Lab 2: Perform Port and Service Discovery

 

Lab 2: Perform Port and Service Discovery

Module 03: Scanning Networks

Lab 2: Perform Port and Service Discovery



Task 1: Perform Port and Service Discovery using MegaPing




D:\CEH-Tools\CEHv11 Module 03 Scanning Networks\Scanning Tools\MegaPing

megaping_setup.exe.

click IP scanner its on the top bar and its a magnifiying glass icon

set range from 10.10.10.5 - 10.10.10.20 

start

now click port scanner looks like a plug 

destination address list

put the windows server 2016 10.10.10.16

click add

select the server then press start

MegaPing lists the ports associated with Windows Server 2016

done




Lab Scenario

As a professional ethical hacker or a pen tester, the next step after discovering active hosts in the target network is to scan for open ports and services running on the target IP addresses in the target network. This discovery of open ports and services can be performed by using various port scanning tools and techniques.

Lab Objectives

  • Perform port and service discovery using MegaPing
  • Perform port and service discovery using NetScanTools Pro
  • Explore various network scanning techniques using Nmap
  • Explore various network scanning techniques using Hping3

Overview of Port and Service Discovery

Port scanning techniques are categorized according to the type of protocol used for communication within the network.

  • TCP Scanning
    • Open TCP scanning methods (TCP connect/full open scan)
    • Stealth TCP scanning methods (Half-open Scan, Inverse TCP Flag Scan, ACK flag probe scan, third party and spoofed TCP scanning methods)
  • UDP Scanning
  • SCTP Scanning
    • SCTP INIT Scanning
    • SCTP COOKIE/ECHO Scanning
  • SSDP and List Scanning
  • IPv6 Scanning

Task 1: Perform Port and Service Discovery using MegaPing

MegaPing is a toolkit that provides essential utilities for Information System specialists, system administrators, IT solution providers, and individuals. It is used to detect live hosts and open ports of the system in the network, and can scan your entire network and provide information such as open shared resources, open ports, services/drivers active on the computer, key registry entries, users and groups, trusted domains, printers, etc. You can also perform various network troubleshooting activities with the help of integrated network utilities such as DNS lookup name, DNS list hosts, Finger, host monitor, IP scanner, NetBIOS scanner, ping, port scanner, share scanner, traceroute, and Whois.

Here, we will use the MegaPing tool to scan for open ports and services running on the target range of IP addresses.

  1. In the Windows 10 machine, navigate to D:\CEH-Tools\CEHv11 Module 03 Scanning Networks\Scanning Tools\MegaPing and double-click megaping_setup.exe.

    If a User Account Control pop-up appears, click Yes.

  2. The MegaPing - InstallShield Wizard window appears; click Next and follow the wizard-driven installation steps to install MegaPing.

  3. After the completion of the installation, click on the Launch the program checkbox and click Finish.

    Screenshot

  4. The About MegaPing window appears; click the I Agree button.

    Screenshot

  5. The MegaPing (Unregistered) GUI appears displaying the System Info, as shown in the screenshot.

    Screenshot

  6. Select the IP Scanner option from the left pane. In the IP Scanner tab in the right-hand pane, enter the IP range in the From and To fields; in this lab, the IP range is 10.10.10.5 to 10.10.10.20; then, click Start.

    Screenshot

  7. MegaPing lists all IP addresses under the specified target range with their TTL value, Status (dead or alive), and statistics of the dead and alive hosts, as shown in the screenshot.

    Screenshot

  8. Select the Port Scanner option from the left-hand pane. In the Port Scanner tab in the right-hand pane, enter the IP address of the Windows Server 2016 (10.10.10.16) machine into the Destination Address List field and click Add.

    Screenshot

  9. Select the 10.10.10.16 checkbox and click the Start button to start listening to the traffic on 10.10.10.16.

    Screenshot

  10. MegaPing lists the ports associated with Windows Server 2016 (10.10.10.16), with detailed information on port number and type, service running on the port along with the description, and associated risk, as shown in the screenshot.

    Screenshot

  11. Similarly, you can perform port and service scanning on other target machines.

  12. This concludes the demonstration of discovering open ports and services running on the target IP address using MegaPing.

  13. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more