Project 03 - Active Recon with NMAP скачать в хорошем качестве

Project 03 - Active Recon with NMAP

Commands used (in the order they appear in the lab): 1. nmap -sT skillsetlocal.com (to scan target machine for open TCP ports) - TCP establishes 3 way handshake connection: SYN, SYN-ACK, ACK 2. ifconfig (to find out what our ip address is and what other potential target machine ip addresses are) 3. nmap -sn 192.168.100.0/24 (ping sweep CIDR address to see who else on the target machine's network is running) 4. cat /etc/hosts (another way to see which machines are up on the target network) 5. nmap -sT 192.168.100.100,101 (to scan both target machines for open TCP ports at the same time) 6. nmap -sT 192.168.100.1-100 (to scan a range of machines on target network, only one should return) 7. nmap -sT skillsetlocal.com -p 6379 (to scan a specific port on a target machine) - Port 6379 is used for redis, a protocol used for client/server communication 8. sudo nmap -sU skillsetlocal.com (to scan target machine for open UDP ports with root privileges) - UDP is connectionless, used for streaming, Port 123 is used for network time protocol (synchronizes computer clock across a network) 9. Entered password 10. sudo nmap -sU -sT skillsetlocal.com (to scan target machine for both open TCP and UDP port with root privileges) 11. Entered password 12. nmap -sn 192.168.100.0/24 -oG pingscan.out (ping sweep CIDR address and place output into a file using a greppable format) 13. cat pingscan.out (to view contents of output file) 14. cat pingscan.out | grep Up (example of how to word search a file in greppable format) 15. cat pingscan.out | grep Up greater than sign pingscan.out1 (places lines with the word "Up" in a different output file) 16. cat pingscan.out1 (to view contents of new output file) 17. cat pingscan.out1 | cut -f2 -d " " greater than sign pingscan.out2 (places only the contents of field 2 into different output file) 18. cat pingscan.out2 (only the IP address should appear in new output file) 19. nmap -sT -iL pingscan.out2 -p 3389 ("input from list" option allows nmap to perform a TCP scan of all the ip addresses listed in the output file) 20. sudo nmap -O skillsetlocal.com (to perform an OS scan using root privileges) - 2.6.32 21. Entered password 22. nmap -T4 -A skillsetlocal.com (runs a fast nmap scan -T4, combining various scan types together to give us highly detailed information about our target -A. Speeds: -T0 (paranoid), -T1 (sneaky), -T2 (polite), -T3 (default), -T4 (Aggressive), -T5 (Insane)) 23. nmap -v skillsetlocal.com (verbose scans gives us the full report on a scan that maybe otherwise omitted) 24. nmap -F skillsetlocal.com (Fast scan speeds up the nmap scan by scanning the 100 most popular ports) Cyber Skill Based Training and Certifications: TryHackMe: https://tryhackme.com/ Hack The Box: https://www.hackthebox.com/ Let's Defend: https://letsdefend.io/ INE: https://ine.com/ TCM: https://tcm-sec.com/ InfoSec Institute Cyber Ranges: https://www.infosecinstitute.com/skil...