Cis 4340 Windows Security Lab/Homework Name____________________________ Question & Answer Examples

1) Download a copy of Kali Linux from this site: https://www.kali.org/downloads/
*Grab the correct version for your computer and virtual machine
2) After you have setup your VM with the following parameters – 2 CPUs, 2048MB ram, 20GB HD, and let networking as the default, link the Kali ISO and start the VM.
3) Install the distribution if you like or you can run it as a live drive. (Hint—if you run it as a live drive you will need to hand write your results as the live version will not save results for you)
4) First—open the command line/terminal and type “which wget”

If you do not have a path to it, then do a sudo apt-get install wget.

5) Now type wget and type in this URL --- http://group1.cis4340.info
6) It will say downloading. Perform a cat on the downloaded file.
7) What IP address is written in the file?
50.87.150.160
8) Next—perform an NMap scan of the IP address and be sure to write down the command you used.
nmap -v 50.87.150.160
9) Once you have done thatrecord the results and write them here:
nmap -v 50.87.150.160
Starting Nmap 7.01 (https://nmap.org) at 2016-06-17 23:37 CDT

Initiating Ping Scan at 23:37

Scanning 50.87.150.160 [4 ports]

Completed Ping Scan at 23:37, 0.50s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 23:37
Completed Parallel DNS resolution of 1 host. at 23:37, 0.00s elapsed

Initiating SYN Stealth Scan at 23:37

Scanning 50-87-150-160.unifiedlayer.com (50.87.150.160) [1000 ports]
Discovered open port 443/tcp on 50.87.150.160
Discovered open port 25/tcp on 50.87.150.160
Discovered open port 995/tcp on 50.87.150.160
Discovered open port 80/tcp on 50.87.150.160
Discovered open port 3306/tcp on 50.87.150.160
Discovered open port 143/tcp on 50.87.150.160
Discovered open port 21/tcp on 50.87.150.160
Discovered open port 110/tcp on 50.87.150.160
Discovered open port 8080/tcp on 50.87.150.160
Discovered open port 587/tcp on 50.87.150.160
Discovered open port 993/tcp on 50.87.150.160
Discovered open port 26/tcp on 50.87.150.160
Discovered open port 465/tcp on 50.87.150.160
Discovered open port 2222/tcp on 50.87.150.160
Discovered open port 8443/tcp on 50.87.150.160

Completed SYN Stealth Scan at 23:38, 33.95s elapsed (1000 total ports)

Nmap scan report for 50-87-150-160.unifiedlayer.com (50.87.150.160)
Host is up (0.35s latency).

Not shown: 972 closed ports

PORT STATE SERVICE
21/tcp open ftp
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp open smtp
26/tcp open rsftp
53/tcp filtered domain
80/tcp open http

110/tcp open pop3

111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
179/tcp filtered bgp
443/tcp open https

445/tcp filtered microsoft-ds

465/tcp open smtps
514/tcp filtered shell
587/tcp open submission
593/tcp filtered http-rpc-epmap

993/tcp open imaps

995/tcp open pop3s
1080/tcp filtered socks
2049/tcp filtered nfs
2222/tcp open EtherNetIP-1
3306/tcp open mysql
6000/tcp filtered X11
8080/tcp open http-proxy
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 34.66 seconds

Raw packets sent: 1176 (51.720KB) | Rcvd: 1015 (40.656KB)
10) Tell NMap to scan that IP address for the OS of the machine you are connected to and record that OS here:
Nmap scan report for kali (192.168.43.130)
Host is up (0.000038s latency).
All 1000 scanned ports on kali (192.168.43.130) are closed

Too many fingerprints match this host to give specific OS details

Network Distance: 0 hops
NO specific OS detected
11)If this were a Windows computer, what port would we see opened?

Port 53 which is the default open port for DNS to work

12)Now type in nmap -v 50.87.150.160 25. Record that result.
13)Type in nmap -v 50.87.150.160 22. Record that result.
14)Write the results from 12 and 13 here:
12 RESULTS:
root@kali:~# nmap -v 50.87.150.160 25
Starting Nmap 7.01 ( https://nmap.org ) at 2016-06-17 23:53 CDT
setup_target: failed to determine route to 25 (0.0.0.25)

Initiating Ping Scan at 23:53

Scanning 50.87.150.160 [4 ports]

Completed Ping Scan at 23:53, 0.57s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 23:53
Completed Parallel DNS resolution of 1 host. at 23:53, 0.00s elapsed

Initiating SYN Stealth Scan at 23:53

Scanning 50-87-150-160.unifiedlayer.com (50.87.150.160) [1000 ports]
Discovered open port 80/tcp on 50.87.150.160
Discovered open port 110/tcp on 50.87.150.160
Discovered open port 995/tcp on 50.87.150.160
Discovered open port 587/tcp on 50.87.150.160
Discovered open port 993/tcp on 50.87.150.160
Discovered open port 143/tcp on 50.87.150.160
Discovered open port 3306/tcp on 50.87.150.160
Discovered open port 443/tcp on 50.87.150.160
Discovered open port 25/tcp on 50.87.150.160
Discovered open port 21/tcp on 50.87.150.160
Discovered open port 8080/tcp on 50.87.150.160
Discovered open port 8443/tcp on 50.87.150.160
Discovered open port 465/tcp on 50.87.150.160
Discovered open port 26/tcp on 50.87.150.160
Discovered open port 2222/tcp on 50.87.150.160

Completed SYN Stealth Scan at 23:53, 42.87s elapsed (1000 total ports)

Nmap scan report for 50-87-150-160.unifiedlayer.com (50.87.150.160)
Host is up (0.39s latency).
Not shown: 972 closed ports

PORT STATE SERVICE

21/tcp open ftp
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp open smtp
26/tcp open rsftp
53/tcp filtered domain
80/tcp open http

110/tcp open pop3

111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
179/tcp filtered bgp
443/tcp open https

445/tcp filtered microsoft-ds

465/tcp open smtps
514/tcp filtered shell
587/tcp open submission
593/tcp filtered http-rpc-epmap

993/tcp open imaps

995/tcp open pop3s
1080/tcp filtered socks
2049/tcp filtered nfs
2222/tcp open EtherNetIP-1
3306/tcp open mysql
6000/tcp filtered X11
8080/tcp open http-proxy
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 43.65 seconds

Raw packets sent: 1350 (59.376KB) | Rcvd: 1114 (44.608KB)
13 RESULTS:
root@kali:~# nmap -v 50.87.150.160 22
Starting Nmap 7.01 ( https://nmap.org ) at 2016-06-17 23:56 CDT
setup_target: failed to determine route to 22 (0.0.0.22)

Initiating Ping Scan at 23:56

Scanning 50.87.150.160 [4 ports]

Completed Ping Scan at 23:56, 0.13s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 23:56
Completed Parallel DNS resolution of 1 host. at 23:56, 0.00s elapsed

Initiating SYN Stealth Scan at 23:56

Scanning 50-87-150-160.unifiedlayer.com (50.87.150.160) [1000 ports]
Discovered open port 443/tcp on 50.87.150.160
Discovered open port 110/tcp on 50.87.150.160
Discovered open port 995/tcp on 50.87.150.160
Discovered open port 3306/tcp on 50.87.150.160
Discovered open port 80/tcp on 50.87.150.160
Discovered open port 587/tcp on 50.87.150.160
Discovered open port 8080/tcp on 50.87.150.160
Discovered open port 21/tcp on 50.87.150.160
Discovered open port 993/tcp on 50.87.150.160
Discovered open port 143/tcp on 50.87.150.160
Discovered open port 25/tcp on 50.87.150.160
Discovered open port 26/tcp on 50.87.150.160
Discovered open port 465/tcp on 50.87.150.160
Discovered open port 2222/tcp on 50.87.150.160
Discovered open port 8443/tcp on 50.87.150.160

Completed SYN Stealth Scan at 23:56, 30.12s elapsed (1000 total ports)

Nmap scan report for 50-87-150-160.unifiedlayer.com (50.87.150.160)
Host is up (0.34s latency).
Not shown: 972 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp open smtp
26/tcp open rsftp
53/tcp filtered domain
80/tcp open http
110/tcp open pop3
111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
179/tcp filtered bgp
443/tcp open https
445/tcp filtered microsoft-ds
465/tcp open smtps
514/tcp filtered shell
587/tcp open submission
593/tcp filtered http-rpc-epmap
993/tcp open imaps
995/tcp open pop3s
1080/tcp filtered socks
2049/tcp filtered nfs
2222/tcp open EtherNetIP-1
3306/tcp open mysql
6000/tcp filtered X11
8080/tcp open http-proxy
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 30.48 seconds

Raw packets sent: 1215 (53.428KB) | Rcvd: 1038 (41.572KB)
15) Finallyrun a Metasploit “Hunting for MSSQL” against the 50.87.150.160 IP address. You can find them on this URL: https://www.offensive-security.com/metasploit-unleashed/ with instructions on how to use them.