0% found this document useful (0 votes)
10 views9 pages

Lab 1 Nmap

The document outlines several labs focused on network scanning and vulnerability assessment using tools like Nmap, Nikto, and p0f. It details objectives, installation procedures, and execution of scans to identify open ports, services, and potential vulnerabilities in target machines. Each lab includes specific commands and results to demonstrate the effectiveness of the tools in assessing network security.

Uploaded by

Gia Ni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
10 views9 pages

Lab 1 Nmap

The document outlines several labs focused on network scanning and vulnerability assessment using tools like Nmap, Nikto, and p0f. It details objectives, installation procedures, and execution of scans to identify open ports, services, and potential vulnerabilities in target machines. Each lab includes specific commands and results to demonstrate the effectiveness of the tools in assessing network security.

Uploaded by

Gia Ni
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Lab 1 Nmap

1. Lab Identification & Objectives

1. Objectives:

1. Install and configure Nmap

2. Perform TCP SYN, UDP, and version/OS scans

3. Explore firewall/IDS evasion techniques

4. Collect, interpret and report scan results

2. Environment Setup

Operating System: Parrot Security OS

Nmap Version: 7.x

Target Machine: 172.16.69.134 (Window)


3. Installation

sudo apt install -y nmap


nmap –version

4. Introduce to nmap

- Syntax: nmap [Scan Type(s)] [Options] {target specification} - Options:


Scan Type Option Description

TCP SYN (“stealth”) -sS Half-open TCP handshake

TCP Connect -sT Full TCP handshake via OS

UDP Scan -sU Probe UDP ports

Service/Version -sV Detect service and version information

OS Detection -O Perform remote OS fingerprinting

NSE Scripting --script Run Nmap Scripting Engine scripts

Firewall Evasion -f, -D Fragment packets; use decoy addresses

Timing Template -T0…-T5 Control scan speed and stealthiness

Output Formats -oN, -oG, -oX, -oA Normal; grepable; XML; all formats

5. Scan Execution
SYN Stealth Scan (TCP)
nmap -Pn -sS -T4 -vv 172.16.69.134
Result:
PORT STATE SERVICE REASON
135/tcp open msrpc syn-ack ttl 128
139/tcp open netbios-ssn syn-ack ttl 128
445/tcp open microsoft-ds syn-ack ttl 128
5357/tcp open wsda pi syn-ack ttl 128

Service & Version Detection


nmap -sV 172.16.69.134

Result:
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)

Operating System Detection


sudo nmap -O 172.16.69.143
Result:
Device type: general purpose
Running: Microsoft Windows 10
OS CPE: cpe:/o:microsoft:windows_10
OS details: Microsoft Windows 10 1709 - 1909
Network Distance: 1 hop

Lab 3: Nikto
1. Objectives

1. Set up DVWA to simulate a vulnerable web server

2. Use Nikto to scan the DVWA target for known web vulnerabilities

3. Identify common misconfigurations, insecure headers, outdated services

4. Propose mitigation strategies

2. Environment Setup

Target Machine: 172.16.69.133 (Centos) + DVWA


3. Installation

sudo apt install nikto


nikto –Version

4. Scan Execution

nikto -h http://172.16.69.133/dvwa/index.php
Result:

+ Server: Apache/2.4.63 (CentOS Stream)

+ /dvwa/index.php/: Retrieved x-powered-by header: PHP/8.3.15.

+ /dvwa/index.php/: The anti-clickjacking X-Frame-Options header is not present. See:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

+ /dvwa/index.php/: The X-Content-Type-Options header is not set. This could allow the user

agent to render the content of the site in a different fashion to the MIME type. See:

https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-

header/

+ Root page /dvwa/index.php redirects to: login.php

+ No CGI Directories found (use '-C all' to force check all possible dirs)

+ OPTIONS: Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE .

+ /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See:

https://owasp.org/www-community/attacks/Cross_Site_Tracing
Lab 4 p0f
1. Objectives

Use p0f to perform passive OS fingerprinting on network traffic


Identify operating systems of clients and servers based on TCP/IP header signatures
Observe HTTP request and response metadata without sending any packets

2. Installation and Setup

git clone https://github.com/p0f/p0f.git

cd p0f

bash build.sh

3. Environment Setup

Target Machine: 172.16.69.32 (Ubuntu) + Server

4. Scan Execution
sudo ./p0f -i eth0

You might also like