Scanning with NMAP

1. Start Zenmap

• Instructions:
  
  1. zenmap

• 

1. Perform a quick scan by doing the following:
   
   • 
     
     • Replace 192.168.1.110 with Damn Vulnerable WXP-SP2's IP Address obtained from (Section 3, Step 6).
   • Instructions:
     
     1. Target: 192.168.1.110
     1. Profile:  Select Quick Scan
     1. Click the Scan Button.
   • 

1. Output Analysis
   
   • 1. Nmap's quick scan displays the following basic network metrics:
        
        • If the host is up.
        • How many ports are closed.
        • Which ports are open and their service name.
          
          • e.g., 21 (ftp)
        • Also, the MAC address is display with Nmap's guess of the OS being VMware.
   • 

Zenmap Intense Scan

1. Perform Intense Scan
   
   • • Replace 192.168.1.110 with Damn Vulnerable WXP-SP2 IP Address obtained from (Section 3, Step 6).
   • Instructions:
     
     1. Target: 192.168.1.110
     1. Profile:  Select Intense Scan
     1. Click the Scan Button. 
   • 

1. Version Analysis
   
   • 1. Notice the results are more verbose.
     1. The actual version of the service was added to service name.
        
        • You can use this information to investigate possible exploits.
        • For Example, Microsofts ISS http 5.1 webserver.
   • 

Section 7. Nmap Network Scan

1.   Subnet Ping Scan
   
   • • Obtained the subnet mask of your Damn Vulnerable WXP-SP2 from (Section 3, Step 6).
   • Instructions:
     
     1. Change Target to the subnet address of Damn Vulnerable WXP-SP2.
        
        • In my case, 192.168.1.0/24
        • Notice, that I replaced the last octet of my IP address with a 0.
        • The /24 represents the subnet mask.
     1. Change Profile to: Ping Scan
     1. Click Scan
   • 

1. Topology Analysis
   
   • Instructions:
     
     1. Click on the Topology Tab.
     1. Click on Fisheye
     1. Click on Controls
        
        • This will allow you to increase the size of the network rings.
     1. Click on the Zoom Arrow
   • Note(FYI):
     
     • This will give you a visual representation of how your network is laid out.
     • When presenting a customer or management with a penetration testing analysis, this would be a good picture to throw into the report
   • 

Performing NMAP Scans

1. Perform Quick NMAP Scan
   
   • Instructions(FYI):
     
     • Replace 192.168.1.110 with Damn Vulnerable WXP-SP2 IP Address obtained from (Section 3, Step 6)
   • Instructions:
     
     1. nmap -T4 -F 192.168.1.110 | tee /var/tmp/nmap.quick.txt
        
        • nmap - is the NMAP scanner.
        • | tee /var/tmp/nmap.quick.txt - View output and sent it to file nmap.quick.txt.
   • 

1. Perform Intense NMAP Scan
   
   • Instructions(FYI):
     
     • Replace 192.168.1.110 with Damn Vulnerable WXP-SP2 IP Address obtained from (Section 3, Step 6)
   • Instructions:
     
     1. nmap -p 1-65535 -T4 -A -v 192.168.1.110 | tee /var/tmp/nmap.intense.txt
        
        • nmap - is the NMAP scanner.
        • | tee /var/tmp/nmap.intense.txt - View output and sent it to file nmap.intense.txt.
   • 

Proof of Lab

1. Proof of Lab
   
   • Proof Of Lab Instructions:
     
     1. Do a PrtScn of the below commands
     1. Paste into a word document
     1. Upload to Moodle
   • Instructions
     
     1. ls -l /var/tmp/nmap*
     1. date
     1. echo "Your Name"
        
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
   •