{"id":36,"date":"2021-02-25T16:26:55","date_gmt":"2021-02-25T16:26:55","guid":{"rendered":"https:\/\/cas.cybercop-training.ch\/?page_id=36"},"modified":"2021-05-31T14:22:28","modified_gmt":"2021-05-31T14:22:28","slug":"scanning-with-nmap","status":"publish","type":"page","link":"https:\/\/cas.cybercop-training.ch\/index.php\/scanning-with-nmap\/","title":{"rendered":"Scanning with nmap"},"content":{"rendered":"

1. Task Decription<\/h2>\n
\n

Nmap (Network Mapper) is a free and open-source network scanner which is used to discover hosts and
\nservices on a computer network by sending packets and analyzing the responses.
\nNmap provides a number of features for probing computer networks, including host discovery and service and
\noperating system detection. These features are extensible by scripts that provide more advanced options.<\/p>\n<\/blockquote>\n

After you did some practice exercises with nmap, please answer the following questions:<\/p>\n

    \n
  1. which host(s) are vulnerable for the EternalBlue vulnerability?<\/li>\n
  2. what is the nmap command for a full tcp scan?<\/li>\n
  3. what is the nmap command for a syn scan?<\/li>\n
  4. what is the nmap command for a half-open scan?<\/li>\n
  5. how do you find out the OS version of your targets?<\/li>\n
  6. explain the idea\/purpose of the nmap scripting engine?<\/li>\n
  7. list every nmap script you could use in your nmap scan?<\/li>\n
  8. during the running nmap scan; how can you access the nmap stats (of a
    \nrunning scan)?<\/li>\n<\/ol>\n

    2. Answers and Solution<\/h2>\n
      \n
    1. nmap -n -Pn -p 445 --script smb-vuln-ms17-010 -iL targets.txt -oA nmap_script_eternalblue<\/code><\/li>\n<\/ol>\n

      \"\"<\/p>\n

      \"\"<\/p>\n

      The vulnerable host is 152.96.6.249<\/code><\/p>\n

        \n
      1. \n

        A full tcp scan can be done with the following command: (also known as TCP connect scan)<\/p>\n

        \n

        nmap -sT -iL targets.txt<\/code><\/p>\n<\/blockquote>\n<\/li>\n

      2. \n

        A syn scan can be done with the following command:<\/p>\n<\/li>\n<\/ol>\n

        \n

        nmap -sS -iL targets.txt<\/code><\/p>\n<\/blockquote>\n

          \n
        1. It’s the syn scan and it can be done with the command above.<\/li>\n<\/ol>\n
          \n

          A TCP Half Open Scan determines if a port is open by performing the first half of a three-way
          \nhandshake. It is also referred as the SYN scanning. In SYN scanning, the hostile client or
          \nattacker attempts to set up a TCP\/IP connection with a server at every possible port. This is
          \ndone by sending a SYN (synchronization) packet, as if to initiate a three-way handshake, to
          \nevery port on the server.<\/p>\n<\/blockquote>\n

            \n
          1. OS Detection can be done with the following command:
            \n
            \n

            nmap -O -iL targets.txt<\/code><\/p>\n<\/blockquote>\n<\/li>\n<\/ol>\n

            The command line switch -A detect OS and services.<\/p>\n

              \n
            1. \n

              The idea behind the nmap scripting engine is to expand the functionality of nmap as a good security
              \nscanner. The scripts are able to perform a wide range of security related testing and discovery
              \nfunctions.<\/p>\n<\/li>\n

            2. \n

              To locate the nse scripts I use the following command in terminal:<\/p>\n

              \n

              locate nse | grep script<\/p>\n<\/blockquote>\n<\/li>\n<\/ol>\n

              This give me about 600 scripts back. (I did count that with cyberchef)<\/p>\n

              \"\"<\/p>\n

                \n
              1. It’s by entering the return key<\/li>\n<\/ol>\n

                \"\"<\/p>\n

                3. Further Learnings<\/h2>\n

                I didn’t know awk before. Really cool \ud83d\ude42<\/p>\n

                https:\/\/www.geeksforgeeks.org\/awk-command-unixlinux-examples\/<\/a><\/p>\n

                PDF Report
                \n                nmap_scanning#1<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

                1. Task Decription Nmap (Network Mapper) is a free and open-source network scanner which is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-36","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/comments?post=36"}],"version-history":[{"count":6,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/36\/revisions"}],"predecessor-version":[{"id":1342,"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/pages\/36\/revisions\/1342"}],"wp:attachment":[{"href":"https:\/\/cas.cybercop-training.ch\/index.php\/wp-json\/wp\/v2\/media?parent=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}