable Linux machine used for training purposes. As the pentester, you determined your initial attack surface using nbtscan and nmap tools, which can be thought of as the active computers on the network. The list of open ports of the Metasploitable computer is also an attack surface specific to a host. An open port can be considered one of the most valuable attack surfaces. Because an attacker can attack computers by using open ports in many ways, such as:

a) By flooding the port, such as SYN flood to port 80,

b) By exploiting the service using the port, such as an SQL injection attack against web application using Port 443

c) By brute-forcing the login forms,

d) By using default usernames or passwords, such as accessing to wireless modem management interface by default username: admin/password: admin credentials

Section-4: Scanning for Top 1000 Ports

Top 1000 ports are a list of statistically most popular 1000 ports used by the network-enabled applications and services. In this lab, you will scan the same target (Metasploitable) to check for the top 1000 ports.

1) Type in nmap 192.168.2.14 -n –top-ports 1000 –open in the terminal window.

–open switch only shows the open ports on the target machine.

2) Now, type in the command with an extra switch -sV: nmap 192.168.2.14 -n –top-ports 1000 –open -sV

sV switch fingerprints the service running on the port.

Take a screenshot of the terminal window.

Section-5: OS (Operating System) Detection by using Nmap

One of Nmap's features is remote OS detection by using TCP/IP stack fingerprinting.  In this lab, you will detect the operating systems of the live hosts in the 192.168.2.0/24 network.

1) Type in nmap 192.168.2.0/24 -n -O –osscan-guess

Note that you have to make the "O" letter uppercase.

Notice the operating system info at the command output.

Find the command output showing the operating system of 192.168.2.12 and Take a screenshot of the terminal window.

Section-6: Vulnerability Scanning by Using Nmap

Now, it is time to perform vulnerability scanning by using Nmap. The first vulnerability will be the use of an FTP service with anonymous login is enabled.

In the previous lab, you found that 192.168.2.14 (Metasploitable) has the FTP service enable. Let's check whether it has anonymous login enabled. Anonymous login is a common feature among FTP services.

1) Type in nmap 192.168.2.14 -n –script ftp-anon -p 21 in the terminal window.

In this command, you use Nmap scripts, which is a powerful and flexible feature of Nmap. Nmap scripting engine allows security researchers to prepare scripts to perform particular tasks such as finding FTP services (port 21) with anonymous login is enabled. In this section, you used anonymous ftp logins detect script (ftp-anon).

Now, you will use another Nmap script to detect SMB vulnerability. SMB is a standard protocol used by the Windows operating system to share files and printers among computers. You check another host (192.168.2.13) for any SMB protocol vulnerability. 192.168.2.13 is a Windows computer. In Section-5, you detected the operating system of this host remotely as Windows 7.

2) Type in nmap 192.168.2.13 -n –script smb-vuln* -p 445

In this example, you used a wild chart. smb-vuln* use all scripts which start with "smb-vuln."

Take a screenshot of the terminal window.

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.

image2.png

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Wridemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Related Tags

Academic APA Writing College Course Discussion Management English Finance General Graduate History Information Justify Literature MLA