Powered by Blogger.
Home » » Module 05: Network Penetration Testing Methodology-External (Ex 1)

Module 05: Network Penetration Testing Methodology-External (Ex 1)

Written By AKADEMY on Wednesday, July 3, 2019 | 11:08 AM

Module 05: Network Penetration Testing Methodology-External

Objective

The objective of this lab is to help students in conducting network scanning, network vulnerability analysis, and network security maintenance.
You need to perform network scans to:
  • Check live systems and open ports
  • Perform banner grabbing and OS fingerprinting
  • Identify network vulnerabilities
  • Draw network diagrams of vulnerable hosts
  • Pentest vulnerabilities to gain unauthorized access

Scenario

External Penetration Testing determines the possibility of network security attacks from outside of the network perimeter. It evaluates the organization’s systems and network for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption.
An attacker uses vulnerabilities to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organization to address each weakness. Vulnerability scanning is a critical component of any penetration testing assignment. As an expert Penetration Tester or a Security Administrator, you need to conduct penetration testing and list the threats and vulnerabilities found in an organization’s network, perform port scanning, network scanning, and vulnerability scanning to identify IP/hostname, live hosts, and vulnerabilities. Then, you need to take specific preventive countermeasures to overcome them

Exercise 1: Exploring and Auditing a Machine Using Nmap

Scenario

Network scan plays a crucial role in identifying the hosts that are up and running in a network. Additionally, it helps a pentester in pulling out additional information associated with a machine such as the services running on the machine, the ports used by the service and the operating system details.
As a penetration tester, you need to have extensive knowledge of network mapping tools, top ports running different services, etc.
Lab Duration30 Minutes
  1. Click Windows Server 2012 (External Network). Click Ctrl+Alt+Delete.
    Screenshot
  2. In the password field click Pa$$w0rd and press Enter
    You can use the Type Password option from the Commands menu to enter the password.
    Screenshot
  3. In this lab, you are given the assignment to audit the server hosting the website http://www.luxurytreats.com.
    So, before beginning this lab, we shall identify the IP Address of the website using the ping utility.
    Launch a command prompt, type ping www.luxurytreats.com and press Enter.
    This returns the IP Address of the server as 172.19.19.11 in the response.
    We will be scanning this IP address using Nmap in the forthcoming tasks.
    Screenshot
  4. To install Nmap navigate to E:\ECSAv10 Module 05 Network Penetration Testing Methodology-External\Nmap, and double-click nmap-7.60-setup.exe. If an Open File - Security Warningpop-up appears, click Run and follow the steps to install Nmap (Zenmap) scanner.
    While installing Nmap, if a WinPcap Setup dialog box appears, click No, and follow the installation steps.
    Screenshot
  5. To launch Nmap, double-click Nmap - Zenmap GUI icon on the desktop.
    Screenshot
  6. Zenmap (Nmap) main window appears as shown in the screenshot.
    Screenshot
  7. To perform Intense Scan, enter IP address in the Target field and choose Intense Scan from Profile drop-down list and click Scan.
    In this lab, we are performing Intense Scan on Web Server Subnet C machine (which is hosting www.luxurytreats.com) whose IP address, 172.19.19.11 was identified in the earlier steps.
    The scan will take a few minutes to complete.
    Screenshot
  8. Nmap scans the provided IP address with Intense scan and scan results are shown in the Nmap Output tab.
    Scan results may vary in your lab environment.
    Screenshot
  9. Click the Ports/Hosts tab to check the Port, Protocol, State, Service, and Version of services discovered during the scan.
    Screenshot
  10. Click the Topology tab to view network topology of the target system.
    Screenshot
  11. Click the Host Details tab to see the details of the hosts discovered during the intense scan.
    Screenshot
  12. Click the Scans tab to view the status of the scan, and command used.
    Screenshot
  13. Now, click the Services tab in the left pane. This tab displays the list of services running on the machine.
    Screenshot
  14. Now, click msrpc service under Services section to view the ports on which the services are running.
    This way, you can access information about each service.
    Screenshot
  15. To save the scanned result, navigate to Scan and click Save Scan from the menu bar.
    Screenshot
  16. Save Scan window appears, specify the scan name in the Name: text field as Intense Scan.xml, specify the destination location in Save in folder: field, file type in Select File Type: field and click Save.
    In this lab, the default file location and default file type have been chosen.
    You can even choose your desired location to save the result.
    Screenshot
  17. To view the result, navigate to C:\Program Files (x86)\Nmap and double-click Intense Scan.xml.
    Here, the saved file location is C:\Program Files (x86)\Nmap.
    Screenshot
  18. Once you double-click the file How do you want to open this type of file (.xml)?, choose the program in which you want to view the result. In this lab, we are selecting Internet Explorer to view.
    Screenshot
  19. Now, you can view the Intense Scan report in the browser as shown in the screenshot.
    Screenshot
  20. Now, close all the windows.
    If Errors Occurred pop-up appears, click OK.
  21. To launch Nmap, double-click Nmap - Zenmap GUI icon on the desktop.
    Screenshot
  22. To perform Xmas Scan, choose Regular Scanfrom Profile drop-down list.
    Xmas scan sends a TCP frame to a remote device with PSHURG and FIN flags set. FIN scans only with OS TCP/IP developed according to RFC 793.
    Screenshot
  23. To, create a new profile navigate to Profile -> New Profile or Command from the menu bar.
    Screenshot
  24. Profile Editor Wizard appears, type Xmas Scanin Profile name field under Profile Informationsection.
    Screenshot
  25. Click Scan tab.
    Choose, Xmas Tree scan (-sX) from the TCP scans: drop-down list under Scan Options, in Scan tab of Profile Editor wizard.
    Screenshot
  26. Select None from the Non-TCP scans: drop-down list, Aggressive (-T4) from the Timing template: list, check the Enable all advanced/aggressive options (-A) option, and click Save Changes.
    Screenshot
  27. To perform Xmas Scan, type the IP address of Web Server Subnet C machine i.e., 172.19.19.11 in Target: field, choose Xmas Scan from Profile:drop-down list, and click Scan.
    Nmap takes about 20 minutes to complete the scan.
    Once the scan is initiated, ping the Web Server Subnet C Machine.
    Screenshot
  28. Nmap scans the specific target IP address and displays the results in the Nmap Output tab.
    The output might vary in your lab environment.
    Screenshot
  29. Analyze the scan results by checking all the tabs.
    Screenshot
  30. Click the Services tab in the left pane. It displays all the services for that host.
    Screenshot
  31. To save the scanned result, navigate to Scan, and click Save Scan from the menu bar.
    Screenshot
  32. Choose a scan to save pop-up window appears.
    Select nmap -sX -T4 -A 172.19.19.11 from the drop-down list and click Save button.
    Screenshot
  33. Save Scan window appears, specify the scan name in the Name: text field as Xmas Scan.xml, specify the destination location in Save in folder:field, file type in Select File Type: field and click Save.
    Close the Nmap window.
    In this lab, the default file location and default file type have been chosen.
    You can even choose your desired location to save the result.
    Screenshot
  34. To view the result, navigate to C:\Program Files (x86)\Nmap and double-click Xmas Scan.xmlfile to view the result.
    If you are asked How do you want to open this type of file (.xml)?, choose the program in which you want to view the result. In this lab, we are selecting Internet Explorer Browser to view the scan results.
    Screenshot
  35. Xmas Scan report can be seen in the browser as shown in the screenshot.
    Ignore the warning pop-ups at the bottom of the windows explorer.
    Screenshot
  36. Now, close all the windows.
  37. Double-click Nmap - Zenmap GUI icon on the desktop.
    Screenshot
  38. To create a new profile, navigate to Profile and click New Profile or Command.
    Screenshot
  39. In the Profile tab, enter Null Scan in the Profile name text field.
    Screenshot
  40. Click the Scan tab in the Profile Editor window. Now, select the Null Scan (-sN) option from the TCP scan: drop-down list, and click Save Changes.
    Screenshot
  41. To perform Null Scan, enter the IP address 172.19.19.11 of Web Server Subnet C machine in the Target field, choose Null Scan from the Profile drop-down list and click Scan.
    Once the scan is initiated, ping the Web Server Subnet C Machine. The command you need to issue is ping 172.19.19.11 -t.
    The reason to ping the machine is that, when you ping the target and receive an ICMP Echo reply, Nmap, which is already running on the pentesting machine, recognizes that the target machine is active and detects the open ports on the machine.
    Screenshot
  42. Nmap scans the provided target IP address and displays results in the Nmap Output tab.
    The output might vary in your lab environment.
    Once the output is obtained, close the command prompt.
    Screenshot
  43. To analyze the scan results, navigate through all the tabs beside nmap output tab i.e, Ports/ HostsTopologyHost DetailsScans tabs to retrieve more information about Null Scan on the specified host.
    Screenshot
  44. To save the scanned result, navigate to Scan and click Save Scan from the menu bar.
    Screenshot
  45. Save Scan window appears, specify the scan name in the Name: text field as Null Scan.xml, specify destination location in Save in folder:field, file type in Select File Type: field and click Save.
    Close the Nmap window.
    In this lab, the default file location and default file type have been chosen.
    You can even choose your desired location to save the result.
    Screenshot
  46. To view result, navigate to C:\Program Files (x86)\Nmap and double-click Null Scan.xml file to view the result.
    If you are asked How do you want to open this type of file (.xml)?, choose the program in which you want to view the result. In this lab, we are selecting Internet Explorer Browser to view the scan results.
    Screenshot
  47. Now, Null Scan report can be seen in the browser as shown in the screenshot.
    Ignore the warning pop-ups at the bottom of the windows explorer window.
    Similarly, ACK Flag Scan can be performed by creating a new scan profile for ACK Flag Scan.
    Screenshot
  48. After analyzing the results in the report, close all the windows and the Nmap GUI.
In this lab you have analyzed all the IP addresses, open and closed ports, services, and protocols you discovered during the scan.
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT