m11-lab2 (1)2
docx
keyboard_arrow_up
School
Schoolcraft College *
*We aren’t endorsed by this school
Course
262
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
6
Uploaded by DrRamMaster341
M11 Lab 2 Worksheet
Preparation
Access and Log into NDG Online using the account you created in Module 0 and
open the NDG Security+ V4 labs. As you complete the labs, refer to this assignment
to provide the required information and answer questions. Locate and click on the
link for
No Lab: Launch Cyber Range
Activities
These activities will be slightly different than the prior labs in that the instructions
for how to complete the activities will be documented here rather than in the
area in the NDG Lab environment
Part 1: Running an Nmap scan
1.
Click the
Kali
tab to access the Kali VM
2.
Log in to the
Kali
VM as username
kali
, password
kali
3.
Click on the
terminal
icon located in the top menu bar
4.
Type the following commands to create a new directory to save Nmap scan
results and then change to that directory
mkdir Scans
cd Scans
5.
Type the following command to scan the
UbuntuSRV
server in our lab
topology and enter the “kali” as the password if/when prompted
Sudo nmap -sS -oA ubuntuscan1 172.16.1.10
Take a screenshot of the entire terminal window that shows the output of the
Nmap scan insert it below.
(2 points)
Part 2: Parsing the Scan Results
1.
Type
ls
to display the new log files created as a result of the scan
2.
Type
mousepad ubuntuscan1.xml
to open the xml formatted scan report
and open it in a GUI text editor.
Review the file contents and then close the editor window to return to the
command line.
3.
Type mousepad ubuntuscan1.gnmap to open the scan results in a format
conducive to the use of
grep
for parsing.
Review the file contents and then close the editor window to return to the
command line.
4.
Type the following command to parse the scan output and “cut” the first item
in each line that contains “open”.
This will be the word
Host:
cat ubuntuscan1.gnmap | grep open | cut -d” “ -f1
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
5.
Type the following command to parse the scan output and “cut” the 2nd
portion of each line that contains “open”.
This should be the IP address of the
host.
cat ubuntuscan1.gnmap | grep open | cut -d” “ -f2
Take a screenshot of the entire terminal window that shows the output of this
command and insert it below.
(2 points)
6.
Type the following command to take the output from the previous command
and save it to a text file named
livehosts.txt
cat ubuntuscan1.gnmap | grep open | cut -d” “ -f2>livehosts.txt
7.
Type the
cat ubuntuscan1.nmap
command to display the contents of the
ubuntuscan1.nmap
output file
8.
Type the
cat ubuntuscan1.nmap | grep
command to modify the output to
only display each line within the u
buntuscan1.nmap
output file that contains
“open”.
9.
Type the following command to further modify the output to display only the
first part of each line in the ubuntuscan1.nmap file that contains “open”.
This
will be the port that is open on the target system we scanned.
cat ubuntuscan1.nmap | grep open | cut -d”/” -f1
Take a screenshot of the entire terminal window showing the modified output
of this command and insert it below
(2 points)
10.
Type the following command to take the output from the previous
command and save it to a text file named
liveports.txt
cat ubuntuscan1.nmap | grep open | cut -d”/” -f1>liveports.txt
11.
Making sure you are in the
Scans
folder, type
ls
to display the contents
of the folder (note: the “l” in the ls is a lowercase “L”).
This should show the 3
scan output files, along with the
livehosts.txt
and
liveports.txt
files that
include the modified output of the scan results.
Take a screenshot of the entire terminal window showing the contents of the
Scans
folder and insert it below
(2 points)
Reflection
Note: It may be helpful to refer back to the lab instructions or your screenshots to
answer the following questions
Nmap is a powerful tool that can produce detailed logs, as can many other
security tools – Why is it important for a security professional to be able to
parse and analyze these logs? Provide two reasons.
(4 points)
1.Identification of Vulnerabilities: Parsing and analyzing Nmap logs allow
security professionals to identify potential vulnerabilities on a network or
system. By examining the output, security experts can determine which ports
are open, what services are running, and if there are any indications of
misconfigurations or outdated software. This information is crucial for
assessing the security posture of the network and addressing any
weaknesses before they can be exploited by attackers.
2.Incident Response and Forensics: In the event of a security incident or
breach, parsing Nmap logs becomes essential for incident response and
forensic analysis. Security professionals can trace the steps of an attacker,
understand the extent of the compromise, and identify the tactics used.
Analyzing Nmap logs helps in reconstructing the timeline of events,
determining the entry point, and assessing the impact on the system. This
information is vital for mitigating the immediate threat and implementing
preventive measures for the future.
Overall, the ability to parse and analyze Nmap logs enhances a security
professional's capability to proactively identify and respond to security
threats, contributing to a more robust and resilient cybersecurity strategy.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help