Professional Documents
Culture Documents
1. PING sweep. Run a TCP Netcat port scan on ports 3000-4000. The -w option specifies the
connection timeout in seconds and -z is used to specify zero-I/O mode, which will send no data
and is used for scanning:
2. Run a UDP Netcat port scan against ports 1-1000. This is done using the -u switch which
indicates a UDP scan:
Nmap’s preferred scanning technique is a SYN, or “stealth” scan. Execute the scan and check the
results
When a user running nmap does not have raw socket privileges, Nmap will default to the TCP
connect scan. We can use the -sT option to start a connect scan:
d) When performing a UDP scan, Nmap will use a combination of two different methods to
determine if a port is open or closed. For most ports, it will use the standard “ICMP port
unreachable” and for some common ports, such as port 161, which is used by SNMP, it will send
a protocol-specific SNMP packet in an attempt to get a response from an application bound to
that port. To perform a UDP scan, the -sU option is used and sudo is required to access raw
sockets:
sudo nmap -sU TARGETIP
We can use the Nmap Scripting Engine (NSE)206 to launch user-created scripts in order to
automate various scanning tasks. These scripts perform a broad range of functions including DNS
enumeration, brute force attacks, and even vulnerability identification. NSE scripts are located in
the /usr/share/nmap/scripts directory.
Lets test the smb-os-discovery script attempts to connect to the SMB service on a target and
determine its operating system:
This folder also contains a script.db file that serves as an index to all of the scripts.
a) Use nmap with --script vuln option to run all scripts in the “vuln” category against 2 target
VMs you have for the lab. Save the report with the results and compare to what you found
previously using Nessus.
b) Find an NSE script similar to the NFS Exported Share Information Disclosure that was
executed in the “Scanning with Individual Nessus Plugins” section. Once found, run the script
against the same targets. Describe the results.