Let’s see the background information at first:
“After we conducted the first test and submitted our results to our client, the administrators made some changes and improvements to the IDS/IPS and firewall. We could hear that the administrators were not satisfied with their previous configurations during the meeting, and they could see that the network traffic could be filtered more strictly.”
It says that “the network traffic could be filltered more strictly”. So when we conduct our nmaping operation, the most important thing for us is to be quieter than the former operation “Answer of "Firewall and IDS/IPS Evasion - Easy Lab"”.
Furthermore, it says that we should find out versions of DNS server. Where can we find out it? I remember that the topic of this section is “NMAP”, which is a tool used to scan ports. So I guess there must be a port running DNS server. By searching in website, I find out a page " Understanding DNS Port 53 with Examples - howtouselinux". So I guess that I need to scan a specific port 53.
At beginning, the command I used was:
“nmap -T4 -A -v 10.129.67.225 -D RND:5 --stats-every=5s”
However, something about port 53 is shown “filtered”, just as below:
So how can I see information about port 53? Since this operation was banned when scanning every ports. Why don’t we just scan the single port 53? Following this idea, I upgraded the command into:
“nmap -T4 -p53 -A -v 10.129.67.225 -D RND:5 --stats-every=5s”
Finally, I can see information about port 53, and I know the DNS server version. Later I submit the answer and get one cube.
1 Like
hi,
I’m really stuck on this. I have followed what you have done, but I dont get the same results.
I’m using VMware and Kali. Connected to the VPN.
I tried your last command and get this output:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-15 03:58 EDT
You have specified some options that require raw socket access.
These options will not be honored without the necessary privileges.
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Initiating Ping Scan at 03:58
Scanning 10.129.57.157 [2 ports]
Completed Ping Scan at 03:58, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 03:58
Completed Parallel DNS resolution of 1 host. at 03:58, 0.01s elapsed
Initiating Connect Scan at 03:58
Scanning 10.129.57.157 [1 port]
Completed Connect Scan at 03:58, 0.20s elapsed (1 total ports)
Initiating Service scan at 03:58
NSE: Script scanning 10.129.57.157.
Initiating NSE at 03:58
Completed NSE at 03:58, 0.01s elapsed
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Nmap scan report for 10.129.57.157
Host is up (0.013s latency).
PORT STATE SERVICE VERSION
53/tcp filtered domain
NSE: Script Post-scanning.
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Initiating NSE at 03:58
Completed NSE at 03:58, 0.00s elapsed
Read data files from: /usr/bin/…/share/nmap
Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .
Nmap done: 1 IP address (1 host up) scanned in 0.67 seconds
As you can see its still showing as filtered.
Not sure what to try now.
Any tips?
Never mind, I got there with this nmap -Pn -T4 -A -v -sV 10.129.57.157 -p 53 -D RND:5 --stats-every=5s
1 Like
