Assignment 2.2 Port Scanning 2

First Steps

For this lab, we will be using our Windows machine.

ipconfig to see IP address

Add a new Administrator account
- run cmd as admin
- net user username password /add
- net localgroup administrators username /add
https://www.wikihow.com/Add-Users-from-CMD

ICMP and Windows 10

Deliverable 1. Observe and repeat the following interaction between kali and your win10 system (substitute your IP addresses).

Determine your Windows 10 IP address (.131 in the example)
Ping Windows 10 from Kali (it should fail)
Ping Kali from Windows 10 (it should work) Use the 10.0.17.x address!
Wireshark on eth0 (not wg0) using a capture filter for your windows host ip address
nmap against tcp/9999
results indicate filtered
display your wireshark capture; there should be an ARP request (this is how the host was found, not ICMP!)

Filtered does not necessarily mean open. It could be open but "filtered" by a firewall. In the example nmap actually doesn't know. TCP/9999 is not active on our windows 10 host at all. In fact the only reason the host is reported up at all is that layer 2 connectivity is allowed in the form of ARP. We can do ARP because there is no layer 3 device separating kali and windows.

Nmap Service Identification

Nmap uses a simple text file to make an initial guess as to the service. As you see above port 9999 is associated with the abyss services. Don't read too much into that. The following screenshot shows you why

Remote Desktop

Deliverable 2. Figure out how to enable Remote Desktop Services on your windows 10 system using the gui, powershell or the command prompt and conduct an nmap scan against the rdp tcp port from your kali system. Show the nmap command and results similar to the one below.

Go to settings > System > Remote Desktop > enable

sudo nmap -p 3389 10.0.17.57

3389 is the rdp port

Deliverable 3. On Kali, make sure xfreerdp is installed and figure out how to initiate an RDP session to your windows box. Provide a screenshot similar to the one below.

sudo apt install freerdp
sudo apt list --installed

xfreerdp 10.0.17.57:3389

Version Detection

nmap can go the extra mile and attempt to get specific version information on a system. Let's try a couple techniques against the RDP port.

Deliverable 4. Add the -sV flag to your previous nmap scan against rdp on windows 10 and provide a screenshot similar to the one below (include your nmap command). You will note a bit more verbiage than seen without the flag.

OS Detection, Version Detection, Script Scanning and traceroute

Deliverable 5. Replace -sV with -A to attempt to derive more information on the host and exposed service. Provide a screenshot similar to the one below. You will notice that the rdp-ntlm-info script provides a good deal of information (1) and that the OS detection output is not very accurate at all.

Deliverable 6. Run an nmap scan against your windows 10 system. Only target tcp ports 1-6000. Provide a screenshot showing your command and output.

More open ports

Turn on file and print sharing

Deliverable 7. Rescan ports 1-6000. Provide a screenshot similar to the one below that shows your command and results. You will note that 3 new ports have been exposed.

Deliverable 8. Figure out how to run a version scan against only the ports exposed above. Provide a screenshot showing your nmap command and the output similar to the one below.

Deliverable 9. Increase the output by running OS Detection, Version Detection, Script Scanning and traceroute against the exposed ports from your previous scan. Provide a screenshot showing your command and output similar to the one below. You will notice we have smb and netbios related information.

PreviousAssignment 2.1 Port Scanning 1 NextNMAP Commands

Last updated 5 months ago