03 - Scanning Networks
Building on what we learned from our information gathering and threat modelling, we can now begin to actively query our victims for vulnerabilities that may lead to a compromise. We have narrowed down our attack surface considerably since we first began the penetration test with everything potentially in scope.
Module Objective
The objective of this lab is to help students in conducting network scanning, analyzing the network vulnerabilities, and maintaining a secure network.
You need to perform a network scan to:
- Check live systems and open ports
- Perform banner grabbing and OS fingerprinting
- Identify network vulnerabilities
- Draw network diagrams of vulnerable hosts
Module Labs Objectives
The objective of this lab is to help students perform a local network scan and discover all the resources on the network. You need to:
- Perform a system and network scan
- Enumerate user accounts
- Execute remote penetration
- Gather information about local network computers
Scenario
Vulnerability scanning determines the possibility of network security attacks. It evaluates the organization’s systems and network for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Vulnerability scanning is a critical component of any penetration testing assignment. You need to conduct penetration testing and list the threats and vulnerabilities found in an organization’s network and perform port
scanning, network scanning, and vulnerability scanning to identify IP/hostname, live hosts, and vulnerabilities.
In this day and age, where attackers are able to wait for a single chance to attack an organization to disable it, it becomes very important to perform vulnerability scanning to find the flaws and vulnerabilities in a network and patch them before an attacker intrudes into the network. The goal of running a vulnerability scanner is to identify devices on your network that are open to known vulnerabilities.
I. Scanning System and Network Resources Using Advanced IP Scanner
In this lab you have learnt how to:
- Perform a system and network scan
- Enumerate user accounts
- Execute remote penetration
- Gather information about local network computers