1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. WINDOWS APPLICATION LOADEDSTARTS AS SERVICE Y/N
1. tftpd32 Starts as a service
2. FileZilla Server Interface- The interface does not start as a service and must be ran manually 3. Wireshark – Does not start as a service and must be ran manually 4. Nessus Server Manager – Does not start as a service and must be ran manually 5. NetWitness Investigator – Does not start as a service and must be ran manually
2. What was the allocated source IP host address for the TargetWindows01 server, TargetUbuntu01 server, and the IP default gateway router?
TagetWindows01 Server- Source IP = 172.30.0.8
TargetUbuntu01 Server – Source IP = 172.30.0.4
TargetUbuntu02 Server – Source IP = 172.30.0.9
The Default Gateway IP is = 172.30.0.1
3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source?
Yes, the targeted IP host responded back with 4 echo-replies.
4. If you ping the TargetWindows01 server and the UbuntuTarget01 server, which fields in the ICMP echo-request/echo-replies vary?
The fields that vary is the Time To Live (TTL) fields. For the TargetUbuntu01 it's 64 and the TargetWindows01 is 128.
5. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of 172.30.0.0/24?
The syntax for an Intense Scan in Zenmap is as followed: nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.0/24
6. Name at least five different scans that may be performed from the Zenmap GUI. Document under what circumstances you would choose to run those particular scans.
Intense Scan-Provides a very detailed information about ports and protocols, Operating Systems, and Mac Addresses Internse Scan, all TCP ports – Provide intense scan on all tcp ports 1-65535. Ping Scan-Provide basic information about availability and MAC addresses Quick Scan- Provides a fast scan limiting the number of TCP ports scanned only the top 100 most common TCP ports Regular Scan-This is the default scan by issuing TCP SYN scans for the most common 1000 TCP ports using pings for host detection.
7. How many different tests (i.e., scripts) did your “Intense Scan” definition perform? List them all after reviewing the scan report.
The Intense Scan initiated 36 Scripts. The scripts can be found at http://nmap.org/nsedoc/
8. Describe what each of these tests or scripts performs within the Zenmap GUI (Nmap) scan report.
Below are each of the 36 scripts and a description of each, derived from http://nmap.org/nsedoc/. acarsd-info
Retrieves information from a listening acarsd daemon. Acarsd decodes ACARS (Aircraft Communication Addressing and Reporting System) data in real time. The information retrieved by this script includes the daemon version, API version, administrator e-mail address and listening frequency. address-info
Shows extra information about IPv6 addresses, such as embedded MAC or IPv4 addresses when available. afp-brute
Performs password guessing against Apple Filing Protocol (AFP). afp-ls
Attempts to get useful information about files from AFP volumes. The output is intended to resemble the output of ls. afp-path-vuln
Detects the Mac OS X AFP directory traversal vulnerability, CVE-2010-0533. afp-serverinfo
Shows AFP server information. This information includes the server's hostname, IPv4 and IPv6 addresses, and hardware type (for example Macmini or MacBookPro). afp-showmount
Shows AFP shares and ACLs.
Retrieves the authentication scheme and realm of an AJP service (Apache JServ Protocol) that requires authentication. ajp-brute
Performs brute force passwords auditing against the Apache JServ protocol. The Apache JServ...
Please join StudyMode to read the full document