Scribd
Upload
33 views

StudentForm ScanNetwork Enumeration

The document discusses scanning a target network to recognize services, filtering systems, operating systems, and TCP sequence predictability. It shows running hping3 commands against a target Windows 10 machine to determine open ports and services. Enumeration is then discussed as extracting user names, shares, and services from the target system for identifying vulnerabilities.

Uploaded by

22070049
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
33 views

StudentForm ScanNetwork Enumeration

The document discusses scanning a target network to recognize services, filtering systems, operating systems, and TCP sequence predictability. It shows running hping3 commands against a target Windows 10 machine to determine open ports and services. Enumeration is then discussed as extracting user names, shares, and services from the target system for identifying vulnerabilities.

Uploaded by

22070049
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

1.

Scanning a Target Network

Purpose:

 Recognize available UDP and TCP network services running on the targeted hosts.
 Recognize filtering systems between the user and the targeted hosts.
 Determine the operating systems (OSs) in use by assessing IP responses.
 Evaluate the target host's TCP sequence number predictability to determine sequence prediction attack and
TCP spoofing.

Requirements:

 Kali Linux (Attacker machine): connected to Internet (config DHCP and choose adapter in virtual box is
“bridged adapter”)
 Windows 10 (Target machine): connected to Internet (config DHCP and choose adapter in virtual box is
“bridged adapter”)

Results:
1 hping3 Results Notes
hping3 -c 3 192.168.1.7 PING 192.168.1.7 (eth0 192.168.1.7): NO FLAGS are If required permission -> type
set, 40 headers + 0 data bytes sudo hping3 -c 3 <Target IP
len=46 ip=192.168.1.7 ttl=128 DF id=12438 sport=0 address>
flags=RA seq=0 win=0 rtt=5.0 ms
len=46 ip=192.168.1.7 ttl=128 DF id=12439 sport=0
flags=RA seq=1 win=0 rtt=4.8 ms
len=46 ip=192.168.1.7 ttl=128 DF id=12440 sport=0
flags=RA seq=2 win=0 rtt=8.3 ms

--- 192.168.1.7 hping statistic ---


3 packets transmitted, 3 packets received, 0% packet
loss
round-trip min/avg/max = 4.8/6.0/8.3 ms
hping3 --scan 1-3000 -S 192.168.1.7 Scanning 192.168.1.7 (192.168.1.7), port 1-100
100 ports to scan, use -V to see all the replies
+----+-----------+---------+---+-----+-----+-----+
|port| serv name | flags |ttl| id | win | len |
+----+-----------+---------+---+-----+-----+-----+
All replies received. Done.
Not responding ports:

2. Enumeration

Enumeration is the process of extracting user names, machine names, network resources, shares, and
services from a system, and its conducted in an intranet environment.

In this phase, the attacker creates an active connection to the system and performs directed queries to gain
more information about the target. The gathered information is used to identify the vulnerabilities or weak points in
system security and tries to exploit in the System gaining phase.
Windows Firewall:

- Turn on Windows Firewall in Win10 virtual machine

- In Kali, type ping 172.16.1.4 -> we see that no reply from Win10

- Turn off Windows Firewall in Win10 virtual machine

- In Kali, type ping 172.16.1.4 again -> we see the reply from Win10

You might also like