Gary Jones
Gary Jones
nmapWiresharkVulnerability AssessmentCybersecurity

nmap Service and Vulnerability Exploration

nmap Service and Vulnerability Exploration
0 views
3 min read
#nmap#Wireshark#Vulnerability Assessment#Cybersecurity
Table Of Content

nmap Service and Vulnerability Exploration Report

Situation:

This project required using nmap to perform TCP and UDP scans on www.artstailor.com, identify open ports and services, and determine potential vulnerabilities. The goal was to analyze the traffic generated by these scans using Wireshark and evaluate the risks of any identified vulnerabilities.

Obstacles:

  1. Uncertain OS Information: The TCP scan provided inconclusive OS fingerprinting results.
  2. UDP Scan Complexity: UDP scanning was slower and identified fewer open ports than TCP scanning.
  3. Vulnerability Research: Identifying relevant exploits for the detected services required extensive research.

Actions Taken:

  1. Ran an nmap TCP scan (nmap -sT -O -sV www.artstailor.com) to identify open ports, services, and their versions.
  2. Executed a UDP scan (nmap -sU -p 1-256 www.artstailor.com) to probe for UDP services and analyzed its performance against the TCP scan.
  3. Used Wireshark to monitor and analyze network traffic generated by nmap during the scans.
  4. Investigated the services and their versions (e.g., vsftpd 2.3.4 and Apache 2.4.17) for known vulnerabilities using searchsploit and public vulnerability databases.
  5. Documented the risks associated with the identified vulnerabilities and proposed mitigation strategies.

Results:

  1. Open Ports and Services:

    • TCP:
      • Port 21: FTP (vsftpd 2.3.4)
      • Port 22: SSH (OpenSSH 7.9p1 Debian 10+deb10u2)
      • Port 53: DNS
      • Port 80: HTTP (Apache 2.4.17)
    • UDP:
      • Port 21: FTP was the only detected service.

  2. Vulnerabilities Identified:

    • vsftpd 2.3.4:
      • Vulnerability: Backdoor command execution.
      • Exploit: Metasploit module available for remote execution.
      • Risk Level: High.
    • Apache 2.4.17:
      • Vulnerability: Local privilege escalation.
      • Exploit: CVE-2019-0211 linked to apache2ctl graceful issue.
      • Risk Level: Medium.

  3. Encryption Key Found: KEY007-9sGDcP6yOz9NqfkXEmX43A==.

  4. Comparison of Scans:

    • TCP Scan:
      • Duration: 23.61 seconds.
      • More comprehensive results with detailed service information.
    • UDP Scan:
      • Duration: Much longer due to the inherent slowness of UDP scanning.
      • Fewer ports identified as open.

Tool Purpose Overview

nmap:

  • Used for network reconnaissance and vulnerability detection through TCP and UDP scanning. It identified open ports, services, and OS fingerprints.

Wireshark:

  • Analyzed the network traffic generated by nmap to verify the interaction between the scanning tool and the target host.

searchsploit:

  • Used to find known exploits for the services detected during scanning, aiding in vulnerability assessment.

View PDF Document