Scribd
Upload
221 views1 page

Lab - 1 - Network Scanning

Network scanning attacks allow attackers to gather information about networked devices by discovering open ports and services. This lab uses Kali Linux to scan a vulnerable Metasploitable virtual machine (VM) in three steps: [1] Find the IP address prefix of the VM subnet; [2] Use Nmap to scan the subnet and identify the VM's specific IP address; [3] Use Nmap to detect open ports and running services on the VM.

Uploaded by

kusum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
221 views1 page

Lab - 1 - Network Scanning

Network scanning attacks allow attackers to gather information about networked devices by discovering open ports and services. This lab uses Kali Linux to scan a vulnerable Metasploitable virtual machine (VM) in three steps: [1] Find the IP address prefix of the VM subnet; [2] Use Nmap to scan the subnet and identify the VM's specific IP address; [3] Use Nmap to detect open ports and running services on the VM.

Uploaded by

kusum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Lab 01: Network scanning attacks

Presentation:

The objective of this Lab is to learn how an attacker uses the network scanning attack as a
main step in the process of compromising and networked device.

Note: It should be noted that the reproduction of this approach on a company's site
without its approval is punishable by law.

Part 01: Scanning a vulnerable VM using Kali Linux.

In order to accomplish this lab, we will choose the VM Metasploitable, which is a good start
for this kind of exercise.

Tasks of part 01:

1. Download the Metasploitable VM


(https://sourceforge.net/projects/metasploitable/files/Metasploitable2/)
- The machine is made to be launched with Vmware. You can launch it with
VirtualBox by creating a new VM. At the step of choosing the disk, answer that
you have the disk and then show it the path to the Metasploitable disk.
Configure the only network card available in host-only then launch the machine.
- It is obvious that you do not have root access for this machine, that is the
purpose of the exercise. The goal is to find a vulnerability that allows us to have
the root without knowing the root password!
- You can also download a Kali Linux VM to avoid installing the tools necessary to
complete this exercise.
2. Find the VM IP address prefix: Scanning the four billion possible IPv4 addresses to
find the right IP address for your VM is out of the question. four billion possible IPv4
addresses to find the right IP address for your VM as this is both inefficient and
illegal.
- So how do you find the right network prefix to scan?
- In a real case, how can the attacker get this information?
- Give a name to this step.
3. Find the IP address of the VM: Once you have found the right prefix, use the
network scan tool nmap network scan tool to identify the IP address of your VM.
- What type of scan is used by default? What are the differences between the the
different scan types available?
- How to make the scan stealthier and more discreet?
4. What services are running on this machine?
- What is this step called?
- How do you think this discovery works in practice?

You might also like