Scan Open Ports on the Target Host
In this step, we will introduce how to use tools to scan the open ports on the target host.
In the penetration testing process, it is necessary to understand the open ports on the target host. In Kali Linux, two default port scanning tools are provided: Nmap and Zenmap. We will mainly introduce the usage of these two tools.
First, let's start the lab environment. The host machine is Ubuntu (the desktop you are currently connected to), with Docker and QEMU virtual environments installed. They provide platform support for the Kali Linux container and the Metasploitable2 target machine, respectively.
In the LabEx host machine, start Metasploitable2 by double-clicking the xfce terminal on the desktop and entering the following command in the terminal:
sudo virsh start Metasploitable2
Ping the target machine to ensure it's running (press Ctrl-C to exit ping):
ping 192.168.122.102
Now, let's start the Kali container and enter the bash interface, execute the ping operation to verify network connectivity:
docker run -ti --network host b5b709a49cd5 bash
Now, we could execute the ping operation to verify network connectivity (press Ctrl-C to exit ping):
ping 192.168.122.102
Now both lab environments are started, and we can begin the penetration testing.
Note: If you accidentally exit the current bash, the Kali container will automatically stop. You can execute the docker run -ti --network host b5b709a49cd5 bash
command again on the host machine to start a new Kali container and enter bash to continue with the lab operations.
Nmap is a network exploration and security scanning program. System administrators and individuals can use this software to scan large networks and obtain information about which hosts are running and what services they are providing.
Nmap supports many scanning techniques, such as UDP, TCP Connect(), TCP SYN (half-open scanning), FTP proxy (Bounce attack), Idle scan, ICMP, FIN, ACK scan, Xmas Tree, SYN scan, and Null scan.
Nmap includes four basic functions:
- Host Discovery
- Port Scanning
- Version Detection
- Operating System Detection
Use the nmap
tool and enter the following command to perform a port scan and obtain information about the open ports on the target machine:
nmap 192.168.122.102
Zenmap: A Graphical User Interface for Nmap
Zenmap is an official graphical user interface based on Nmap, developed by the Nmap project. Zenmap is an open-source and free graphical interface written in Python, which can run on different operating system platforms (Windows/Linux/Unix/Mac OS, etc.). Zenmap aims to provide a simpler operation method for Nmap. Common operations can be saved as profiles, and users can select a profile during scanning, making it convenient to compare different scan results. It also provides a graphical display of the network topology.
Note: The LabEx environment uses the Kali container, so the graphical interface cannot be used at the moment.