CEH Lab Manual - Donuts
CEH Lab ManualS c a n n i n gN e t w o r k sM o d u le 03
M o d u le 0 3 - S c a n n in g N e tw o rk sS c a n n in g a T a r g e t N e tw o rkS c a n n in g a n e tw o rk re fe rs to a s e t o f p ro c e d u re s fo r id e n tify in g h o s ts , p o /ts , a n ds e rv ic e s ru n n in g ina n e tw o rk .L a b S c e n a r ioI CONKEYValuableinformationsTest yourknowledgeHWeb exerciseQWorkbook reviewVulnerability scanning determines the possibility of network security attacks. Itevaluates the organization’s systems and network for vulnerabilities such as missingpatches, unnecessary services, weak authentication, and weak encryption.Vulnerability scanning is a critical component of any penetration testing assignment.You need to conduct penetration testing and list die direats and vulnerabilitiesfound in an organization’s network and perform port s c a n n in g , n e tw o rk s c a n n in g ,and v u ln e ra b ility s c a n n in g ro identify IP/hostname, live hosts, and vulnerabilities.L a b O b j e c t iv e sThe objective of diis lab is to help students in conducting network scanning,analyzing die network vulnerabilities, and maintaining a secure network.You need to perform a network scan to: Check live systems and open ports Perform banner grabbing and OS fingerprinting Identify network vulnerabilities Draw network diagrams of vulnerable hostsZZ7 T o o lsL a b E n v ir o n m e n td e m o n stra te d int h is la b a r ea v a ila b le inD:\CEHT o o ls\ C E H v 8M o du le 0 3S c a n n in gN e tw o rk s111die lab, you need: A computer running with W in d o w s S e r v e r 2 0 1 2 , W in d o w sW in d o w s 8 or W in d o w s 7 with Internet accessS e rv e r 2008. A web browser Admiiiistrative privileges to run tools and perform scansL a b D u r a t io nTime: 50 MinutesO v e r v ie w o f S c a n n in g N e t w o r k sBuilding on what we learned from our information gadiering and threat modeling,we can now begin to actively query our victims for vulnerabilities diat may lead to acompromise. We have narrowed down our attack surface considerably since we firstbegan die penetration test with everydiing potentially in scope.C E H Lab M anual Page S5E th ic a l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk sNote that not all vulnerabilities will result in a system compromise. When searchingfor known vulnerabilities you will find more issues that disclose sensitiveinformation or cause a denial of service condition than vulnerabilities that lead toremote code execution. These may still turn out to be very interesting on apenetration test. 111 fact even a seemingly harmless misconfiguration can be thenuiiing point in a penetration test that gives up the keys to the kingdom.For example, consider FTP anonymous read access. This is a fairly normal setting.Though FTP is an insecure protocol and we should generally steer our clientstowards using more secure options like SFTP, using FTP with anonymous readaccess does not by itself lead to a compromise. If you encounter an FTP server thatallows anonymous read access, but read access is restricted to an FTP directory thatdoes not contain any files that would be interesting to an attacker, then die riskassociated with the anonymous read option is minimal. On die other hand, if youare able to read the entire file system using die anonymous FTP account, or possiblyeven worse, someone lias mistakenly left die customer's trade secrets in die FTPdirectory that is readable to die anonymous user; this configuration is a critical issue.Vulnerability scanners do have their uses in a penetration test, and it is certainlyuseful to know your way around a few of diem. As we will see in diis module, usinga vulnerability scanner can help a penetration tester quickly gain a good deal ofpotentially interesting information about an environment.111 diis module we will look at several forms of vulnerability assessment. We willstudy some commonly used scanning tools.Lab T asksTASK1OverviewPick an organization diat you feel is worthy of your attention. This could be aneducational institution, a commercial company, or perhaps a nonprofit charity.Recommended labs to assist you in scanning networks: Scanning System and Network Resources Using A d v a n c e dIP S c a n n e r Banner Grabbing to Determine a Remote Target System UsingID S e r v e Fingerprint Open Ports for Running Applications Using the A m a p Tool Monitor TCP/IP Connections Using die C u r r P o r t s Scan a Network for Vulnerabilities Using G F IL / Ensureyouhavereadyacopyof theadditional readings handedout for this lab.L an G u ard 2 0 1 2 Explore and Audit a Network Using N m ap Scanning a Network Using dieN e t S c a n T o o ls Pro Drawing Network Diagrams UsingC E H Lab M anual Page 86ToolLA N S u rv ey o r Mapping a Network Using theF r ie n d ly P in g e r Scanning a Network Using dieN essu sTool Auditing Scanning by Using G lo b a lN e tw o rk In v e n to ry Anonymous Browsing Using P r o x yS w it c h e rE th ic a l H ackin g and Counterm easures Copyright by EC-CouncilAB Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk s Daisy Chaining Using P r o x yW o rk b e n c h HTTP Tunneling Using H T T P o r t Basic Network Troubleshooting Using theM e g a P in g Detect, Delete and Block Google Cookies Using G -Z a p p e r Scanning the Network Using theC o la s o f t P a c k e t B u ild e r Scanning Devices in a Network Using T h eDudeL a b A n a ly s isAnalyze and document die results related to die lab exercise. Give your opinion onyour target’s security posture and exposure duough public and free information.P LEA S E T A LK TO YO U R IN S T R U C T O R IF YOU H A V E Q U ES T IO N SR E L A T E D TO TH IS LAB.C E H Lab M anual Page 87E th ic a l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk sS c a n n in g S y s te m a n d N e tw o rkR e s o u r c e s U s in g A d v a n c e d IPS cannerI CONKEY/ ־ Valuableinformation Test yourknowledgeSWeb exerciseC QWorkbook review-A d v a n c e d IPS c a n n e r is a fr e e n e tir o r k s c a n n e r th a t g iv e s y o n v a rio u s ty p e s o fin fo rm a tio n re g a rd in g lo c a l n e tir o r k c o m p u te rs .L a b S c e n a r iothis day and age, where attackers are able to wait for a single chance to attack anorganization to disable it, it becomes very important to perform vulnerabilityscanning to find the flaws and vulnerabilities in a network and patch them before anattacker intrudes into the network. The goal of running a vulnerability scanner is toidentify devices on your network that are open to known vulnerabilities.111L a b O b j e c t iv e sl— JT o o lsd e m o n stra te d int h is la b a r eThe objective of this lab is to help students perform a local network scan anddiscover all the resources 011 die network.You need to: Perform a system and network scana v a ila b le inD:\CEH- Enumerate user accountsT o o ls\ C E H v 8 Execute remote penetrationM o du le 0 3S c a n n in g Gather information about local network computersN e tw o rk sL a b E n v ir o n m e n tQ YoucanalsodownloadAdvancedIPScanner fromhttp:/1www.advanced-ipscanner.com.C E H Lab M anual Page 88111die lab, you need: Advanced IP Scanner located at Z:\\C EH v8M od ule 0 3 S c a n n in gN e tw o rk s\ S c a n n in g T o o ls A d v a n c e d IP S c a n n e r You can also download the latest version of A d v a n c e dfrom the link http://www.advanced-ip-scanner.comIP S c a n n e rE th ic a l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk s/ 7AdvancedIPScannerworks onWindows Server2003/ Server 2008andonWindows 7(32bit, 64bit). If you decide to download thein the lab might differ A computer running W in d o w s8la t e s t v e r s io n ,as die attacker (host machine) Another computer running W in d o w smachine) A web browser widi In te rn e tthen screenshots shownse rve r 2008as die victim (virtualaccess Double-click ip s c a n 2 0 .m s i and follow die wizard-driven installation stepsto install Advanced IP Scanner A d m in is tra tiv eprivileges to run diis toolL a b D u r a t io nTime: 20 MinutesO v e r v ie w o f N e t w o r k S c a n n in gNetwork scanning is performed to c o lle c t in fo rm a tio n about liv e s y s t e m s , openports, and n e tw o rk v u ln e ra b ilitie s. Gathered information is helpful in determiningt h r e a t s and v u ln e r a b ilitie s 111 a network and to know whether there are anysuspicious or u n a u th o rize d IP connections, which may enable data theft and causedamage to resources.Lab T asksST A S K11. Go to S ta r t by hovering die mouse cursor in die lower-left corner of diedesktopL a u n c h in gA d v a n c e d IPScann erFIGURE1.1:Windows8- Desktopview2. Click A d v a n c e d(Windows 8).C E H Lab M anual Page 89IP S c a n n e rfrom die S ta r t menu in die attacker machineE th ic a l H ackin g and Counterm easures Copyright O by E C ־ CoundlA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sAdmin S ta rtWinRARMozillaFirefoxCommandPromptit tNc mC om puterm WithAdvancedIPScanner, youcanscanhundreds ofIP addressessimultaneously.M icrosoftClipO rganizertSSportsFngagoPacketb uilder2*AdvancedIP ScannermC ontrolPanelM icrosoftO ffice 2010Upload.i i i l i l i financeFIGURE12. Windows8- Apps3. The A d v a n c e dIP S c a n n e rmain window appears.Youcanwake anymachineremotelywithAdvancedIP Scanner, iftheWake-on ־ LANfeatureis supportedbyyournetworkcard.FIGURE13: TheAdvancedIPScannermainwindow4. Now launch die Windows Server 2008 virtual machine (v ic tim ’sC E H Lab M anual Page 90m a c h in e ).E th ic a l H ackin g and Counterm easures Copyright O by E C ־ CoundlA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sL / Youhaveto guess arangeof IP address ofvictimmachine.iikOjf f lc k 10:09 FM JFIGURE1.4:ThevictimmachineWindowsserver2008a Radmin2.xand3.xIntegrationenableyoutoconnect (ifRadminisinstalled) to remotecomputers withjust onedick.5. Now, switch back to die attacker machine (Windows 8) and enter an IPaddress range in die S e le c t ra n g e field.6. Click die S c a n button to start die scan.The status of scanisshownat the bottomleftsideofthewindow.7.displays the s c a nC E H Lab M anual Page 91scans all die IP addresses within die range andr e s u lt s after completion.A d v a n c e d IP S c a n n e rE th ic a l H ackin g and Counterm easures Copyright O by E C ־ Counc11A ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sLists of onswithaspecificlist ofcomputers.Just savealistofmachines youneedandAdvancedIPScanner loadsit at startupautomatically.A d v a n c e d IP ScannerFileActionsJ Scar'ViewHeipIP c d id 3? f i l :JlLike us on 1 Facebookr k 3 r f t o10.0.0.1-10.0.0.10R esits Favorites rStatusw0 ט * &15 m Group Operations:AnyfeatureofAdvancedIP Scanner can beusedwithanynumber ofselectedcomputers. Forexample, youcanremotelyshut downacompletecomputer R5H19E410.0.0310.0.0510.0.0710.0.a2MAC addressNlctgear, Inc.00:09:5B:AE:24CCDell IncMicrosoft CorporationDO:67:ES:1A:16:3600: 5:5D: A8:6E:C6M icrosoft CorporationDell Inc00:15:5D:A8:&E:03D4:3E.-D9: C3:CE:2D15a iv*, 0 d«J0, S erscanning8. You can see in die above figure diat Advanced IP Scanner lias detecteddie victim machine’s IP address and displays die status as aliveMT A S K2Extract Victim’sIP Address Info9. Right-click any of die detected IP addresses. It will list Wake-On-LAN. Shutdown, and Abort Shut d o w n5 ־ F ieA d v a n c e d IP ScannerA ctionsScanSettingsViewHeloIIip cu u*WiLike us onFacebook*sS:10.0.0.1-10.0.0.10ResutsFavorites WIN ־ D39MR5HL 10.0.011—t* p ׳ oreCopyAdd to ‘Favorites'!nMAC addressto ru fa c tu re rNetgear. In c00:09:5B:AE:24CCD0t67:E5j1A:16«36M icrosoft CorporationM icrosoft Corporation 0:15 : צ U: A8:ofc:Ot 00:15:SD:A8:6E:03Dell IncCW:BE:D9:C3:CE:2DRescan selectedSive selected.Wdke ־ O n ־ LANShut dcwn.Abort shut dcwnWake-on-LAN: YoucanwakeanymachineremotelywithAdvancedIPScanner, ifWake-on-LANfeatureis supportedbyyour networkcard.Radrnira5 alive. 0 dead, 5 hAliveHost list10. The list displays properties of the detected computer, such as IPaddress. N a m e , M A C , and N e t B I O S information.11. You can forcefully Shutdown, Reboot, and Abort S h u t d o w n dieselected victim machine/IP addressC E H Lab M anual Page 92E th ic a l H ackin g and Counterm easures Copyright O by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk s ״ m s i *&S h u td o w n o p tio n sFileActionsSettingsViewHelprScanWinfingerprint InputOptions: IPRange (NetmaskandInvertedNetmasksupported) IPListSmgleHost NeighborhoodJ!] . ]Use Vtindcms authentifcationLike us onFacebookJser narre:39essM ord:11 0.0.0.1-100.0.10rn e o c t (sec): [60Results Favorites Message:Status a» ajre rNameMAC address00;C9;5B:AE:24;CC1a0.0.1WIN-MSSELCK4K41W IND O W ��It ion00:15:3C:A0:6C:06It ion00:13:3D:A8:6E:03D4:BE:D9:C3:CE:2DForced shjtdo/vnf " ReoootS alive, Odcad, 5 rtieswindow12. Now you have diemachine.IP address. Nam e,and other13. You can also try Angry IP scanner located atdetailsof die victimD:\CEH-Tools\CEHv8Module 03 Scanning Networks\Ping Sweep Tools\Angry IP ScannerItalso scans the network for machines and ports.L a b A n a ly s isDocument all die IP addresses, open ports and dieir running applications, andprotocols discovered during die lab.Tool/U tilityInformation Collected/Objectives AchievedScan Information:Advanced IPScannerC E H Lab M anual Page 93 IP addressSystem nameMAC addressNetBIOS informationManufacturerSystem statusE th ic a l H ackin g and Counterm easures Copyright O by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sP L E A S E T A LK TO YO UR IN S T R U C T O R IF YOU H A V E Q U ES T IO N SR E L A T E D TO TH IS LAB.Q u e s t io n s1. Examine and evaluate the IP addresses and range of IP addresses.Internet Connection Required Yes0 NoPlatform Supported0 ClassroomC E H Lab M anual Page 940 iLabsEth ica l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sB a n n e r G ra b b in g t o D e te r m in e aR e m o t e T a r g e t S y s t e m u s i n g IDS e rv eID SS e rv e is u s e d to id e n tify th e m a k e , ///o d e /, a n d v e rs io n o f a n y w e b s ite 's s e rv e rs o fh v a re .I CONKEYValuableinformationy*Test yourknowledgeWeb exerciseOWorkbook reviewL a b S c e n a r io111 die previous lab, you learned to use Advanced IP Scanner. This tool can also beused by an attacker to detect vulnerabilities such as buffer overflow, integer flow,SQL injection, and web application on a network. If these vulnerabilities are notfixed immediately, attackers can easily exploit them and crack into die network andcause server damage.Therefore, it is extremely important for penetration testers to be familiar widibanner grabbing techniques to monitor servers to ensure compliance andappropriate security updates. Using this technique you can also locate rogue serversor determine die role of servers within a network. 111 diis lab, you will learn diebanner grabbing technique to determine a remote target system using ID Serve.L a b O b j e c t iv e sThe objective of diis lab is to help students learn to banner grabbing die website anddiscover applications running 011 diis website.111OT o o lsd e m o n stra te d indiis lab you will learn to: Identify die domain IP address Identify die domain informationt h is la b a r ea v a ila b le inD:\CEHT o o ls\ C E H v 8M o du le 0 3S c a n n in gN e tw o rk sC E H Lab M anual Page 95L a b E n v ir o n m e n tTo perform die lab you need: ID Server is located at D :\ C E H -T o o ls \ C E H v 8M o d u le 0 3 S c a n n in gN e t w o r k s \ B a n n e r G ra b b in g T o o ls \ ID S e r v eE th ic a l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk s You can also download the latest version of IDhttp: / / www.grc.com/id/idserve.htmS e rv e then screenshots shownIf you decide to download thein the lab might differ Double-click id s e r v e to runla t e s t v e r s io n ,ID S e r v e Administrative privileges to run die ID Run this tool on W in d o w sfrom the linkS e rv etoolS erv er 2012L a b D u r a t io nTime: 5 MinutesO v e r v ie w o f ID S e r v eID Serve can connect to any s e r v e r po rt on any d o m a in or IP address, then pulland display die server's greeting message, if any, often identifying die server's make,model, and v e r s io n , whether it's for F T P , SMTP, POP, NEW’S, or anything else.Lab T asksTASK1Id en tify w e b s it es e r v e r in fo rm atio n1. Double-click id s e r v e located at D :\C E H -T o o ls\C E H v 8M o d u le 0 3 S c a n n in gN e tw o rk s\ B a n n e r G ra b b in g T o o ls\ID S e r v e2. 111 die main window of IDS e v e r Q u e ry tab0S erv eshow in die following figure, select dieID ServeID ServeBackgroundriEnter01r! ׳ - r oInternetServer IdentificationUtility,vl .02Personal SecurityFreewarebySteveGibsonCopyright (c) 2003 by Gibson Research CorpServer Query Q&A/Helpcopy / paste an Internet server URL 0 * IP address here (example www rmcrosoft com)Queiy The Server When an Internet URL or IP has been provided abovepress this button to rwtiate a query of the speahed serverServerIf anIPaddressisenteredinsteadof aURL,IDServewill attempt todetermine thedomainname associatedwiththeIP 4CopyThe server identified se* asgoto ID Serve web pageE*itFIGURE21: MainwindowofIDServe3. Enter die IP address 01 ־ URL address in E n t e r o r C o p y /p a stea n In te rn a ls e r v e r U R L o r IP a d d r e s s h e re :C E H Lab M anual Page 96E th ic a l H ackin g and Counterm easures Copyright O by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sr ID ServeID ServeBackgroundEntei or copyInternet Server IdentificationUtility, vl .02Personal SecurityFreeware bySteve GibsonCopyright(c) 2003byGibsonResearchCorp.Server Query I Q&A/tjelpI paste an Internet serve* URL or IP adtfress here (examplewww microsoft com) [www certifiedhacker com[IDServecanacceptthe URLor IP as acommand-lineparameterW h e n an Internet URL 0* IP has been piovided above,piess this button to initiate a query 01 the s p e c fo d serverQuery T h e S w v e i(%Server query processingThe server identified itse l asG oto ID S eive web pageCopyEjjitFIGURE22 EnteringdieURLforquery4. Click Query The Server; it shows server query processed informationID ServeID ServeBackground, ־ m x ׳ InternetServer IdentificationUtility, vl .02Personal SecurityFreeware bySteve GibsonCopyright(c) 2003byGibsonResearchCofpServer Query Q&A/HelpEnter or copy / paste an Internet seivef URL or IP address here (example www m»c10s0ft com) T www.certifiedhacker.com Q IDServecanalsoconnect withnon-webservers toreceiveandreport that server'sgreetingmessage. Thisgenerallyreveals the server's make,model, version, andotherpotentiallyusefulinformation.r2 [W h e n an Internet URL 0* IP has been piovided above,press this button to initiate a queiy of the speafied serverQuery The Server(3Seiver query processingaM ic r o s o f t - I I S / 6 . 0InitiatingserverqueryLookingupIPaddressfordomain wwwcertifiedhackercomTheIPaddressforthedomainis : 80Connected] Requestingtheserver's defaultpageThe server identrfied itse l asCopyGoto ID Serve web pageExitFIGURE23: ServerprocessedinformationL a b A n a ly s isDocument all die IP addresses, dieir running applications, and die protocols youdiscovered during die lab.C E H Lab M anual Page 97E th ic a l H ackin g and Counterm easures Copyright O by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sTool/U tilityInformation Collected/Objectives AchievedIP address: 202.75.54.101Server Connection: Standard HT1P port: 80Response headers returned from server:ID Serve H TTP/1.1 200Server: Microsoft-IIS/6.0X-Powered-By: PHP/4.4.8Transfer-Encoding: chunkedContent-Type: text/htmlPLEA SE T A LK TO YOUR IN S T R U C T O R IF YOU H AV ER E L A T E D TO TH IS LAB.QUESTIONSQ u e s t io n s1. Examine what protocols ID Serve apprehends.2. Check if ID Serve supports https (SSL) connections.Internet Connection Required Yes0 NoPlatform Supported0 ClassroomC E H Lab M anual Page 980 iLabsEth ica l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk sF in g e rp r in tin g O p e n P o r ts U s in g t h eA m ap Tool.- b n a p d e te rm in e s a p p lic a tio n s ru n n in g o n e a c h o p e n p o r t.I CON KEY2 ValuableinformationTest vourknowledgegWeb exerciseQWorkbook reviewL a b S c e n a r ioComputers communicate with each other by knowing die IP address in use andports check which program to use when data is received. A complete data transferalways contains the IP address plus the port number required. 111 the previous labwe found out that die server connection is using a Standard HTTP port 80. If anattacker finds diis information, he or she will be able to use die open ports forattacking die machine.111 this lab, you will learn to use the Amap tool to perform port scanning and knowexacdy what a p p lic a t io n s are running on each port found open.L a b O b j e c t iv e sC 5 T o o lsd e m o n stra te d int h is la b a r ea v a ila b le inD:\CEHT o o ls\ C E H v 8M o du le 0 3The objective of diis lab is to help students learn to fingerprint open ports anddiscover applications 11 inning on diese open ports.hi diis lab, you will learn to: Identify die application protocols running on open ports 80 Detect application protocolsS c a n n in gN e tw o rk sL a b E n v ir o n m e n tTo perform die lab you need: Amap is located atD :\ C E H -T o o ls \ C E H v 8 M o d u le 0 3 S c a n n in gN e t w o r k s \ B a n n e r G ra b b in g T o o lsV A M A P You can also download the latest version of A M A P from the linkhttp: / / www.thc.org dic-amap. C E H Lab M anual Page 99If you decide to download thein the lab might differla t e s t v e r s io n ,then screenshots shownE th ic a l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk s A computer running Web Services enabled for port80 Administrative privileges to run die A m a p tool Run this tool on W in d o w sS e rv e r 2012L a b D u r a t io nTime: 5 MinutesO v e r v ie w o f F in g e r p r in t in gFingerprinting is used to discover die applications running on each open port found0 x1 die network. Fin g erp rin tin g is achieved by sending trig g e r p a c k e t s and lookingup die responses in a list of response strings.at T A S K1Id en tifyA p p lic a tio nLab T asks1. Open die command prompt and navigate to die Amap directory. 111 diis labdie Amap directory is located at D :\C E H -T o o ls\C E H v 8 M od ule 0 3 S c a n n in gN e tw o rk s\ B a n n e r G ra b b in g T o o ls\A M A PP ro to c o ls R u n n in gon P o rt 8 02. Type a m a pw w w .c e r t if ie d h a c k e r .c o m 8 0 ,and press E n te r.Administrator: Command Prompt33[D :\ C E H T o o ls \C E H u 8 M o d u le 03 S c a n n i n g N e t w o r k \ B a n n e r G r a b b i n g T o o l s \A M A P a n a p uw[u . c e r t i f i o d h a c h e r . c o m 80Anap 0 5 . 2 w w w . t h e . o r g / t h c - a n a p ) s t a r t e d a t 2 0 1 2 - 0 8 - 2 8 1 2 : 2 0 : 4 2 - MAPPING modoJn id en tifie d p o rts:2 0 2 . ? 5 . 5 4 .1 0 1 : 8 0 / t c p t o t a l 1 .M ap 0 5 .2 f i n i s h e d a t 2012-08-28 1 2 :2 0 :5 3D :\ C EH -T 0 0 1 s \C E H 08 M o d u le 03 S c a n n i n g N e t w o r k \ B a n n e r G r a b b i n g Tool s\AMAP Syntax: amap [-A ־ B -P -W] [-1buSRHUdqv][[-m] -o file ][-D file ] [ ־ t/ ־ T sec] [-ccons] [-Cretries][-pproto] [ ־ i file ] [targetport cke1.comwithPort SO3. You can see die specific a p p lic a tio n protocols running 011 die entered hostname and die port 80.4. Use die IPa d d re ssto check die applications running on a particular port.5. 111 die command prompt, type die IP address of your local Windows Server2008(virtual machine) a m a p 1 0 .0 .0 .4 75-81 (lo c a l W in d o w s S e r v e r 2 0 0 8 )and press E n t e r (die IP address will be different in your network). For Amapoptions,type amap-help.C E H Lab M anual Page 1006. Try scanning different websites using different ranges of switches like amapwww.certifiedhacker.com 1-200E th ic a l H ackin g and Counterm easures Copyright O by E C ־ CoundlA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk s ד D :\ C E H -T o o ls \C E H u 8 Module 03 S c a n n i n g N e t w o r k \ B a n n e r G r a b b i n g Tools\AMAP amap I f. 0 . 0 . 4 75-81laroap v 5 . 2 w w w . t h c . o r g / t h c - a n a p ) s t a r t e d a t 2 0 1 2 - 0 8 - 2 8 1 2 : 2 7 : 5 1 - MAPPING modeCompiles on all UNIXbasedplatforms - evenMacOSX, CygwinonWindows, ARM-LinuxandPalmOSP r o t o c o l on 1 0 . 0 0 . 4 : 8 0 / t c p n a t c h e s h t t pP r o t o c o l on 1 0 . 0 0 . 4 : 8 0 / t c p n a t c h e s h t t p - a p a c h e - 2W arn in g : C ould n o t c o n n e c t u n r e a c h a b le t o 1 0 . 0 . 0 . 4 : 7 6 / t c p , d i s a b l i n gp o r t EUNKN W a rn in g : C ould n o t c o n n e c t u n r e a c h a b l e ) t o1 0 .0 .0 .4 :7 5 /tc p , d isab lin gp o r t EUNKH W arn in g : Could n o t c o n n e c t u n r e a c h a b l e toKH W arning:KN 1 0 .0 .0 .4 :7 7 /tc p , d isab lin gp o r t EUNCould n o t c o n n e c t ( u n r e a c h a b l e ) to 1 0 . 0 . 0 . 4 : 7 8 / t c p , d i s a b l i n gp o r t EUNW a rn in g : C ould n o t c o n n e c t u n r e a c h a b l e t o KN W arn in g : C ould n o t c o n n e c t u n r e a c h a b l e t oKN 1 0 .0 .0 .4 :7 9 /tc p , d isab lin gp o r t EUN1 0 . 0 . 0 . 4 : 8 1 / t c p , d i s a b l i n g p o r t EUNP r o t o c o l on 1 0 . 0 0 . 4 : 8 0 / t c p n a t c h e s h t t p - i i sP r o t o c o l on 1 0 . 0 0 . 4 : 8 0 / t c p n a t c h e s webminU n id e n tified p o rts : 1 0 .0 .0 .4 :7 5 /tc p 1 0 .0 .0 .4 :7 6 /tc p 1 0 .0 .0 .4 :7 7 /tc p 1 0 .0 .0 .4 :7 8 /kcp 1 0 .0 .0 .4 :7 9 / t c p 1 0 .0 .0 .4 :8 1 /tc p to t a l 6 .Linap v 5 . 2 f i n i s h e d a t 2 0 1 2 - 0 8 - 2 8 1 2 : 2 7 : 5 4b : \ C E H - T o o l s \ C E H v 8 Module 03 S c a n n i n g N e tw o r k N B a n n e r G r a b b i n g Tools\AMAP 3-81L a b A n a ly s isDocument all die IP addresses, open ports and dieir running applications, and dieprotocols you discovered during die lab.Tool/U tilityInformation Collected/Objectives AchievedIdentified open port: 80WebServers: 11ttp-apache2 ־ http-iis webminAmapC E H Lab M anual Page 101Unidentified ports: 10.0.0.4:75/tcp 10.0.0.4:76/tcp 10.0.0.4:77/tcp 10.0.0.4:78/tcp 10.0.0.4:79/tcp 10.0.0.4:81/tcpE th ic a l H ackin g and Counterm easures Copyright O by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited
M o d u le 0 3 - S c a n n in g N e tw o rk sP L E A S E T A LK TO YO UR IN S T R U C T O R IF YOU H A V E Q U ES T IO N SR E L A T E D TO TH IS LAB.Q u e s t io n s1. Execute the Amap command for a host name with a port number otherthan 80.2. Analyze how die Amap utility gets die applications running on differentmachines.3. Use various Amap options and analyze die results.Internet Connection Required0 Y es NoPlatform Supported0 ClassroomC E H Lab M anual Page 102 iLabsE th ic a l H ackin g and Counterm easures Copyright by EC-CouncilA ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 0 3 - S c a n n in g N e tw o rk sM o n ito r in g T C P /IP C o n n e c t i o n sU s in g t h e C u r r P o r ts T o o lC u n P o r ts is n e tw o rk m o n ito rin g s o fh ia re th a t d is p la y s th e lis t o f a ll c u r re n tlyo p e n e d T C P / IPI CON K E YValuableinformationTest yourknowledgewWeb exercisemWorkbook reviewa n d U D P p o r ts o n y o u r lo c a l c o m p u te r.L a b S c e n a r io111 the previous lab you learned how to check for open ports using the Amaptool. As an e t h ic a l h a c k e r and p e n e t r a t io n t e s t e r , you must be able to blocksuch attacks by using appropriate firewalls or disable unnecessary servicesrunning 011 the computer.You already know that the Internet uses a software protocol named T C P / IP toformat and transfer data. A11 attacker can monitor ongoing TCP connectionsand can have all the information in the IP and TCP headers and to the packetpayloads with which he or she can hijack the connection. As the attacker has alldie information 011 the network, he or she can create false packets in the TCPconnection.As aa d m in is tra to r., yo
CEH Lab Manual Page S5. Module 03 - Scanning Networks Note that not all vulnerabilities will result in a system compromise. When searching for known vulnerabilities you will find more issues that disclose sensitive information or cause
Connection Network: Dunkin' Donuts Connection Matrix: Dunkin' Donuts Strategy per Platform: Dunkin' Donuts Responding to complaints: Dunkin' Donuts Overall Social Media Strategy: Dunkin' Donuts Audience Analysis Scorecard Winner Revenue Suggestions for Starbucks Dunkin' Donuts Correction Example Suggestions for Dunkin' Donuts
Contain all hacking tools from the CEH v6 Lab Files DVD-ROMs resident on the hard drive in CEH tools folder at the Desktop (The lab files DVD-ROMs are available from CEH v6 courseware kit) Contain all Windows 2003 source files in c:\i386 Have PowerPoint, Word and Ex
The Franchisor is DUNKIN' DONUTS FRANCHISING LLC ("Dunkin' Donuts" "we" or "DD"). We develop, operate and franchise retail stores utilizing the Dunkin' Donuts system in single-brand stores. Our franchised stores sell Dunkin' Donuts coffee, donuts, bagels, muffins, compatible bakery products, sandwiches, and other beverages.
Duck Donuts Franchising Company, LLC offers franchises the right to operate a retail business offering fresh made to order donuts prepared on the premises and other authorized products under the trademark DUCK DONUTS. The total investment necessary to begin operation of a single Duck Donuts franchise is 353,350 - 573,000.
Dunkin' Donuts &Baskin Robbins Facade SP 11-40A cityofnovi.org Dunkin' Donuts &Baskin Robbins Facade SPll-40A Consideration of the request of Dunkin' Donuts and Falguni Raval for Preliminary Site Plan approval and a Section 9 Fa ;ade Waiver. The subject property is located at 39415 W
flavors include dulce de leche and chocolate. With the help of “The Dream” machine which produces up to 1200 mini donuts in an hour, the mini donuts are a favorite at events of all sizes. 1993 CUZIN’S DUZIN OPENS 2012 SWEET DREAMS MINI DONUTS LAUNCHES DONUTS FOR GROWN UPS CREATED 2013 TODD JONES EVOLVES TO THE DONUTOLOGIST ! 2015
9,760 Dunkin‟ Donuts stores in over 30 countries worldwide Products Fresh coffee and baked goods 52 varieties of donuts Over a dozen coffee beverages Specialty items around the world Finances and Long Term Goals 2010 Revenues: 577,100,000 7% increase from 2009 *Predominantly due to Dunkin‟ Donuts domestic sales Account for 71% of revenues
AngularJS is open-source and backed by Google. It has been around since 2010 and is being constantly developed and extended. Node.js was created in 2009, and has it development and maintenance sponsored by Joyent. Node.js uses Google’s opensource V8 JavaScript engine at its core.- 1.1 Why learn the full stack? So indeed, why learn the full stack
