Scanning Networks - p.4

Lab 3

Fingerprinting Open Ports Using the Amap Tool

.-bnap determines applications running on each open port.

Lab Scenario

Computers communicate with each other by knowing die IP address in use and ports check which program to use when data is received. A complete data transfer always contains the IP address plus the port number required. 111 the previous lab we found out that die server connection is using a Standard HTTP port 80. If an
attacker finds diis information, he or she will be able to use die open ports for attacking die machine. 111 this lab, you will learn to use the Amap tool to perform port scanning and know exacdy what applications are running on each port found open.

Lab Objectives

The objective of diis lab is to help students learn to fingerprint open ports and discover applications 11 inning on diese open ports.

hi diis lab, you will learn to:
■ Identify die application protocols running on open ports 80
■ Detect application protocols

Lab Environment

To perform die lab you need:
■ Amap is located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Banner Grabbing ToolsVAMAP
■ You can also download the latest version of AMAP from the link http: / /www.thc.org dic-amap.
■ I f you decide to download the la te s t version, then screenshots shown in the lab might differ

■ A computer running Web Services enabled for port 80
■ Administrative privileges to run die Amap tool
■ Run diis tool on Windows Server 2012

Lab Duration

Time: 5 Minutes

Overview of Fingerprinting

Fingerprinting is used to discover die applications running on each open port found 0x1 die network. Fingerprinting is achieved by sending trigger packets and looking up die responses in a list of response strings.

Lab Tasks

1. Open die command prompt and navigate to die Amap directory. 111 diis lab die Amap directory is located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Banner Grabbing Tools\AMAP
2. Type amap www.certifiedhacker.com 80, and press Enter.

FIGURE 3.1: Amap with host name www.ce1tifiedl1acke1.com with Port SO

3. You can see die specific application protocols running 011 die entered host name and die port 80.

4. Use die IP address to check die applications running on a particular port.

5. 111 die command prompt, type die IP address o f your local Windows Server 2008(virtual machine) amap 10.0.0.4 75-81 (local Windows Server 2008) and press Enter (die IP address will be different in your network).

6. Try scanning different websites using different ranges of switches like amap www.certifiedhacker.com 1-200

FIGURE 3.2: Amap with IP address and with range of switches 73-81

Lab Analysis

Document all die IP addresses, open ports and their running applications, and die protocols you discovered during die lab.

Questions

1. Execute the Amap command for a host name with a port number other than 80.
2. Analyze how die Amap utility gets die applications running on different machines.
3. Use various Amap options and analyze die results.