Solved: Reconnaissance and Scanning Assignment

Assignement 1

1. Reconnaissance (50%)

a. Using an enterprise at your choice find as much as possible public information on it without performing active scans using Nmap or other scanner.

For guidance you can use the course notes or the following web sites: -

http://www.pentest-standard.org/index.php/Intelligence_Gathering

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

b. Using Maltego perform a reconnaissance against your target organisations

Put all the information acquired in a document and create a mind map with the most critical information.

2. Scanning (50%)

Execute Nmap scans against the 3 virtual machines shared with you in the last class. Perform the following type of scans (at least)

- Ping scans

- SYN scans

- TCP Connect scans

- UDP scans

- Idle scans

- OS fingerprinting scans

- Version scanning

- NSE scans

Also, perform at least two types of hping3 scans.

For at least two types of the Nmap scans and one type of hping3 scans use tcpdump to capture the traffic and explain how the scanner differentiate between closed and open ports.

Document all the results.