[go: up one dir, main page]
Scribd
Upload
25 views9 pages

Scanning With Nmap

Uploaded by

Phạm Dũng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views9 pages

Scanning With Nmap

Uploaded by

Phạm Dũng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Scanning with nmap

You will open your Kali Linux VM, click on File|Open|

1. Log into Kali with root/toor


2. Open terminal shell and type: nmap

2. Enter the IP address of the Windows 2003 AD Server virtual machine using the following
command:
a. nmap 10.10.1.135

b. Note that running this scan as a root user is actually equivalent to running: nmap -sS
10.10.1.135

NMap – Data Sentry Page 1


c. The scan identified many open ports Windows 2003 AD, but are these all the open
ports on this machine?
3. Next, try port scanning all of the available ports directed toward the Windows 2003 AD vm by
explicitly specifying the ports to be scanned:
a. nmap –p 1-65535 10.10.1.135

b. Notice how you've discovered some open ports that were not initially scanned because
they are not present in the Nmap default port configuration file
(/usr/share/nmap/nmap-services).

NMap – Data Sentry Page 2


4. Network Sweeping: Rather than scanning a single machine for all ports, scan all the machines
for one port (139). This example could be useful for identifying all the computers running
NetBIOS/SMB services:
a. nmap –p 139 10.10.1.*

5. The scan is completed, but you see that the output is not script friendly. Nmap supports several
output formats.

NMap – Data Sentry Page 3


a. Try grep the results (-oG)
i. nmap –p 139 192.168.50.* -oG 139.txt

NMap – Data Sentry Page 4


ii.
iii. cat 139.txt

NMap – Data Sentry Page 5


iv.
v. cat 139.txt | grep open | cut -d “ “ -f2

6. You've found several IP addresses with open port 139. You still do not know, however, which
operating systems are present on these IPs. nmap has a wonderful feature called OS
fingerprinting (-O). This feature attempts to guess the underlying operating system by inspecting
the packets received from the machine. As it turns out, each vendor implements the TCP/IP
stack slightly differently (default TTL values, windows size), and these differences create an
almost unique fingerprint:
a. nmap –O 10.10.1.135

NMap – Data Sentry Page 6


7. The Nmap Scripting Engine (NSE) is a recent addition to Nmap that allows users to write simple
scripts to automate a wide variety of networking tasks. The scripts include a wide variety of
utilities, from DNS enumeration scripts, brute force attack scripts, and even vulnerability
identification scripts. A list of these scripts can be found in the /usr/local/share/nmap/scripts
directory:

NMap – Data Sentry Page 7


8. The scripts contain descriptions in their source code
a. Try this one against the Metasploitable VM
b. nmap 10.10.1.135 –-script smb-enum-users.nse

NMap – Data Sentry Page 8


9. Record your data, or at least part of it.

NMap – Data Sentry Page 9

You might also like