Scribd
Upload
5 views6 pages

Website_Penetration_Testing_Using_NMap_T

The document outlines an experiment on website penetration testing using the NMap tool in Kali Linux, detailing the required equipment and features of NMap. It provides a step-by-step guide for scanning networks, finding live hosts, open ports, and checking for vulnerabilities using various NMap commands. Additionally, it emphasizes the importance of ethical practices in penetration testing and the need for appropriate command usage.

Uploaded by

abelsamuel841
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views6 pages

Website_Penetration_Testing_Using_NMap_T

The document outlines an experiment on website penetration testing using the NMap tool in Kali Linux, detailing the required equipment and features of NMap. It provides a step-by-step guide for scanning networks, finding live hosts, open ports, and checking for vulnerabilities using various NMap commands. Additionally, it emphasizes the importance of ethical practices in penetration testing and the need for appropriate command usage.

Uploaded by

abelsamuel841
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Experiment : Website Penetration Testing Using “NMap” Tool in Kali Linux.

Required Equipment:

❖ Computer/Laptop.
❖ Internet Connection.
❖ Kali Linux Operating System.
❖ NMap Tool.
❖ Metasploitable Tool.

Features Included:

• Acclaimed: Nmap has won numerous awards, including “Information Security Product of the Year” by
Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles,
several movies, dozens of books, and one comic book series. Visit the press page for further details.
• Well Documented: Significant effort has been put into comprehensive and up-to-date man pages,
whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
• Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP
filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms
(both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the
documentation page.
• Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of
machines.
• Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD,
OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.

Experiment:

the whole experiment process described below with screenshots step by step……..

Step 1: Finding Live Hosts on My Network:

In this example, both of the machines are on a private 192.168.56.0 /24 network. The Kali machine has an IP
address of 192.168.56.101 and the Metasploitable machine to be scanned has an IP address of 192.168.56.102.
Let’s say though that the IP address information was unavailable. A quick nmap scan can help to determine what
is live on a particular network. This scan is known as a ‘Simple List’ scan hence the -sL arguments passed to the
nmap command.: nmap –sL 192.168.56.0/24

Step 2: Finding and Pinging All Live Hosts on My Network:


there are some tricks that nmap has available to try to find these machines. This next trick will tell nmap to
simply try to ping all the addresses in the 192.168.56.0/24 network. This time nmap returns some prospective
hosts for scanning! In this command, the -sn disables nmap’s default behavior of attempting to port scan a host
and simply has nmap try to ping the host. Using Comman: nmap –sn 192.168.56.0/24

Step 3: Find Open Ports on Hosts:


Let’s try letting nmap port scan these specific hosts and see what turns up. Command: # nmap 192.168.56.1,100-102
These ports all indicate some sort of listening service on this particular machine. Recalling from earlier, the
192.168.56.102 IP address is assigned to the metasploitable vulnerable machine hence why there are so many
open ports on this host.
Step 4: Finding Services Listening on Ports on Hosts:
This next scan is a service scan and is often used to try to determine what service may be listening on a
particular port on a machine.
Nmap will probe all of the open ports and attempt to banner grab information from the services running on
each port. Command Used: # nmap -sV 192.168.56.102

Step 5: Find Anonymous FTP Logins on Hosts:


Command Used: # nmap -sC 192.168.56.102 -p 21
Step 6: Check for Vulnerabilities on Hosts:
This paired with the earlier knowledge about VSftd having an old vulnerability should raise some concern
though. Let’s see if nmap has any scripts that attempt to check for the VSftpd vulnerability.
Command Used: # locate .nse | grep ftp

Notice that nmap has a NSE script already built for the VSftpd backdoor problem! Let’s try running this script
against this host and see what happens but first it may be important to know how to use the script.
Command Used: # nmap --script-help=ftp-vsftd-backdoor.nse

Reading through this description, it is clear that this script can be used to attempt to see if this particular
machine is vulnerable to ExploitDB issue identified earlier.
Let’s run the script and see what happens.
Command used: # nmap --script=ftp-vsftpd-backdoor.nse 192.168.56.102 -p 21
Nmap’s script returned some dangerous news. This machine is likely a good candidate for a serious
investigation. This doesn’t mean that the machine is compromised and being used for horrible/terrible things
but it should bring some concerns to the network/security teams.
Nmap has the ability to do a much more aggressive scan that will often yield much of the same information but
in one command instead of several. Let’s take a look at the output of an aggressive scan.
Command used: # nmap -A 192.168.56.102

Notice this time, with one command, nmap has returned a lot of the information it returned earlier about the
open ports, services, and configurations running on this particular machine. Much of this information can be
used to help determine how to protect this machine as well as to evaluate what software may be on a network.
This was just a short, short list of the many useful things that nmap can be used to find on a host or network
segment. It is strongly urged that individuals continue to experiment with nmap in a controlled manner on a
network that is owned by the individual
Commands Used In This Experiment:

▪ kali> nmap –sL 192.168.56.0/24


▪ kali> nmap –sn 192.168.56.0/24
▪ kali> nmap 192.168.56.1,100-102
▪ kali> nmap -sV 192.168.56.102
▪ kali> nmap -sC 192.168.56.102 -p 21
▪ kali> locate .nse | grep ftp
▪ kali> nmap --script-help=ftp-vsftd-backdoor.nse
▪ kali> nmap --script=ftp-vsftpd-backdoor.nse 192.168.56.102 -p 21
▪ kali> nmap -A 192.168.56.102

Website Used In This Experiment:

Http:// 192.168.56.102

Discussion:

► Internet Connection should be Okay.


► We should not practice by scanning other entities.
► Nmap commands should be appropriate and logical.
► We must need to use manual proxy to check vulnerability of websites or web applications.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy