Module 03 - Practical
Those are the steps that I took to complete the flag-hunting session, in the current module of the CEH v12 Practical Course.
Flag 1
Perform an ICMP ECHO ping sweep to discover live hosts on your network subnet. Find the number of live hosts in the subnet (10.10.1.2-23).
-sn: “No port scanning” and -PE for “Ping scan ECHO ICMP”
A: 6
Flag 2
Perform host discovery using Nmap and find the IP address of the machine hosting www.moviescope.com.
From here, you can see that the IP Address of the target is “10.10.1.19”
A: 10.10.1.19
Flag 3
Perform port and service discovery using MegaPing and name the service running on port 445 on the Windows Server 2022 machine.
A: Microsoft-DS
Or you can try by using Nmap port scanning
Flag 4
Perform port and service discovery using MegaPing and find the IP address of the machine with an open FTP port.
From previous scan to all servers
A: 10.10.1.11
Or you can try using Nmap
Flag 5
Perform port and service discovery using MegaPing and find the IP address of the machine with an open SSH port.
From previous scan to all the hosts
A: 10.10.1.9
Or you can use again Nmap, remember that SSH usually use the port 22.
Flag 6
Perform port and service discovery using NetScanTools Pro and identify the port used by the epmap service.
A: 135
Flag 7
Use sx tool to perform ARP scans, TCP scans and UDP scans to discover open ports in the Windows 11 machine. Enter the option that specifies the target port while performing a UDP scan.
In this case, you can search more details in “help” or search for the content in the labs.
A: -p
Flag 8
Use Nmap to perform a TCP connect/full open scan and find the port number used by the ldapssl service on the Windows Server 2022 machine.
A: 636
Flag 9
Use Nmap to perform a Null scan with the timing template set to Aggressive (-T4) and all advanced/aggressive options (-A) enabled. Find the version of the Apache service running on port 80 on the machine at 10.10.1.9
Or you can use script=”http-header” without the aggressive scan (-A) to save time
A: 2.4.52
Flag 10
Use the Hping3 tool to discover open ports and services running on the Windows Server 2022 machine. Enter the port number of the “systat” service running on the Windows Server 2022 machine.
A: 11
Flag 11
Use Nmap Scripting Engine (NSE) to perform OS discovery and find the OS on the machine at the IP address 10.10.1.22.
Script: --script smb-os-discovery.nse
A: Windows Server 2022
Flag 12
Use the Nmap tool to scan beyond the IDS/firewall of the target machine (Windows 11). Enter the Nmap option, which is used to split the IP packet into tiny fragment packets. Note: Turn on the Windows Firewall to perform this task.
Note: Packet fragmentation refers to the splitting of a probe packet into several smaller packets (fragments) while sending it to a network. When these packets reach a host, IDSs and firewalls behind the host generally queue all of them and process them one by one. However, since this method of processing involves greater CPU consumption as well as network resources, the configuration of most of IDSs makes it skip fragmented packets during port scans.
A: -f
Flag 13
In Windows Server 2019, use the Colasoft Packet Builder tool to create custom packets to scan the target host (Windows 11). Observe the “Decode Editor” section and find out the packet length value. Note: Turn on the Windows Defender Firewall to perform this task.
A: 64
Flag 14
Use the Hping3 tool to create custom UDP and TCP packets to evade the IDS/firewall of the target machine (Windows 11). Enter the option which performs TCP flooding. Note: Turn on the Windows Defender Firewall to perform this task.
A: --flood
Flag 15
Use the Metasploit to scan the target machine. While using Metasploit auxiliary module “auxiliary/scanner/smb/smb_version”, enter the specified range of remote hosts (RHOSTS).
They are asking about the range from the documentation, remember the task:
A: 10.10.1.5-23
Last updated
