Reference no: EM133693501

FICBANK Infrastructure - Penetration Testing Plan & Report

3. Penetration Testing Methodologies
3.1. Phase 1: Reconnaissance and Enumeration
1.1.1. Publicly Available Information
1.1.2. Service Banner and Fingerprinting Information
1.1.3. Live Hosts
1.1.4. Traceroute
1.1.5. Nmap
1.2. Phase 2: Vulnerability Discovery
1.2.1. Live Hosts
1.2.2. Open Ports and Services
1.2.3. Nikto
1.2.4. Nessus

Task 1: Gather Publicly Available Information
Web search for Damn Vulnerable Web App instance.
Task 2: Perform Service Banner Grabbing
Using the "nc" (Netcat) command followed by the IP address and port number to connect to services running on the Damn Vulnerable Linux instance
Task 3: Fingerprint Service Versions Through Telnet
Using the "telnet" command followed by the IP address and port number to connect to a service running on the Damn Vulnerable Web App instance.

Active Reconnaissance
Task 1: Scan for Live Hosts with Ping Sweep
Using the "ping" command followed by the network range to perform a ping sweep and identify live hosts: ping -b10.13.246.8

Task 2: Use Traceroute to Map Network Paths
Using the traceroute command to perform a traceroute to the Damn Vulnerable Web App instance: traceroute 10.13.246.8

Task 3: Enumerate Hosts Using Nmap
Using Nmap to perform a service version detection scan on the Damn Vulnerable Linux instance: nmap -sn10.13.246.0/24

REFLECTION QUESTIONS:
1. Now that you have initiated a penetration test, what do you think are 3-5 goals of penetration testing?

2. How might publicly accessible information gathered during reconnaissance and enumeration further some or all of those goals?

3. What are some differences between active and passive reconnaissance and enumeration?

1. Why is banner grabbing an effective technique to employ?

2. What difference(s) did you observe between the active reconnaissance using ping -b and nmap -sn? What technical explanation is there for your observation?