• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

William Bailey

Ethical Hacking

MIS 5211.701 ■ Fall 2020 ■ William Bailey
  • Home
  • INSTRUCTOR
  • SYLLABUS
  • Gradebook

Week 04 – Scanning

September 20, 2019 by William Bailey 7 Comments

This week we talked about initial scans using NMAP and NESSUS.  We also talked about using TCPDUMP as a packet sniffer.  As you work through your virtual environment this week, choose one (or more) of the following questions:

  1. What issue(s) are you encountering with NMAP, NESSUS, or other scanning tools?
  2. Did you discover any “interesting” traffic with TCPDUMP?
  3. How does practicing with a vulnerable device, such as the “MetaSploitable” help you learn more about vulnerability scanning and penetration testing?

 

Filed Under: Week 04: Vulnerability Scanning Tagged With:

Reader Interactions

Comments

  1. Anthony Wong says

    September 25, 2020 at 11:41 pm

    1. While using NMAP, I was able to find my computer IP address and hostname within the network. However, when I tried to modify my query to identify the operating system, I was receiving an error stating “No targets were specified”. It was pretty neat, I was able to identify my iPhone, Apple watch, and friends’ phones. I was able to download NESSUS, however, I had issues when it came to the installation. The plugins were downloaded, but I ran into an infinite compiling loop. The progress bar would move to about 25% and then reset itself to zero. I will keep on trying this, but so far no luck.

    Log in to Reply
    • Kelly Sharadin says

      September 27, 2020 at 12:26 pm

      Hi Anthony,

      Curious what syntax you used that recieved an error when attempting to identify the operating system. Have you tried nmap -sS is a syn scan also known as a half
      or nmap -sT is a full connect because it establishes a TCP connection to assist with banner grabbing?

      Log in to Reply
      • Anthony Wong says

        September 28, 2020 at 12:26 pm

        Hi Kelly,

        I ran these two commands “nmap -sT 192.168.1.0/24” and “nmap -sS 192.168.1.0/24”. The first command I was able to identify the devices connected to my router with the associated IP’s. The second command was similar, however, I was able to view the open/closed/filter ports per IP.

        Log in to Reply
  2. Zhuofu Wang says

    September 26, 2020 at 8:44 am

    3. By using the Nmap command ‘–script vuln target_IP’ to scan the practice target machine, we may get the results that contain what this machine vulnerable to. Then we can use the Metasploit command ‘exploit/windows/smb/vulnerability_name’ to find if there have any exploitation code that can be used against the target machine. Before we run the exploitation code, we can use the Metasploit command ‘show’ to check the settings of it, and use some commands to edit, such as ‘RHOSTS’.

    Log in to Reply
  3. Nicholas Fabrizio says

    September 26, 2020 at 12:35 pm

    1. Over the course of the week I was using Nessus and attempting to run a scan on my home network. After getting Nessus installed in my virtual environment I attempted to run a basic scan, but was having difficulty getting the scan to find any hosts. After some time troubleshooting and changing the network configuration in VM, I figured out it was a firewall setting on my host os. Once I enabled the inbound firewall setting my Nessus scan began to identify different hosts on my home network. After the scan completed I used NMAP to see if I could get more information on some of the devices that listed a vulnerability in the Nessus report.

    Log in to Reply
  4. Kelly Sharadin says

    September 27, 2020 at 12:23 pm

    I decided to install nessus on my windows Flare VM. Initially, I could not launch a scan using the Firefox browser, giving me a disable API error to mitigate this error I switched to using IE which launched my discovery scan with no errors. To discover hosts I simply scanned the following IP range 192.168.0.0/24. It was eye-opening to see how many hosts appeared in this scan (approx. 16). I decided to run a scan on my host device, which I found a medium rating vulnerability – applied remediation and rescanned my host to verify my system reflected this fixed vulnerability. It’s a very clean interface but I think I prefer the way OpenVAS displays scanned report info just as my personal preference.

    Log in to Reply
    • Nicholas Fabrizio says

      September 27, 2020 at 9:16 pm

      Hi Kelly,

      When I ran a scan on my home network a few connected devices reported medium vulnerabilities as well and I spent some time looking into solutions to remediate the vulnerabilities. I was also surprised at the number of discovered hosts and forgot some were even connected anymore. Lastly, I agree the Nessus interface is clean and I will have to try out OpenVAS.

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (1)
  • Week 01: Overview (5)
  • Week 02: TCP/IP and Network Architecture (3)
  • Week 03: Virtualization (2)
  • Week 04: Vulnerability Scanning (2)
  • Week 05: System and User Enumeration (2)
  • Week 06: Metasploit (1)
  • Week 07: Social Engineering (2)
  • Week 08: Malware (2)
  • Week 09: Web Application Security (1)
  • Week 12: Wireless (2)
  • Week 14: Review of all topics (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in