What's Under the Christmas Tree?

Networking - NMAP

Video

Resources

Penetration Testing Execution Standard (PTES)

Connect Scan - nmap -sT <ip>

SYN Scan - nmap -sS <ip>

NSE Scripts

nmap --script ftp-proftpd-backdoor -p 21 <ip_address>

Flag	Description
-A	Scan the host to identify services running by matching against Nmap's database with OS detection
-O	Scan the host to retrieve and perform OS detection
-p	Scan a specific port number on the host. A range of ports can also be provided (i.e. 10-100) by using the first and last value of the range
-p-	Scan all ports (0-65535) on the host
-sV	Scan the host using TCP and perform version fingerprinting

Challenge

When was Snort created?

https://en.wikipedia.org/wiki/Snort_(software)

1998

Using Nmap on 10.10.127.159 , what are the port numbers of the three services running? (Please provide your answer in ascending order/lowest -> highest, separated by a comma)

80,2222,3389

Run a scan and provide the -Pn flag to ignore ICMP being used to determine if the host is up

No answer needed

Experiment with different scan settings such as -A and -sV whilst comparing the outputs given.

No answer needed

Use Nmap to determine the name of the Linux distribution that is running, what is reported as the most likely distribution to be running?

Ubuntu

Use Nmap's Network Scripting Engine (NSE) to retrieve the "HTTP-TITLE" of the webserver. Based on the value returned, what do we think this website might be used for?

Blog

Now use different scripts against the remaining services to discover any further information about them

No answer needed