I’m starting the Attacking Enterprise Networks module and am having trouble with the first question:
“Perform a banner grab of the services listening on the target host and find a non-standard service banner. Submit the name as your answer (format: word_word_word)”
Well, first of all all of the ports that return open for the target are for standard services on standard ports, such as pop3 on port 110, rpcbind on port 111 etc. I did an nmap scan with the banner script to return the banners for open ports. Then used the banner grab egrep command from the github cheat sheet but I’m not seeing how these results will help me answer the question.
I don’t want the answer, I just want pushed in the right direction.
Yes, I see 11 TCP ports open and 3 UDP ports. I scanned for all ports using “-p-” and was only seeing TCP ports at first. When you asked if I scanned for both protocols, I scanned specifically for UDP ports and banners using “–script=banner” which showed port 53, 68, & 111 open and the services.
I tried submitting domain_dhcpc_rpcbind as my answer but that wasn’t it. I figured it wouldn’t be because these are only service names and not banners. Banners aren’t showing for UDP ports.