Network Port Scanning with Nmap
You are a penetration tester running port scans on a target server during the reconnaissance phase. Target Information: - IP Address: 192.168.2.2 - Organization: Medium-sized financial services company - Objective: Identify open ports, running services, and potential attack vectors Part 1: Construct the Nmap command that generated the provided scan output Part 2: Based on the scan results, identify potential attack vectors for further investigation
Nmap scan report for 192.168.2.2 Host is up (0.00079s latency). Not shown: 96 closed ports PORT STATE SERVICE VERSION 88/tcp open kerberos-sec? 139/tcp open netbios-ssn 389/tcp open ldap? 445/tcp open microsoft-ds? MAC Address: 08:00:27:81:81:DF (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Linux 2.4.X OS CPE: cpe:/o:linux:linux_kernel:2.4.21 OS details: Linux 2.4.21 Network Distance: 1 hop Nmap done: 1 IP address (1 host up) scanned in 26.80 seconds
Dein Befehl:
Wähle Flags aus...nmapNmap tool
-sVVersion detection
-p 1-1023Scan ports 1-1023
192.168.2.2Target IP
-PnSkip host discovery
-sUUDP scan
-OOS detection
--top-ports=100Top 100 ports
--top-ports=1000Top 1000 ports
-sLList scan
192.168.2.1-100IP range
ncNetcat tool
hpingHping tool
Null session enumeration
SMB ports 139 and 445 are open, allowing potential null session attacks to enumerate users, shares, and system information without authentication.
Weak SMB file permissions
Port 445 (microsoft-ds) suggests SMB file sharing may be enabled with potentially weak permissions, allowing unauthorized access to sensitive files.
Kerberos attacks
Port 88 (Kerberos) is open, indicating Active Directory environment. Potential for Kerberoasting, AS-REP roasting, or Golden Ticket attacks.
LDAP enumeration
Port 389 (LDAP) allows querying directory services for user accounts, group memberships, and organizational structure information.