[Challenge 1:] Network Scanning & Service Enumeration
All of the scanning results appear in the rest of the challenges
Routing IP Addresses
Operating Systems and Hostnames
| IP Addresses | Operating System | Hostnames |
|---|---|---|
| 172.17.0.2 | Windows | FNB.com |
| 172.17.0.3 | Linux CentOS 6.4 | |
| 10.10.0.2 | Windows Server 2008 R2 | ENTERTAINMENT |
| 10.10.0.3 | Windows Server 2008 R2 | ECOMM |
| 172.19.19.2 | Windows 7 Ultimate | ACCOUNTS |
| 172.19.19.3 | Windows Server 2008 | LDAP AD |
| 172.19.19.4 | Windows | |
| 172.19.19.5 | Linux Ubuntu | |
| 172.19.19.6 | Windows Server 2012 | HRDEPT |
| 172.19.19.7 | Windows Vista | |
| 172.19.19.8 | Windows XP | OPERATIONS |
| 172.19.19.9 | Windows 8 |
PORTS OPEN
| IP ADDRESS | Ports (TCP and UDP) |
|---|---|
| 172.17.0.2 | 21, 80, 135, 139, 445, 3389, 49152, 49153, 49154, 49155, 49156, 49157, 137, 138, 192, 500, 1054, 1081, 1087, 4500, 5001, 5355, 7938, 16938, 17494, 28465, 29810, 44334, 45818, 48255 |
| 172.17.0.3 | 21, 22 , 23 , 23 , 1041, 1051 , 16086, 26872, 32815, 35777, 36206, 48761, 49163, 49192, 53006, 54711 |
| 10.10.0.2 | 21, 80, 135, 139, 445, 3389, 49152, 49153, 49154, 49155, 49156, 49157, 137, 138, 500, 1484, 2160, 2223, 4500, 5000, 5355, 6000, 17321, 19120, 19687, 20423, 21318, 21674, 22124, 38293 |
| 10.10.0.3 | 21, 80, 135, 139, 389, 445, 3306, 3389, 49152, 49153, 49154, 49155, 49156, 49157, 137, 138, 500, 689, 1024, 1346, 4500, 5355, 6970 11487, 16548, 17487, 17615, 18958, 32777, 49360 |
| 172.19.19.2 | 21, 80, 135, 445, 3389, 49152, 49153, 49154, 49155, 49156, 49157, 123, 137, 161, 500, 520, 1900, 2222, 4500, 5093, 5355, 6970, 17762, 17939, 21868, 22692, 26415, 39714, 39714, 41896, 49156 |
| 172.19.19.3 | 21, 53, 80, 88, 135, 139, 389, 445, 464, 593, 636, 3268, 3269, 3389, 5357, 49152, 49153, 49154, 49155, 49156, 49157, 53, 88, 123, 137, 138, 161, 389, 464, 500, 502, 3702, 4500, 5355, 6971, 16503, 17638, 17814, 19140, 31059, 36384, 36458, 44334, 47808, 54114 |
| 172.19.19.5 | 21, 80, 5353 |
| 172.19.19.6 | 21, 80, 135, 139, 445, 3306, 49152, 49153, 49154, 49155, 49157, 128, 137, 138, 161, 500, 626, 1027, 1200, 4500, 5355, 6346, 17673, 20465, 34855, 47765, 49178, 49200, 54114 |
| 172.19.19.8 | 21, 135, 139, 445, 3389, 123, 137, 138, 500, 1025, 1026, 4500 |
| 172.19.19.9 | 21, 80, 135, 139, 445, 3306, 3389, 49152, 49153, 49154, 49155, 49156, 49157, 49158, 123, 137, 161, 500, 772, 1039, 1900, 3389, 4500, 5355, 17146, 18449, 20449, 25931, 32775, 45247, 49176, 49180, 53571 |
Services Running
| IP Address | Services Running |
|---|---|
| 172.17.0.2 | ftp, http, msrpc, netbio-ssn, microsoft-ds, ms-wbt-server, netbio-ns, netbios-dgm, osu-nms, isakmp, brvread, pvuniwien, cplscramber-in, nat-t-ike, complex-link, llmnr |
| 172.17.0.3 | ftp, ssh, telnet, telnet, danf-ak2, optima-vnet |
| 10.10.0.2 | ftp, http, msrpc, netbios-ssn, microsoft-ds, ms-wbt-sever, netbios-ns, netbios-dgm, isakmp, confluent, apc-2160, rockwell-csp2, nat-t-ike, upnp, llmnr, X11, landesk-cba |
| 10.10.0.3 | ftp, http, msrpc, netbios-ds, mysql, ms-wbt-server, netbios-ns, netbios-dgm, isakmp, nmap, alta-ana-lm, nat-t-ike, llmnr, sometimes-rpc18 |
| 172.19.19.2 | ftp, http, msrpc, netbio-snn, microsoft-ds, ms-wbt-server, ntp, netbio-ns, netbio-dgm, snmp, isakmp, route, upnp, msantipiracy, nat-t-ike, sentinel-lm, llmnr |
| 127.19.19.3 | ftp, domain, http, kerberos-sec, msrpc, netbios-ssn, ldap, microsoft-ds, kpasswd5, http-rpc-epmap, ldapssl, globalcatLDAP, globalcatLDAPssl, wsdapi, domain, ntp, netbio-ns, netbios-dgm, snmp, ldap, kpasswd5, isakmp, mbap, ws-discovery, nat-t-ike, llmnr, bacnet |
| 172.19.19.5 | ftp, http, zeroconf |
| 172.19.19.6 | ftp, http, msrpc, netbio-ssn, microsoft-ds, mysql, ntp, netbio-ns, netbios-dgm, snmp, isakmp, serialnumbered, pkix-3-ca-ra, scol, nat-t-ike, llmnr, gnutella |
| 172.19.19.8 | tcpwrapped, msrpc, netbio-ssn, microsofy-ds, microsoft terminal service, ntp, netbio-dgm, microsoft-ds, isakmp, blackjack, win-rpc, nat-t-ike |
| 172.19.19.9 | ftp, http, msrpc, netbios-ssn, microsoft-ds, mysql, ms-wbt-server, ntp, netbios-ns, netbios-dgm, snmp, isakmp, cycleserv2, sbl, upnp, ms-wbt-server, nat-t-ike, llmnr, sometimes-rpc14 |
After discovering live systems, we started port scanning to detect the open ports and identify the services running on these hosts. Port scanning is the process of checking the services running on the target computer by sending a sequence of messages in an attempt to break in. Port scanning involves connecting to or probing TCP and UDP ports on the target system to determine if the services are running or are in a listening state. The listening state gives an idea of the operating system and the application in use. Sometimes, active services that are listening may allow unauthorized user access to systems that are misconfigured or running software that has vulnerabilities.