Lab #4
Lab #4 Compromise and Exploit a Vulnerable Microsoft Workstation
IT Security: Attack & Defense
Course Number: ISSC362
IP address for Windows vulnerable computer: 172.30.0.3
Open Ports on 172.30.0.3:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
3389/tcp open microsoft-rdp Microsoft Terminal Service
5000/tcp open upnp Microsoft Windows UPnP
Command syntax from nmap: nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.3
MS08-067 vulnerability:
Here is the screen capture of the program getting caught up on step 80.
Microsoft Security Bulletin MS08-067
Downloading Windows Service Pack 2 (SP2) will eliminate the MS08-067 threat
Lab Assessment Questions & Answers
1. What are the five steps of a hacking attack?
Foot printing, Port Scanning, Network Mapping, Enumeration, Covering Tracks
2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting.
Zenmap sends discreet packets of data to the host computer and asks for a response. When it gets that response it can hopefully determine what OS is on that computer by the data that was sent back.
3. What step in the hacking attack process uses Zenmap GUI?
Zenmap will be utilized during the Port Scanning phase.
4. What step in the hacking attack process identifies known vulnerabilities and exploits?
During the Enumeration Phase
5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft vulnerabilities identified. What is vulnerability “MS08-067”?
MS08-067: Vulnerability in Server service could allow remote code execution. This can lead to someone gaining administrative rights who could add and delete
IT Security: Attack & Defense
Course Number: ISSC362
IP address for Windows vulnerable computer: 172.30.0.3
Open Ports on 172.30.0.3:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
3389/tcp open microsoft-rdp Microsoft Terminal Service
5000/tcp open upnp Microsoft Windows UPnP
Command syntax from nmap: nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 172.30.0.3
MS08-067 vulnerability:
Here is the screen capture of the program getting caught up on step 80.
Microsoft Security Bulletin MS08-067
Downloading Windows Service Pack 2 (SP2) will eliminate the MS08-067 threat
Lab Assessment Questions & Answers
1. What are the five steps of a hacking attack?
Foot printing, Port Scanning, Network Mapping, Enumeration, Covering Tracks
2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting.
Zenmap sends discreet packets of data to the host computer and asks for a response. When it gets that response it can hopefully determine what OS is on that computer by the data that was sent back.
3. What step in the hacking attack process uses Zenmap GUI?
Zenmap will be utilized during the Port Scanning phase.
4. What step in the hacking attack process identifies known vulnerabilities and exploits?
During the Enumeration Phase
5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft vulnerabilities identified. What is vulnerability “MS08-067”?
MS08-067: Vulnerability in Server service could allow remote code execution. This can lead to someone gaining administrative rights who could add and delete