nmap-ssh lab instructions and lab report template

This document includes both the lab instructions and empty boxes for you to embed your screenshots
and answers to lab questions. Please use this document for your lab report.

Overview
This exercise uses nmap to identify and exploit a weakness in a system. You are security testing for a
business who believes their SSH server is secure, but they are asking you to test and verify. In the lab
tasks you will attempt to remotely access that SSH server and find the content of a selected file.

Lab Environment
This lab uses the Labtainer Linux-based virtual machine.

 Start the Labtainer VM. Once the VM is running, from the labtainer-student terminal
window, start the lab using the command:
labtainer nmap-ssh

 Once the lab completes the startup process, two separate terminal windows for
analyst@mycomputer and analyst@router will open for all the lab tasks.

 At the end of the lab, you will return to the labtainer-student terminal to stop the lab.

What you know

 As the analyst, you have access to two machines on the network through the terminal windows
– mycomputer and the router.
 The mycomputer machine has nmap installed.
 The router sits between the mycomputer machine and the SSH server you are trying to access.
 The router has tshark and tcpdump installed. (tshark is the command line version of wireshark.)
o Starting a packet capture at the terminal window is a simple as this syntax to capture on
an interface named eth0. This will display any captured packets in the terminal window.
sudo tshark -i eth0

o You can optionally specify fields you want to display, so you can more easily see
information of interest. You can use whatever you would put in Wireshark in the filter
window as a field. For example, if I just wanted to display the source and destination IP
addresses in each packet, I could use the following line. (Include a separate -e
fieldname for each field to display.)

This study source was downloaded by 100000852737455 from CourseHero.com on 05-31-2025 23:28:04 GMT -05:00

https://www.coursehero.com/file/196353821/nmapssh-lab-instructions-report-template-1docx/
 sudo tshark -i eth0 -T fields -e ip.src -e ip.dst

 You know that the SSH server IP address is 172.25.0.2 and that the SSH port varies between
2000-3000. If you’re able to find a port, username and password to try for SSH, you can try to
login with this syntax. (Replace PORT with the actual port, and USER with the actual username.)
ssh -p PORT [email protected]

 Hint: There could be other machines on the network that are generating traffic. They could be
using other password-protected network services. There may be clues in their traffic that you
can capture with tshark that will help you in your security testing. Instead of looking for source
and destination IP addresses, you could look at other fields. There are many fields you can
display using tshark. A full reference is here: https://www.wireshark.org/docs/dfref/ and you can
select a protocol to find the fields available. (For example, the IP fields above are found on the IP
page here: https://www.wireshark.org/docs/dfref/i/ip.html )

Lab Tasks

1) Explore the network with nmap to find the actual port of the SSH server
and anything else you find interesting.

INSERT YOUR SCREENSHOTS OF THE NMAP COMMAND and RESULTS.

ADD YOUR ANSWERS: What port is used for the SSH server? Are there other services running?

2) Explore the network traffic to look for clues. Keep in mind that this traffic
may be from machines other than the ones you have access to as the
analyst.

INSERT YOUR SCREENSHOTS OF YOUR TSHARK COMMAND and ANY INTERESTING RESULTS.

ADD YOUR ANSWER: Are you able to find any clues in the network traffic? What are they?

3) Login to SSH server?

This study source was downloaded by 100000852737455 from CourseHero.com on 05-31-2025 23:28:04 GMT -05:00

https://www.coursehero.com/file/196353821/nmapssh-lab-instructions-report-template-1docx/
 INSERT YOUR SCREENSHOT IF YOU ARE ABLE TO LOGIN TO THE SSH SERVER and SEE THE CONTENTS
OF A FILE THERE.

4) Complete and get lab results file

After finishing the lab, go to the terminal window that was used to start the lab and type:
stoplab

When you stop the lab, the system will display a path to the zipped lab results on your Linux system. A
link to the directory is on the VM desktop (labtainer_xfer in the screenshot below). A separate sub-
directory will be created here for each lab you do, in this case, it will be called nmap-ssh. The lab results
file with the .lab extension will be in here.

Attach this lab results file as part of your lab submission on Blackboard, along with the completed lab
report template.

This lab was developed for the Labtainer framework by the Naval Postgraduate School, Center for
Cybersecurity and Cyber Operations under National Science Foundation AwardNo. 1438893. This work is
in the public domain, and cannot be copyrighted.

This study source was downloaded by 100000852737455 from CourseHero.com on 05-31-2025 23:28:04 GMT -05:00

https://www.coursehero.com/file/196353821/nmapssh-lab-instructions-report-template-1docx/
Powered by TCPDF (www.tcpdf.org)