CYA …..3

 write and submit a lab report of a minimum of 3 pages on what you learned in the lab, with screenshots and analysis of the following labs in testout. Please follow the attach instructions.   

Do the following Labs

omplete TestOut Lab 7.4.7 on “Scan for Vulnerabilities on Windows Workstation” and 7.4.8 on “Scan for Vulnerabilities on a Linux Server” – write and submit a lab report on blackboard of a minimum of 3 pages on what you learned in the lab, with screenshots and analysis.

Je

Perform Reconnaissance with Nmap and Zenmap

7

Perform Reconnaissance with Nmap and Zenmap

Lab Summary

This lab entails performing a reconnaissance using Network mapper (Nmap) and Zenmap. The two tools have been efficient in collecting useful information that could later be used to perform penetration testing on PartnerCorp organization network (Dar & Iqbal, 2018). The lab is subdivided into three tasks; To obtain the domain name of the servers, to get the IP address of the identified server using NMAP and finally to identify vulnerable hosts within the network by scanning the open ports using Zenmap. The lab steps and analysis is given in details below:

Steps and Analysis

The following steps were conducted to perform the reconnaissance lab test.

The first task was to obtain the domain name servers of PartnerCorp.xyz organization. To acquire such data, I utilized the whois.org website under the Analyst-Lap computer as follows;

i. From the taskbar, I selected Google Chrome.

ii. I then maximize the windows for better viewing.

iii. In the URL field, I typed whois.org and press Enter.

iv. In the Search for a domain name field, I entered partnercorp.xyz.

v. I finally selected Search

The results came out automatically as shown in the screenshot below;

From the results I did not only obtain the domain server names but also other very important information such as the registry domain and relevant related registry data, creation and update timestamps, domain status, registrar names and details among many other details. This gives the intended user detailed data about the target server.

The second task involved getting the primary web server address (Partnercorp.xyz IP address). I used the nslookup tool using the following procedure;

a. Still under Analyst-Lap computer, I right-clicked Start and select Windows PowerShell (Admin).

b. At the PowerShell prompt, I typed nslookup

www.partnercorp.xyz

 ns1.nethost.net (which is the name of the server as obtained from the previous task) and pressed Enter.

The results of this task are given in the screenshot below;

From the results both the ns1 server and Partnercorp IP addresses are given. The two serve an important purpose in penetration testing. The nslookup command-line utility is used to query the Domain Name System (DNS) for the mapping between an IP address and a domain name, as well as many other related DNS data (Sheikh, 2021).

The last task of this lab was to utilize Zenmap to search for 50 of the top ports opened on the network identified by nslookup above. I used the Zenmap tool to run the Nmap command to identify the open ports as follows;

i. From the navigation tabs, I select Buildings to shift to the second computer, which is runs on Linux operating system.

ii. Under Blue Cell, I selected Analyst-Lap2.

iii. From the Favorites bar, I later selected Zenmap.

iv. I maximize the Zenmap window for easier viewing.

v. In the Command field, I typed nmap –top-ports 50 73.44.215.0/24 command to scan for open ports.

vi. I finally selected scan option to scan for open ports on all servers located on this network.

The results obtained from the task are as shown in the screenshot below;

From the server IP address, I was able to identify its network ID and address as 73.44.215.0/24. I then singled out the top 50 ports for better analysis. From the results only 50 ports per host were scanned. Zenmap tool later arranged the results of each host one after the other in ascending order. All the open ports within top 50 ports per host were obtained. The results were very useful to identify the vulnerable servers based on their specific open ports (Dar & Iqbal, 2018).

I was keen to answer each question after each task before proceeding to the next. After completing all tasks and answering all the questions, I selected score lab to complete the lab.

Lab Questions and Answers

i. Question 1

Use the whois.org website to determine the domain name servers used by PartnerCorp.xyz.

The domain name servers being used by PartnerCorp.xyz is ns1.nethost.net

ii. Question 2

Use nslookup to determine the primary web server address.

The web server IP address for www.partnercorp.xyz is 73.44.215.1

iii. Question 3

Use Zenmap to search for 50 of the top ports opened on the network identified by nslookup above.

Use Zenmap to run an Nmap command (using –top-port) to scan for open ports

The 50 top open ports are all listed using using nmap –top-port command. The potentially vulnerable server for FTP or Telnet ports is 73.44.215.5

Lessons Learnt

As a penetration tester and ethical hacker, Nmap and Zenmap will come in handy. In this lab only very few parameters on NMAP and Zenmap were tested. However, with 65,535 ports from which to choose, this would take all day. Nmap may be used to search the network for open ports. One will have to write ‘nmap -sS scanme.nmap.org’ and press Enter to do a port scan. The -sS option checks 1,000 of the most popular ports. I have received certain results. I am aware of the ports that are open. I am aware of the port’s status as well as the services that are active (Arun & Bijimol, 2021). On the other hand, Zenmap serves as a GUI version of the NMAP.  Therefore, when I wish to work with Nmap and Zenmap again, I have a list of ports that are known to be open.

References

Arun, S., & Bijimol, T. K. (2021). A Research Work on Information Gathering Tools. In Proceedings of the National Conference on Emerging Computer Applications (NCECA) (p. 118).

Dar, U. A., & Iqbal, A. (2018). The silent art of reconnaissance: the other side of the hill. International Journal of Computer Networks and Communications Security, 6(12), 250-263.

Sheikh, A. (2021). Footprinting and Reconnaissance/Scanning Networks. In Certified Ethical Hacker (CEH) Preparation Guide (pp. 11-25). Apress, Berkeley, CA.