Lab Setup And Enumeration
Setup-
- Metasploitable2(Vulnerable machine for practices) download this from the web and run it in the virtual machine.
- Run on NAT network.
- Password and Username both are msfadmin.
NMAP-
- Nmap(Network mapper) an open-source utility for network discovery for checking open ports and their versions.
- We will use Kali as an attacker machine; the victim is metasploitable2.
- Zenmap is a graphical version of the Nmap.
- The -sn options will do ping scan(disable port scanning) will help to know which ip is open
- for scanning all the subnets we can use 0.0.0.0/24
- To check which operating system is running we have to use -O.
- To check what version a service uses, you can scan -sV. (If the version is old you can check for the vulnerabilities.)
- For changing the speed (-T1-T5) you can use -T5 for highest speed.(It is noisy means it generates more traffic and can be captured by the firewall and we can be blocked.)
- For doing scripting attacks you can use -sC.
- For getting extra information about scan and command you can use -v.
- Nmap default scans till 1000 port.
- For scanning ports you can use -p23(only 23rd port will be scanned) and for scanning all the ports(-P-).
- Majorly there are three states-
- open
- filtered (unable to decide if a port is open or close.)
- closed
-
- For scanning all the options at one time like script result version and others you can use -A (Aggressive.)
- For saving the output we can save with -o(output).
Zenmap-
- It is a graphical version of the Nmap.
- You can install it after seeing the tutorial on the website.
- We can scan with zenmap like the nmap it is just the graphical tool used by people who don't love the text-based tools.
- You can see the other scans also from the history.
- Other tags are the same as the nmap.
- All the features of Nmap is present in the zenmap.
Nikto-
- Used for the web application enumeration.
- It will find the hidden directories.
- For checking the help section do nikto -h.
The basic purpose is to scan for hidden things.