4.4 KiB
title, description, difficulty, duration, prerequisites, tags
| title | description | difficulty | duration | prerequisites | tags | ||||
|---|---|---|---|---|---|---|---|---|---|
| Lab 1: Basic Network Scanning | Learn the fundamentals of network scanning using Nmap and other reconnaissance tools | Beginner | 45 minutes | Basic understanding of networking concepts |
|
Objectives
By the end of this lab, you will be able to:
- Understand the basics of network scanning
- Use Nmap for port scanning and service detection
- Interpret scan results and identify potential security vulnerabilities
- Apply basic reconnaissance techniques in a controlled environment
Prerequisites
- Basic knowledge of IP addressing and networking
- Access to a virtual lab environment or isolated network
- Kali Linux or similar penetration testing distribution
Lab Environment Setup
-
Virtual Machine Setup
- Ensure you have Kali Linux running in a virtual machine
- Verify network connectivity to the target systems
- Confirm Nmap is installed:
nmap --version
-
Target Environment
- This lab uses intentionally vulnerable systems for educational purposes
- Never perform these techniques on systems you don't own or lack permission to test
Exercise 1: Basic Port Scanning
Step 1: Discover Live Hosts
First, let's discover what hosts are alive on the network:
nmap -sn 192.168.1.0/24
Questions:
- What does the
-snflag do? - How many hosts were discovered?
Step 2: Basic TCP Port Scan
Perform a basic TCP port scan on a target host:
nmap -sS 192.168.1.10
Questions:
- What does the
-sSflag specify? - Which ports are open on the target?
- What services are likely running on these ports?
Step 3: Service Detection
Now let's identify the services running on open ports:
nmap -sV 192.168.1.10
Questions:
- What additional information does
-sVprovide? - Are there any outdated services that might be vulnerable?
Exercise 2: Advanced Scanning Techniques
Step 1: OS Detection
Attempt to identify the operating system:
nmap -O 192.168.1.10
Questions:
- What operating system is the target running?
- How accurate is the detection?
Step 2: Script Scanning
Use Nmap scripts for vulnerability detection:
nmap --script vuln 192.168.1.10
Questions:
- What vulnerabilities were identified?
- Which scripts were executed?
Exercise 3: Stealth and Evasion
Step 1: Timing Templates
Experiment with different timing templates:
nmap -T1 192.168.1.10 # Paranoid
nmap -T3 192.168.1.10 # Normal (default)
nmap -T5 192.168.1.10 # Insane
Questions:
- How do the different timing templates affect scan speed?
- When might you use slower timing templates?
Step 2: Decoy Scanning
Use decoy hosts to mask your scan:
nmap -D RND:10 192.168.1.10
Questions:
- How does decoy scanning work?
- What are the limitations of this technique?
Analysis and Documentation
Scan Results Analysis
- Create a target inventory listing all discovered hosts and their open ports
- Identify potential attack vectors based on the services found
- Prioritize targets based on the services and potential vulnerabilities
Documentation Template
Create a brief report including:
- Network topology discovered
- List of active hosts
- Open ports and services per host
- Potential vulnerabilities identified
- Recommendations for further testing
Cleanup
- Document all scan results
- Save any interesting output files
- Clean up temporary files
- Shut down any test systems properly
Additional Challenges
- Research Challenge: Look up CVEs for any outdated services you discovered
- Automation Challenge: Write a bash script to automate the scanning process
- Stealth Challenge: Research additional evasion techniques and test them
Resources
Conclusion
This lab introduced you to the fundamentals of network scanning using Nmap. You learned how to discover hosts, identify open ports, detect services, and use advanced scanning techniques. These skills form the foundation of network reconnaissance in cybersecurity.
Remember: Always ensure you have proper authorization before scanning any network or system!