Official Student Lab Guide

                                                                                  Lab 4 – Detecting Live Systems

                   6.  Use 2 terminal sessions for the scanning!
                          a.  Terminal 1: a spoofed scan of the server by the attacker:
                                 i.   hping3 -I ens32 -a <IP address of Windows 10 VM> -S
                                     <IP address of your 2016 Server> -p ++20







                          b.  Terminal 2: a continuous probe from the attacker to the Silent host to monitor the IP
                              IDENTIFICATION field:
                                 i.  hping3 -I ens32 -r -S <IP address of Windows 10 VM> -p
                                     2000
                          c.  Start both of these at the same time!






















          Report piracy if the fingerprint in this box is of poor resolution!
























               NOTE: Anything that is more than a +1 should indicate an open port.

                       Windows 10 is the Silent Host (zombie)

               Certified Penetration Testing Engineer – v06.3.1.4                                 P a g e  | 89
               ©Mile2 – All Rights Reserved