Lab 1 Nmap
1. Lab Identification & Objectives
1. Objectives:
1. Install and configure Nmap
2. Perform TCP SYN, UDP, and version/OS scans
3. Explore firewall/IDS evasion techniques
4. Collect, interpret and report scan results
2. Environment Setup
Operating System: Parrot Security OS
Nmap Version: 7.x
Target Machine: 172.16.69.134 (Window)
3. Installation
sudo apt install -y nmap
nmap –version
4. Introduce to nmap
- Syntax: nmap [Scan Type(s)] [Options] {target specification} - Options:
Scan Type Option Description
TCP SYN (“stealth”) -sS Half-open TCP handshake
TCP Connect -sT Full TCP handshake via OS
UDP Scan -sU Probe UDP ports
Service/Version -sV Detect service and version information
OS Detection -O Perform remote OS fingerprinting
NSE Scripting --script Run Nmap Scripting Engine scripts
Firewall Evasion -f, -D Fragment packets; use decoy addresses
Timing Template -T0…-T5 Control scan speed and stealthiness
Output Formats -oN, -oG, -oX, -oA Normal; grepable; XML; all formats
5. Scan Execution
SYN Stealth Scan (TCP)
nmap -Pn -sS -T4 -vv 172.16.69.134
Result:
PORT STATE SERVICE REASON
135/tcp open msrpc syn-ack ttl 128
139/tcp open netbios-ssn syn-ack ttl 128
445/tcp open microsoft-ds syn-ack ttl 128
5357/tcp open wsda pi syn-ack ttl 128
Service & Version Detection
nmap -sV 172.16.69.134
Result:
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Operating System Detection
sudo nmap -O 172.16.69.143
Result:
Device type: general purpose
Running: Microsoft Windows 10
OS CPE: cpe:/o:microsoft:windows_10
OS details: Microsoft Windows 10 1709 - 1909
Network Distance: 1 hop
Lab 3: Nikto
1. Objectives
1. Set up DVWA to simulate a vulnerable web server
2. Use Nikto to scan the DVWA target for known web vulnerabilities
3. Identify common misconfigurations, insecure headers, outdated services
4. Propose mitigation strategies
2. Environment Setup
Target Machine: 172.16.69.133 (Centos) + DVWA
3. Installation
sudo apt install nikto
nikto –Version
4. Scan Execution
nikto -h http://172.16.69.133/dvwa/index.php
Result:
+ Server: Apache/2.4.63 (CentOS Stream)
+ /dvwa/index.php/: Retrieved x-powered-by header: PHP/8.3.15.
+ /dvwa/index.php/: The anti-clickjacking X-Frame-Options header is not present. See:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /dvwa/index.php/: The X-Content-Type-Options header is not set. This could allow the user
agent to render the content of the site in a different fashion to the MIME type. See:
https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-
header/
+ Root page /dvwa/index.php redirects to: login.php
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ OPTIONS: Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE .
+ /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See:
https://owasp.org/www-community/attacks/Cross_Site_Tracing
Lab 4 p0f
1. Objectives
Use p0f to perform passive OS fingerprinting on network traffic
Identify operating systems of clients and servers based on TCP/IP header signatures
Observe HTTP request and response metadata without sending any packets
2. Installation and Setup
git clone https://github.com/p0f/p0f.git
cd p0f
bash build.sh
3. Environment Setup
Target Machine: 172.16.69.32 (Ubuntu) + Server
4. Scan Execution
sudo ./p0f -i eth0