Lab2_Recon_Network_Scanning

docx

School

University of Rochester *

*We aren’t endorsed by this school

Course

3710

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by SargentFlagKomodoDragon15

Report
CS 3710 Introduction to Cybersecurity Term: Spring 2024 Lab Exercise 2 – Reconnaissance and Network Scanning Lab Due Date: February 2, 2024 11:59pm Points Possible: 7 points Name: Ziqian Zhao By submitting this assignment you are digitally signing the honor code, “On my honor, I pledge that I have neither given nor received help on this assignment.” Generative AI assistance is NOT permitted on this assignment. 1. Overview This lab exercise will provide some hands-on experience with reconnaissance, network scanning, and service enumeration. 2. Resources required This exercise requires a Kali Linux VM running in the Virginia Cyber Range. 3. Initial Setup From your Virginia Cyber Range course, select the Cyber Basics environment. Click “start” to start your environment and “join” to get to your Linux desktop login. 4. Tasks Task 1: Whois lookups For this portion of the exercise, you can use a web browser on your laptop or desktop computer, or you can log in to your Cyber Basics environment in the Virginia Cyber Range. WHOIS is a tool for querying databases containing domain registration data to determine ownership, IP addresses, and other information. A reverse whois lookup can be used to find domains that are registered by a particular individual or organization. ICANN is the authoritative source for WHOIS information, however due to the General Data Protection Regulation (GDPR) a lot of its information is now restricted. Other sources of WHOIS information include https://pk.godaddy.com/whois , and https://whois.domaintools.com/ . Question #1: Do a whois lookup on the domain jmu.edu . To whom is the domain registered? What is the administrative contact name, address, email, and phone number? (.5 point) The domain jmu.edu is registered to James Madison University. The administrative contact name is Dennis Little, with address as Massanutten Hall 265, MSC 5733, Harrisonburg, VA 22807, USA. Phone number is +1.5405681676. Email is littledr@jmu.edu © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia
CS 3710 Introduction to Cybersecurity Term: Spring 2024 Task 2: nslookup and dig Nslookup is a Linux and Windows tool for querying the distributed database that makes up the domain name system (DNS). This database translates host names (such as www.virginiacyberrange.org) to IP addresses (52.85.151.5). This translation is necessary because your computer must have the IP address of systems, such as web servers, that it communicates with, but humans are not good at remembering strings of numbers so we remember hostnames instead. DNS converts hostnames to the proper IP address so your web browser can find that web page. This DNS lookup usually happens in the background so users don’t realize it is happening. You can use the nslookup tool to do this mapping from the command line. For this exercise, you will log in to your Virginia Cyber Range account and select the Cyber Basics environment, then click “start” to start your environment and “join” to get to your Linux desktop login. Question #2: Use nslookup to find the IP address for vt.edu. What is the IPv4 address? Provide a screen shot and explain where you found the answer. (.5 point) The IPv4 address is 198.82.215.14. Dig is another, and generally more powerful, tool for DNS database queries. However, dig is only available on Linux and Unix systems. Question #3: Examine the Linux ‘man page’ for the dig utility to find more information about dig. What does the ‘ -x ’ command-line option do in dig? (.5 point) The -x command-line option in dig is used for doing reverse DNS lookups. Instead of directly providing the hostname to get the IP address, we now provide the IP address to get the hostname associated with it. Question #4: Use dig to conduct a reverse lookup of the IP address 134.126.20.33. What is the hostname or hostnames correspond with that IP address? (.5 point) The corresponding hostname is cs.jmu.edu. © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia
CS 3710 Introduction to Cybersecurity Term: Spring 2024 Task 3: Network scanning using nmap Your Kali Linux virtual machine in the Virginia Cyber Range is connected to a small network subnet with other systems. Your first step in this exercise is to understand your network neighborhood. Question #5: What is your IPv4 address and netmask? (.5 point) The address is 10.1.86.39 and the netmask is 255.255.240.0 There are different ways to accomplish host discovery on a network. For this exercise we will use Nmap (https://nmap.org/book/man.html ), a widely used tool for network exploration and port scanning. Nmap can be used to scan a single hostname or IP address or range of addresses. You can learn more about Nmap through the man page ( man nmap ) or simply type nmap with nothing else and hit enter to see a summary of command options and usage. To scan a single host you would use the following command: $ nmap <options> <hostname or IP address> Question #6: Run an nmap scan against your own IP address. What ports are open? Provide a screenshot and explain or show where you found your answer. (.5 point) 22/tcp(SSH) and 3389/tcp(). I found it in the line starting with “PORT”. Ping scan . Let’s see what other systems are on the network by using Nmap’s ping scan. Nmap has a ping scan option that simply sends a ping packet to each IP address and listens for replies to identify active © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CS 3710 Introduction to Cybersecurity Term: Spring 2024 hosts. For this scan you will scan your network using CIDR notation which looks like the following: your_IP_address/CIDR You will replace your_IP_address with your actual IP that you identified in Question #5. The second part is to replace the CIDR with the actual CIDR notation for your network. Use your Google skills to find the CIDR notation of your network based on your netmask found in Question #5 and replace the word CIDR with it to scan the entire network where your system lives. Don’t forget to give nmap the ping scan only option! Question #7: Which active IP addresses did you discover on the network? Provide a screenshot and explain or show where you found your answer. (1 point) The active IP addresses discovered on the network are: 10.1.86.39 10.1.87.229 10.1.92.241 10.1.94.224 I found the answer through the result of ping scan where only returns these four ip addresses and showed “Nmap done”. Port scan . By default, nmap will conduct a port scan of the target address(es), trying to connect to ports 1 – 1000 for each IP address scanned and report which ports it finds open, or “listening”. Now that we have identified potential target systems we will scan them to identify open networking ports. Use nmap with no options to scan each host that you discovered in the step above. Question #8: List each IP address that you scanned and the port numbers and services open on each system. (.5 point) Ip address port number service open 10.1.86.39 22/tcp ssh 3389/tcp Ms-wbt-server 10.1.87.229 22/tcp ssh 80/tcp http 139/tcp Netbios-ssn 445/tcp Microsoft-ds 10.1.92.241 80/tcp http © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia
CS 3710 Introduction to Cybersecurity Term: Spring 2024 10.1.94.224 21/tcp ftp Question #9: Which systems (IPs) are possibly running a web server? Explain along with a screenshot. (.5 point) 10.1.87.229 and 10.1.92.241 as the service opened are “http”. Question #10: Version detection . Now we need to look a little more to find out specifics about the open services you detected. Run an Nmap scan against each target that will perform version detection and show service versions. (there is more than one option that can do this) List all service versions that you find for each IP address. Not all ports will have a specific numerical version, but it will list more information about the service being used, so include that too. (1 point) Ip address service open Service versions 10.1.86.39 ssh OpenSSH 9.3p1 Debian 1 (protocol 2.0) Ms-wbt-server xrdp 10.1.87.229 ssh OpenSSH 8.2p1 ubuntu 4ubuntu0.7 (ubuntu Linux; protocol 2.0) http Apache httpd 2.4.41 Netbios-ssn Samba smbd 3.X-4.X(workgroup: MYGROUP) Microsoft-ds samba smbd 3.X-4.X(workgroup: MYGROUP) 10.1.92.241 http Golang net/http server(Go-IPFS json-rpc or InfluxDB API) 10.1.94.224 ftp vsftpd 2.0.8 or later Question #11: Taking it one step further. Scanning is the first step to identify active targets, which we did in Question #7 and then to identify open ports and services, which we did in Question #8. By performing version detection like we did in Question #10 we can start to identify potential vulnerabilities. One of the targets you scanned has a File Transfer Protocol (FTP) server running, which is a vulnerable way to transfer files. The nmap -A scan can give you some really valuable information for logging into that FTP server. Exploit the anonymous FTP login and retrieve a file from the server and paste its contents here. (1 point) Welcome to Cyber Range FTP Server. © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia
CS 3710 Introduction to Cybersecurity Term: Spring 2024 By submitting this assignment you are digitally signing the honor code, “I pledge that I have neither given nor received help on this assignment”. END OF EXERCISE References http://viewdns.info/ https://nmap.org/book/man.html https://en.wikipedia.org/wiki/Port_(computer_networking) https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing © 2024 Virginia Cyber Range. Created by David Raymond, Ph.D., CISSP, Virginia Tech. (CC BY-NC-SA 4.0) Modified by Angela Orebaugh, Ph.D, CISSP, University of Virginia
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Python Codes.pdf
CP4P_NumberSystems_Activity_Answers.docx
SDEV-M07 Evaluate_ Quiz - Arrays and File I_O_ Knowledge Assessment for IT - Cohort 8 Virtual Instru
Oryzanin_outcroppings_areae.docx
Technology Lesson Demonstration.docx
Lab1_Password_Cracking.docx
Lab3_Sniffing.pdf
Framework for Enhancing Digital Proficiency K Lazard.docx
metcs633_M3_A3_Optimize Peer Reviews(1).docx
CSC420 Week 2 Exercise Lab.docx
3.1.4 Section Quiz.pdf
CSC420 Week 1 Exercise Lab.docx
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS