Perform Reconnaissance and Probing Using Zenmap GUI (Nmap)
Overview
Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about it. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you planned an attack on 172.30.0.0/24 where the VM server farm resides, and used the Zenmap GUI to perform an “Intense Scan” on the targeted IP subnetwork.
Lab Assessment Questions & Answers
1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually.
Windows Application Loaded Starts as Service Y/N 1. Wireshark q Yes q No 2. Netwitness Investgator q Yes q No 3. Nessus Server Manager q Yes q No 4. Filezilla Server application q Yes q No 5. Tftpd32_SE Admin q Yes q No
2. What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1, LAN Switch 2 and the IP default gateway router?
TargetWindows01 server – 172.30.0.8
LAN Switch 1 – 172.16.8.5
LAN Switch 2 – 172.16.20.5
IP default gateway router – 172.30.0.1
3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source?
Yes ping command worked, 4 packets were sent back to the IP source.
4. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of 172.30.0.0/24? nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.0/24
5. Name at least five different scans that may be performed from the Zenmap GUI.