Tải bản đầy đủ
Click Groups: it shows all die groups present in die system

Click Groups: it shows all die groups present in die system

Tải bản đầy đủ

Module 03 - Scanning Networks

‫ ׳‬-T o -

G FI L a n G u a r d 2 0 1 2

m
A high vulnerability
level is the result o f
vulnerabilities or missing
patches w hose average
severity is categorized as
high.

*

>‫־‬

D ashboard

Sun

ftftn c a & e

vl W

R eports

Configuration

!)19CUB3 Ultt VWttKJR—

‫ר‬

H

**S c a n

CrM e r e s t

-igemane:

Password:

H

[c u T € r*f eooed cn user
■c c ':era

1 R tfv n lti Overview
r

S c *• RevuJU D e U ik
Control A u cU at* Cws abx 1
* ft
■ ft* P n t t a w i
• ft0*Ji.s Ouvrctgrv
• ftcmfcw aw# dccmwcm
* ftO (V'tey jM ‫>׳‬- t w i t s ' !
■ ftCfctrtutedCCMUser*
‫ י‬ft& *n t Log Straefcrs
• ftGuests

% C0 «nUOPPwts( 5)
Menfciore

A

• . 1 Softo•'(

• ^ Symrmtnknranon
S h » » ( 6)

«

• 4• Pd«wo1‫ ) ׳‬Pd iy



-

Sxunty AudtPotcy (Off)

# ‫ ־‬lUotetry
f t NetflCCS Narres (3)

* ft
‫ יי‬ft

% Computer

l*i groups(2a)I
I W 4}
%

Psrfertrsnce Log Users
P r‫־‬fty1r 5rcc '\ r

~a users

P M v lS e r s

• ft
‫ ז‬a

‫ ג‬en»te t o o ‫ מיו חן‬O f 0 »y)

- .

E5JUSRS
r^tv>:‫ < ׳‬Ccnfig.rstcn Cp‫־‬rators

♦a
» a **?Operators

S«ss»ns (2)

% Servfcee (l•*©)
H i ®rocrase* (76)

W w rt* ‫״‬

K>pe‫ ׳‬V Adrritstrators

* ft
‫־״‬ft
• ft

•? . -OXfC 0 ‫ ״‬users ( 1 ‫)נ‬

A scheduled scan is a
network audit scheduled to
run automatically on a
specific date/tim e and at a
specific frequency.
Scheduled scans can be set
to execute once or
periodically.

Actmrty M onitor

S*rf« 1l 1f 1 .nl 1 (tdl•‫ | )׳‬Scan tfve*0 ? frt*)

RES Ehdpcut Servers
PCS Manage‫»״‬ent Servers

Soan *read S * fe ) | 8 ‫ י‬0‫| • ׳‬

FIGURE 5.13: Information of Groups

17. Click die D ashboard tab: it shows all the scanned network information
1 ° n ^ ‫׳‬

GFI LanGuard 2012

> 45‫ ״‬I q
Crap

I Dashbcurdl

it 6mel1n*ork

Sun

Remedy!*

!t

Activity Monitor

f#

V»'

Ce m ctm

•w «v

Reports

1

Configuration

to

*

UUkbe;

4t

‫זי‬/.‫־‬

V

ViAirrnhlfces

O u c u M ln a varam ..

fei
*J

PeA*

v

(

SdNiare

Entire Network -1 com puter

f j UKJ»-c«t: ttlh-03»Ma.5rt.4£-»
Security S«1tors
w n w a rn i w u w •

‫^' ־‬ucj1!)<»w>:y10«j<1iR
I t is recommended to
use scheduled scans:
m

rS \

___ H T«W 9M IM ^g

1
0 cc
^

■ T o perform
periodical/regular
network vulnerability
scans automatically and
using the same scanning
profiles and parameters
• T o tngger scans
automatically after office
hours and to generate
alerts and autodistribution o f scan
results via email

Most M ra ra n e caw oJSfS
V. SC 3y ‫ ^ ׳‬L

Occrrputers

Lra tra -on ie d Aco*c

‫כ‬

364
Vulnerabilities
1 CO‫״‬p0t«r9

O

_

Io

0 cancuters
Malware Protection ...

C co‫ ־‬pu‫־‬c r j

‫ ו‬computers

A u l t Sure*

: _

0 « ‫! »י ״י ד‬

;



Agent Hemm Issues
0 C0npu18C8

,A iirraN ity Trend Owe' tm e

w

Computer V14>erabfey CBtnbLiivi

Maraqe saerts

■HLsr-.‘.K
rxfl*n...

S
c-=radrsfrar.tfggnaMnp.ra
Z star can...
j

■ T o automatically trigger
auto-remediation
options, (e.g., Auto
download and deploy
missing updates)

o

‫ ז‬C S ^ lK I

Service Packs and U-

Sec :w dg-.as.‫״‬

C^pm:-jr_

1*aer*Stofcg|\>3tStafcg|

: o ‫ ־‬f u t M By G peratng Syftem

o

1v,vo>5Se‫«׳‬

C om putes S ■O0€>ath. ■. | C onpjters By r te t» o rt.. I

FIGURE 5.14: scanned report o f the network

Lab A nalysis
Dociunent all die results, dueats, and vulnerabilities discovered during die scanning
and auditing process.

C E H L ab M an u al P ag e 120

E th ica l H a c k in g an d C o u n term easu res Copyright O by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

T o o l/U tility

In fo rm atio n C o llected /O b jectiv es A chieved
Vulnerability Level
Vulnerable Assessment
System Patching Status
Scan Results Details for O pen TCP Ports
Scan Results Details for Password Policy

G F I L an G u ard
2012

D ash b o ard - E n tire N etw o rk
■ Vulnerability Level
■ Security Sensors
■ M ost Vulnerable Computers
■ Agent Status
■ Vulnerability Trend Over Time
■ Computer Vulnerability Distribution
■ Computers by Operating System

PLEASE TALK TO

Y O U R I N S T R U C T O R IF YO U
R E L A T E D TO T H IS LAB.

HAVE

QUESTIONS

Q uestions
1. Analyze how GFI LANgtiard products provide protection against a worm.
2. Evaluate under what circumstances GFI LAXguard displays a dialog during
patch deployment.
3. Can you change die message displayed when G FI LANguard is performing
administrative tasks? If ves, how?

In tern e t C o n n ectio n R eq u ired
□ Yes

0 No

P latfo rm S u p p o rted

0 C lassroom

C E H L ab M an u al P ag e 121

0 iLabs

E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

Exploring and Auditing a Network
Using Nmap
N/nap (Zenmap is the officialA',map GUI) is afree, open source (license) utilityfor
netirork exploration and security auditing.
ICON KEY
Valuable
inform ation
T est vour
knowledge

S

W eb exercise

‫ט‬

W orkbook review

Lab S cenario
111 die previous lab you learned to use GFI LanGuard 2012 to scan a network to
find out die vulnerability level, system patching status, details for open and closed
ports, vulnerable computers, etc. A 11 administrator and an attacker can use die same
tools to fix or exploit a system. If an attacker gets to know all die information about
vulnerable computers, diey will immediately act to compromise diose systems using
reconnaissance techniques.
Therefore, as an administrator it is very important for you to patch diose systems
after you have determined all die vulnerabilities in a network, before the attacker
audits die network to gain vulnerable information.
Also, as an ethical hacker and network adm inistrator for your company, your job
is to carry out daily security tasks, such as network inventory, service upgrade
schedules, and the monitoring o f host or service uptime. So, you will be guided in
diis lab to use Nmap to explore and audit a network.

Lab O bjectives
H ie objective o f diis lab is to help students learn and understand how to perform a
network inventory, manage services and upgrades, schedule network tasks, and
monitor host or service uptime and downtime.
h i diis lab, you need to:


Scan TCP and U DP ports

■ Analyze host details and dieir topology


C E H L ab M an u al P ag e 122

Determine the types o f packet filters

E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

Tools
demonstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 03
Scanning
Networks
/— j



Record and save all scan reports



Compare saved results for suspicious ports

Lab Environm ent
To perform die lab, you need:


■ You can also download the latest version o f Nmap from the link
http: / / nmap.org. /


. Q Zenmap works on
Windows after including
Windows 7, and Server
2003/2008.

Nmap located at D:\CEH-Tools\CEHv8 Module 03 Scanning
Networks\Scanning Tools\Nmap

I f you decide to download die latest version, dien screenshots shown in
die lab might differ

■ A computer running Windows Server 2012 as a host machine


Windows Server 2008 running on a virtual machine as a guest

■ A web browser widi Internet access
■ Administrative privileges to run die Nmap tool

Lab D uration
Time: 20 Minutes

O verview o f N e tw o rk Scanning
Netw ork addresses are scanned to determine:
■ W hat services application nam es and versions diose hosts offer
■ W hat operating systems (and OS versions) diey run


T AS K 1

Intense Scan

The type o f pack et filters/firew alls that are in use and dozens o f odier
characteristics

Lab Tasks
Follow the wizard-driven installation steps and install N m ap (Zenmap) scanner
in die host machine (Window Server 2012).
1. Launch the Start menu by hovering die mouse cursor in the lower-left
corner o f the desktop

FIGURE 6.1: Windows Server 2012—Desktop view

C E H L ab M an u al P ag e 123

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

2. Click the Nmap-Zenmap GUI app to open the Zenm ap window
S t3 ft

l__ Zenmap file installs
the following files:

■ Nmap Core Files

Administrator

Server
Manager

Windows
PowrShell

Sfe

m
Control
Panel

■ Nmap Path

o

■ WinPcap 4.1.1
■ N etw ork Interface
Im port

e

Manager

*

‫וי‬

H y p *V
Virtual
Machine..

Command
Prompt

F rtfo *

©
Me^sPing

HTTPort
iS W M

■ Neat (Modem Netcat)
CWto*

■ Ndiff

Nmap Zenmap

w
*‫ח‬

■ Zenm ap (GUI frontend)

Google

K

U

1

FIGURE 6.2 Windows Server 2012 - Apps

3. The Nmap - Zenmap GUI window appears.

! Nmap Syntax: nmap
[Scan Type(s)] [Options]
{target specification}

FIGURE 6.3: The Zenmap main window
/ In port scan
techniques, only one
method may be used at a
time, except that UDP scan
(‫־‬sU) and any one of the
SCI1P scan types (‫־‬sY, -sZ)
may be combined with any
one of the TCP scan types.

4. Enter the virtual machine Windows Server 2008 IP ad d ress (10.0.0.4)
t !1e j a rge t: text field. You are performing a network inventory for
r

o

J

th e v ir tu a l I11acllil1e.
5.

111 this lab, die IP address would be 10.0.0.4; it will be different from
your lab environment

6. 111 the Profile: text field, select, from the drop-down list, the type of

profile you want to scan. 111 diis lab, select Intense Scan.

C E H L ab M an u al P ag e 124

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited

Module 03 - Scanning Networks

7. Click Scan to start scantling the virtual machine.
‫׳‬- ‫ ׳‬°r x

Zenmap
Scan

Iools

Profile

Help

Target: 110.0.0.4|
C om m and:

Intense scan

nm a p -T4 -A - v 10.0.0.4

Host!

While Nmap attempts
to produce accurate results,
keep in mind that all of its
insights are based on
packets returned by the
target machines or the
firewalls in front of them.

Profile:

Services
icc>

|

Nmap Output Ports f Hosts | Topology | Host Details | Scans

OS < Host

FIGURE 6.4: The Zenmap main window with Target and Profile entered
! S " The six port states
recognized by Nmap:
■ Open

8. N m ap scans the provided IP address with In ten se scan and displays
the scan resu lt below the Nmap Output tab.

■ Filtered
■ Unfiltered

^

Zenmap

■ Closed
Scan

Target:

I o o ls

E rofile

X

‫ן‬

H elp

10.0.0.4

C om m and:

‫ז ם י‬

‫׳י‬

Profile:

Intense scan

Scan:

nm a p -T4 -A - v 10.C.0.4

■ Open | Filtered
Nn ■ap Output [ports / Hosts | Topolog) | Host Details | Scans

■ Closed | Unfiltered
OS < Host
‫׳׳‬

nmap-T4 •A -v 10.00.4
S to r tin g

Nmap accepts
multiple host specifications
on the command line, and
they don't need to be of the
same type.

|

^

| Details

10.0.0.4
Nmap C . O l

(

h ttp ://n m s p .o r g

)

at

2012 0 8

NSE: Loaded 9 3 s c r i p t s f o r s c a n n in g .
MSE: S c r i p t P r e - s c a n n in g .
I n i t i a t i n g ARP P in g Scan a t 1 5 :3 5
S c a n n in g 1 0 . 0 . 0 . 4 [ 1 p o r t ]
C o m p le te d ARP P in e S can a t 1 5 : 3 5 , 0 . 1 7 s e la p s e d
h o s ts )
I n i t i a t i n g P a r a l l e l DNS r e s o l u t i o n o f 1 h o s t , a
C o m p le te d P a r a l l e l DNS r e s o l u t i o n o f 1 h o s t , a t
0 .5 0 s e la p s e d
I n i t i a t i n g SYN S t e a l t h S can a t 1 5 :3 5
S c a n n in g 1 0 . 0 . 0 . 4 [1 0 0 0 p o r t s ]
D is c o v e r e d o pe n p o r t 135!‫ ׳‬t c p on
D is c o v e r e d o pe n p o r t 1 3 9 / t c p on
D is c o v e r e d o pe n p o r t 4451‫ ׳‬t c p on
I n c r e a s in g se n d d e la y f o r 1 6 . 0 . 0 . 4 f r o « 0 t o ‫צ‬
o u t o f 179 d ro p p e d p ro b e s s in c e l a s t in c r e a s e .
D is c o v e r e d o pe n p o r t 4 9 1 5 2 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o p e n p o r t 4 9 1 5 4 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o pe n p o r t 4 9 1 5 3 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o pe n p o r t 4 9 1 5 6 / t c p o n 1 0 . 0 . 6 . 4
D is c o v e r e d o pe n p o r t 4 9 1 5 5 / t c p o n 1 0 . 0 . 0 . 4
D is c o v e r e d o pe n p o r t 5 3 5 7 / t c p on 1 0 . 6 . 0 . 4

24

(1 t o t a l
t 1 5 :3 5
1 5 :3 5 ,

1 6 .0 .0 .4
1 0 .0 .0 .4
1 6 .0 .0 .4
d ee t o 72

Filter Hosts

FIGURE 6.5: The Zenmap main window with the Nmap Output tab for Intense Scan

9. After the scan is com plete, N m ap shows die scanned results.

C E H L ab M an u al P ag e 125

E th ica l H a c k in g an d C o u n term easu res Copyright O by E C ‫־‬Counc11
All Rights Reserved. Reproduction is Strictly Prohibited