H 410: Nmap (40 pts)

What You Need for This Project

A Windows Server virtual machine
A Linux virtual machine

Starting the Virtual Machines

As you did in the previous projects, start both the Linux and Windows virtual machines.

Testing Windows Networking

On your Windows Server desktop, at the lower left, click the magnifying glass icon. In the Search box, type CMD.

"Command Prompt" is found, as shown below.

Click "Command Prompt".

In the Command Prompt window, execute this command, as shown below.

ping google.com

You should see replies, as shown below. If you do not, perform the "Troubleshooting" steps in the box below.

Turning Off Windows Firewall

At the lower left of the Windows desktop, click the magnifying glass icon.

Type FIREWALL.

In the Search results, click "Windows Firewall", the second result in the image below.

In the Windows Firewall box, on the left side, click "Turn Windows Firewall on or off".

Check both of the boxes labelled "Turn off Windows Firewall (not recommended)", as shown below.

Click OK.

Enabling Remote Desktop

On your Windows Server desktop, click Start, "Server Manager".

In the left pane, click "Local Server".

In the right pane, in the "Remote Desktop" line, click the blue word Disabled.

In the System Properties box, click "Allow remote connections to this computer".

Click OK. Click OK.

In Server Manager, at the top right, click the circular icon with two curved arrows to refresh the view.

Remote Desktop is now Enabled, as shown below.

Testing Networking Between the Machines

On your Windows Server desktop, in the Command Prompt window, execute this command, as shown below.

ipconfig

Find your IP address, as shown below.

On your Linux machine, in the Terminal window, execute this command, as shown below, replacing the IP address with the IP address of your Windows Server machine.

ping 172.16.1.247

After a few seconds, press Ctrl+C to stop the pings.

You should see replies, as shown below. If you do not, perform the "Troubleshooting" steps in the box above. You should also make sure the Windows firewall is off, as explained in an earlier project.

Port-Scanning the Windows Server

On your Linux machine, in a Terminal window, execute these commands, replacing the IP address with the IP address of your Windows server:

sudo apt update sudo apt install nmap -y sudo nmap 192.168.100.4

Nmap scans the most common 1000 ports. It should find port 3389 open, as shown below. You may also have other ports open.

H 410.1: "SERVICE" name (15 pts)
Find the "SERVICE" name for port 3389, which is covered by a green box in the image above. That's the flag.

Important Nmap Options

Here is a list of all the Nmap options:

https://svn.nmap.org/nmap/docs/nmap.usage.txt

These are the most important ones:

-A : Advanced: detect OS version and service names
-p : Scan specific ports
-sU : Scan UDP ports
-sV : Find version numbers
-p- : Scan all 65536 TCP ports
--min-rate=1000 -T4 : Scan rapidly
-sV --script=banner : Grab banners

Scanning Your Windows Server

Scan your Windows server with operating system detection, and then scan UDP port 53.

Your results should be similar to those shown below.

H 410.2: My packets (10 pts)
Find the TCP port on the ad.samsclass.info server that returns this banner: "My packets are your packets."
That port number is the flag.

H 410.3: Key to the Universe (15 pts)
Find the TCP port on the ad.samsclass.info server that returns this banner: "The key to the Universe."
That port number is the flag.

Moved to local server 3-21-19
Forms removed 7-9-19
Generalized to non-cloud servers and renumbered to H 410 6-8-2020
Minor format fix 8-1-2020
Minor edits 4-5-23