In this Lab you are going to do some background investigation into tools that will allow you, the prospective attacker to discover information about a target. The target can be a specific domain, network or range of IP addresses.
Specifically, you will be researching the purpose and functionality of nmap, dig, host, nslookup and the whois command. Read the tutorials and answer the questions. Some questions might require you to do some Internet research.
Tasks and Questions
Task 1. The first tool is nmap. nmap is a port scanner.
Question 1a. What is the purpose of a port scanner?
Read the following nmap tutorial to learn about how to use this tool: Nmap Tutorial from Infosecinstitute
Here is another more visual tutorial: Nmap Again
Question 1b. Provide an example of an nmap scan that scans an entire network.
Question 1c. Can you use nmap to find out the Operating System of a host? If yes, provide an example command.
Question 1d. What is the purpose of doing an nmap stealthy scan? Provide an example of an nmap stealth scan.
Task 2. Next, as a determined attacker you are going to do some Reconnaissance to discover more information. As part of Reconnaissance, an attacker will try to enumerate DNS records.
Question 2a. What does DNS enumeration accomplish for an attacker?
To accomplish DNS enumeration, you will be using the dig tool. Dig Tutorial
Question 2a. What can you discover using the dig tool? Provide an example of using dig to find MX records.
Question 2b. How would you list all DNS records using dig?
Question 2c. Does dig run under Windows or Mac OSX?
The next tools are host, nslookup and whois
Question 2d. What does nslookup do? Provide an example of using the tool
Question 2e. What does host do? Provide an example of using the tool
Question 2f. What does whois do? Provide an example of using whois
Question 2g. Are there differences between host, nslookup and dig?