CEH Lab Manual Scanning Networks Module 03‘Module 03 - Scanning Networks Scanning a Target Network Scanning a network: refers to a set of procedures for identifying hosts, ports, and services ramming in a network Vulnerability scanning determines the possibility of network secusity attacks. It evaluates the orginization’s systems and network for vulnerabilities stich as missing patches, unnecessary services, weak anthentication, and weak encryption ‘Vulnerability scanning is a cutical component of any penetzation testing assignment. ‘You need to conchct penetration testing and list the threats and vulnerabilities found in an oxganization’s network and perform port scanning, network scanning, and vulnerability scanning to identify IP /hostname, live hosts, and vulnerabilities. EWottecken’ Lab Objectives ‘The objective of this lab isto help smdents in conducting network scanning, analyzing the network vulnerabilities, and maintaining a secwe network, ‘You need to perfoum a network sean to: = Check live systems and open posts + Perform banner grabbing and OS fingespainting * Identify network vulnerabilities * Draw network diagrams of vulnerable hosts = Toots Lab Environment demonstrated in this lab are In the lab, you need: available in = A compnter nuning with Windows Server 2012, Windows Server 2008, DACEH- Windows 8 ot Windows 7 with Internet access Tools\CEHve Module 03 *® Aweb browser ‘Scanning = Administrative privileges to mn tools and perform scans Lab Duration Time: 50 Minntes Overview of Scanning Networks Balding on what we learned fiom one information gathering and thieat modeling, swe can now begin to actively query our victims for vulnerabilities that may lead to a compromise. We have nacrowed down ont attack sntfice considerably since we first ‘began the peneuation test with everything potentially in scope. CEH Lab Namal Page 6 ical Hacking snd Counirmc ars Copp © oj CCl ‘A Righs Revered Rapsodvcton i Suacty Probeed,= Task 4 ‘onl eng handed ‘ut fortis ab ‘Module 03 - Scanning Networks Note that not all vulnerabilities will result in a system compromise. When searching for known vulnerabilities yon will find more issues that disclose sensitive information or canse a denial of service condition than vulnerabilities that lead to remote code execution. These may still mm out to be very interesting on a penetration test. In fact even a seemingly harmless misconfiguration can be the ‘mming point in a penetration test that gives up the keys to the kingdom. For example, consider FTP anonymous read access. This is a fay noumal setting, ‘Though FTP is an insecure protocol and we should generally steer ont clients towards using moxe secre options like SFTP, using FIP with anonymous read access does not by itself lead to a compromise. If you encounter an FTP serves that allows anonymons tead access, but read access is restricted to an FTP ditectory that does not contain any files that would be interesting to an attacker, then the tisk associated with the anonymous read option is minimal, On the other hand, if you axe able to xead the entie fle system using the anonymous FTP accomnt, or possibly even worse, someone has mistakenly left the customer's tade secrets in the FIP disectory that is readable to the anonymons uses; this configuration is a critical issue. ‘Vulnerability scanners do have their uses in a penetration test, and it is certainly usefil to know your way around a few of them. As we will see in this module, using a vulnexability scanner can help a penetration tester quickly giin a good deal of ‘potentially interesting information about an environment. In this module we will look at several forms of vulnerability assessment. We will study some commonly used scanning tools Lab Tasks ick an organization that you feel is worthy of your attention. This could be an educational instimition, a commercial company, or perhaps a nonprofit charity. ‘Recommended labs to assist you in scanning networks: + Scanning System and Network Resources Using Advanced IP Scanner * Banner Grabbing to Detemmine a Remote Target System Using 1D Serve = Fingerprint Open Ports for Rrnning Applications Using the Amap Tool + Monitor TCP/IP Connections Using the GurrPorts Toot # Scana Network for Vulnerabilities Using GF! LanGuard 2012 + Explore and Andit a Network Using Nmap * Scanning a Network Using the NetScan Tools Pro * Drawing Network Diagrams Using LANSurveyor * Mapping a Network Using the Friendly Pinger * Scanning a Network Using the Nessus Tool + Anditing Scanning by Using Global Network Inventory * Anonymons Browsing Using Proxy Switcher “CEH Lab Nanal Page TEhical Hacking and Countermeasnoes Copragin © by BC Cosma ‘Al Rights Revered Repsodueon Sticty Pobibged