Nmap scan
report | Network代做 | network – 这是一个关于Network的题目, 主要考察了关于nmap的内容,是一个比较经典的网络安全题目, 涉及了report/Network/网络安全等代写方面
Questions Q1. [30 marks] You are conducting an attack against two computers, and you have collected the Nmap output in Listing 1.
Listing 1:
Nmap 6.40 scan initiated Fri Sep 6 08:24:05 2019
as: nmap -sS 192.168.109.129- 130
Nmap scan report for 192.168.109. Host is up (0.0091s latency). Not shown: 996 closed ports PORT STATE SERVICE 25/tcp open smtp 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https
Nmap done at Fri Sep 6 08:24:18 2019
2 IP addresses (1 host up) scanned in 13.62 seconds
(a) Which phase of penetration testing does this Nmap operation belong to? Justify your response. [2] (b) Explain what you observe in the Listing. What can you conclude about the computers you are attacking? [6] (c) What would you do as the next step of your attack? Provide two possible steps and include technical details on how you would conduct each of them. [12] (d) Using the information in Listing 1, describe the packets that you would see in the network while the attack from the previous question is being executed. For each packet that you describe, justify why you believe it appears in the network. [10]
While monitoring your network, your wireshark capture shows many packets like in Listing 2.
Source Destination Prot Len Info 192.168.109.128 192.168.109.129 TCP 58 47918 > 7028 [SYN] 192.168.109.128 192.168.109.129 TCP 58 47918 > 7035 [SYN] 192.168.109.129 192.168.109.128 TCP 60 7028 > 47918 [RST, ACK] 192.168.109.129 192.168.109.128 TCP 60 7035 > 47918 [RST, ACK] 192.168.109.128 192.168.109.129 TCP 58 47918 > 7039 [SYN] 192.168.109.128 192.168.109.129 TCP 58 47918 > 7032 [SYN] 192.168.109.129 192.168.109.128 TCP 60 7039 > 47918 [RST, ACK] 192.168.109.129 192.168.109.128 TCP 60 7032 > 47918 [RST, ACK] 192.168.109.128 192.168.109.129 TCP 58 47918 > 7043 [SYN] 192.168.109.128 192.168.109.129 TCP 58 47918 > 7050 [SYN] 192.168.109.129 192.168.109.128 TCP 60 7043 > 47918 [RST, ACK] 192.168.109.129 192.168.109.128 TCP 60 7050 > 47918 [RST, ACK]
(a) What type of information do we see in each column of this listing? [10] (b) How many computers are involved in sending and receiving these packets? [2] (c) Which network protocol is being used, and which phase of the protocol is being executed in this Listing? [4] (d) Assuming this is an attack, explain what is happening in the network. Who is the attacker? What attack is taking place? What is the purpose of this attack? [8] (e) Give an example of another packet that could be part of the same attack. [6]
The email in the image below is potentially a phishing email received at the School’s email address for PhD research enquiries. Hovering over the View file link in the email, you see that the link goes to https://uploadxyzfiles.io/z4us178l
(a) What evidence do you see in the email that suggests this is a phishing attack? [8] (b) How is the sender trying to trick psychologically the recipient into clicking on the link? [5] (c) What may happen if the recipient clicks on the link? [2]
While analysing a piece of malware, you collect the evidence in the attached evidence.zip file from various malware analysis tools. There are seven (7) files in evidence.zip, each of which is a screenshot from the following tools that we have used in the labs:
- strings.png evidence from running the strings tool
- PEiD.png evidence from running the PEiD tool
- PEView.png evidence from running the PEView tool
- procmon.png evidence from running the Procmon tool
- regshot.png evidence from running the RegShot tool
- FakeNet.png evidence from running the FakeNet tool
- new_file_contents.png contents of a file that was created after running the malware. The file has been opened with Notepad. In this question, your task is to analyse the evidence and draw conclusions about the functionality and purpose of the malware. Any conclusions you draw should be clearly linked to the evidence provided. For correctly interpreting each piece of evidence (each screenshot), you gain 3 marks. Then, from the individual interpretations of each piece of evidence, you should draw appropriate conclusions about the overall functionality and the purpose of the malware (4 marks).