Page 1 - CPTE_Lab_Guide_Sample
P. 1

Official Student Lab Guide

                                                                                  Lab 4 – Detecting Live Systems


               Lab 4 – Detecting Live Systems - Scanning Techniques

               Lab Scenario
               As a consultant for MWHA, they have asked that you determine how the systems respond to different
               types of scans. They are expecting that you can find some systems but not gather that much information
               coming from an attack VM that is not in the domain. We need to validate and verify the responses.

               You will spend this entire lab using different scanning tools ranging from a simple ping to the more
               complicated hping3 tool. As a consultant, you cannot settle on one and only one scanner; you need
               other tools to validate what is found with the first tool. Proper scanning is very important.

               Lab Duration
               Time: 90 Minutes
               Lab Sections
                   •  Finding a Target Using Ping Utility
                   •  Finding a Target Using nslookup Tool
                   •  Scanning a Target Using nmap Tools
                   •  Scanning a Target Using Zenmap Tools
                   •  Scanning a Target Using hping3 Utility
                   •  Scanning with Evilscan
                   •  Make use of the telnet utility to perform banner grabbing
               Lab Resources
               This lab requires the use of the following:
                   •  Windows 10 as a host VM
                   •  Ghost as an Attack VM
                   •  Windows Server 2012
                   •  Windows Server 2016
          Report piracy if the fingerprint in this box is of poor resolution!
                   •  Metasploitable

               Lab Analysis
               Remember to take screenshots during the entire lab for recording. We usually only use screenshots
               where a simple note is not enough proof for the client. When scanning, some of the items need proof,
               and some do not. For example, the Time to live on a packet is normally ok to take notes along with
               packet size, but for the IP addresses and ports open, we will use the saved scan or a screenshot.

               We will want to analyze our data in order to perform additional enumeration or find potential
               weaknesses and vulnerabilities.

               Section 1 – Finding a target using Ping utility
                   1.  Open a console window to the Windows 10 VM
                   2.  Find the IP address for http://www.mile2hackworld.com
                          a.  Click the Command Prompt icon from the taskbar to open the command prompt
                              window



               Certified Penetration Testing Engineer – v06.3.1.4                                 P a g e  | 49
               ©Mile2 – All Rights Reserved
   1   2   3   4   5   6