[OSCP] Information Gathering - TCP/UDP Port Scanning

1. Once VM Group 1 is started, perform a Netcat scan against the machine ending with the octet '151' (ex: 192.168.51.151) Which is the lowest TCP open port?
   --> 53
2. On the same host, perform a netcat TCP scan for the port range 1-10000. Which is the highest open TCP port?
   --> 9389
3. Other than port 123, what is the first returned open UDP port in the range 150-200 when scanning the machine ending with the octet '151' (ex: 192.168.51.151)?
   --> 161

#nmap -sT 192.168.50.149

 -> TCP 스캔

 

#sudo nmap -sU 192.168.50.149

 -> UDP 스캔

 

#sudo nmap -sU -sS 192.168.50.149
 -> UDP 및 Syn스캔 결합

 

#nmap -sn 192.168.50.1-253

-> Network swip (대량호스트, 트래픽 절감, 광범위용)

 

#nmap -v -sn 192.168.50.1-253 -oG ping-sweep.txt

#grep Up ping-sweep.txt | cut -d " " -f 2
 -> greppable 출력 매개변수 -oG 사용

#nmap -p 80 192.168.50.1-253 -oG web-sweep.txt
#grep open web-sweep.txt | cut -d" " -f2

  -> 웹서버 스캔

 

#nmap -sT -A --top-ports=20 192.168.50.1-253 -oG top-port-sweep.txt

  -> 상위 20개 포트 수행하고 출력을 grep 가능한 형식으로 저장

 

#sudo nmap -O 192.168.50.14 --osscan-guess

  -> OS 지문 스캔 (방화벽이나 프록시 존재시 정확하지 않음)

 

#nmap -sT -A 192.168.50.14

   -> 지문스캔 이후 -A 매개변수를 사용해서 서비스 배너를 확인 (트래픽, 속도 이슈)

#nmap --script http-headers 192.168.50.6

  --> NSE는 스캐닝 작업을 자동화하는 도구,  NSE 스크립트는 /usr/share/nmap/scripts 디렉토리에 있습니다.

 

#nmap -p 80 --script http-title 192.168.50.0/24

 

 

윈도우 파워쉘 명령어

1..1024 | ForEach-Object { if (Test-NetConnection -ComputerName 192.168.1.1 -Port $_ -InformationLevel Quiet) { $_ } } | Select-Object -First 4

 

1. Start Walk Through Exercises in VM Group #1, use Nmap to conduct a SYN stealth scan of your target IP range, and save the output to a file. Use grep to show machines that are online. Which host has port 25 open? Use 50 as the third IP octet instead of your dynamically assigned IP when submitting the answer.
   ->192.168.50.8
2. Perform an Nmap TCP scan against the addresses on the Walk Through Exercises on VM Group #1. Which host is running a WHOIS server? Use 50 as the third IP octet instead of your dynamically assigned IP when submitting the answer.
   ->192.168.50.251
3. Connect via RDP to the Windows 11 client from Walk Through Exercises VM Group #1 and perform TCP port discovery against the Windows DC machine ending with the octet '151' (ex: 192.168.51.151). Which are the first four open TCP ports? List the ports separated by commas.
   ->53,88,135,139
4. There is a service running on a high-range TCP port on the Module Exercises VM #1. Find it, and you will find the flag together with it.
   ->OS{69f66be6051e1ce2e6926504d4b654c0}
5. The NMAP Scripting Engine includes a many extremely useful scripts to assist in the active recon process for a wide variety of things, not just the handful of services discussed in this Module. In the NMAP library, for example, there are over 100 NSE discovery scripts. For this challenge, you will need to use a new discovery script to help you enumerate the HTTP title of the default page of all the hosts with web servers on the public lab network. Performing something as simple as scanning the web server titles can help you collect all sorts of information about the target, including the purpose of the website, software version information, and even login pages. In this challenge, you need to find the host with a web server with the title "Under Construction" in the Module Exercises VM Group 1. The flag is located on the index.html page of the web server matching this title.
   ->OS{13471acd8c8a6cc8eee25d47a2288101}