“Praktikum Lab Scanning”

(Scanning Modul CEH V9)

Disusun untuk memenuhi tugas Mata Kuliah Ethical Hacking and Penetration Testing
Dosen Pengampu: Dr. Johannes Harungguan Sianipar, S.T., M.T.
Instruktur: Albert Kelvin Hutapea, S.Kom.

Disusun Oleh:
Kelompok 7 (Ganjil)

11S18002 – Putri Era Waty Bakara

11S18010 – N. Priskila Napitupulu
11S18015 – Yanada Sari Situmorang

Program Studi Sarjana Informatika

Fakultas Informatika dan Teknik Elektro (FITE)
Institut Teknologi Del
2021

1|Page
Bab 1 Scanning the Network using the Colasoft Packet Builder

1. Install the Colasoft Packet Builder.

2. Follow the wizard-driven installation steps to install Colasoft Packet Builder.

2|Page
3. On completing the installation, launch the Colasoft Packet Builder 2.0 application. The
Colasoft Packet Builder GUI appears as shown in the screenshot:

4. Before starting your task, click the Adapter icon

5. When the Select Adapter window appears, check the Adapter settings, and click OK.

6. To add or create a packet, dick Add icon in the menu section.

3|Page
7. In the Add Packet dialog box, select ARP Packet template, set Delta time the packet listing
to activate as 0.1 second, and click OK.

8. You can view the added packets list on the right-hand side of the window, under Packet List.

9. Colasoft Packet Builder allows you to edit the decoding information in the two editors:
Decode Editor and Hex Editor, located in the left pane of the window
10. The Decode Editor section allows you to edit the packet decoding information by double-
clicking the item you want to decode
11. The Hex Editor displays the actual packet contents in raw hexadecimal value on the left and
its ASCII eguivalent on the right.

4|Page
12. To send all packets at once, click Send All from the menu bar.

13. In the Send All Packets window, check the Burst Mode option and then click Start.

5|Page
14. Close the window

15. Now, when this ARP packet is broadcasted in the network, the active machines receive the
packet and a few among them start responding with an ARP reply. To observe which

6|Page
 machine is responding to the ARP packet, you also need to run a packet-monitoring
application such as Wireshark or Colasoft Packet Capture simultancously. These
applications log all the packets being transmitted on the network.
16. To export the packets sent from the file menu, click Export → All Packets....

17. In thc Save As window, select a destination folder in the Save in ficld, specify the File
name and Save as type, and dick Save.

7|Page
18. This saved file can be used for future reference.
19. The file will be saved in our storage directory

((((Dilanjutkan ke halaman selanjutnya))))

8|Page
Bab 3 Basic Network Troublesshooting using MegaPing
1. Follow the wizard-driven installation steps to install Mega Ping

2. On completion of installation,launch Megaping from Start menu

9|Page
3. The about MegaPing pop-up appears.Wait until I Agree button appears,and then click the
button.

4. MegaPing(Unregistered) GUI appears displaying the System Info as shown in the following
screenshoot:

10 | P a g e
5. Select any of the options from the left pane of the window.
6. For instance, select IP scanner,specify the IP range in from and to fiels.In this lab the IP
range is 10.10.10.1 to 10.10.10.50 .Click Start.

7. MegaPing list down all the IP addreses under the specified target range with their
TTL,Status(dead or alive) and statistics of the dead and alive hosts.

8. Right-click an IP address,and click Traceroute.

11 | P a g e
9. In this lab,the IP address of Windows server 10.10.10.12 is selected.This IP address may
vary in your lab environment.

10. MegaPing redirects you to Treceroute section,displaying the number of hops taken by the
host machine to reach the Windows Server virtual machine

11. Select Port Scanner from the left pane.

12 | P a g e
12. Enter the IP address of Windows Server 10.10.10.12 machine under Destination Address List
section and click Add.The IP address litened below might very in your lab environment.

13. Check the IP address and click the start button to start listening to the traffic on 10.10.10.12

14. Megaping lists the ports associated with Windows Server 2012, along with the port
Type,Keyword,Risk,and Description as shown in the following screenshoot:

13 | P a g e
((((Dilanjutkan ke halaman selanjutnya))))

14 | P a g e
Bab 5 Scanning a Network using NetScanTools Pro
NetScanTools Pro is an integrated collection of internet information gathering and network
troubleshooting utilities for Network Professionals.
1. Download NetScanTools Pro at www.netscantools.com
2. Perform the installation as usual, by clicking the "Next" button

3. Do it until it's Finish.

15 | P a g e
4. Next on the "Reminder" page click the "Start the Demo" button.

5. On the "Demo Version" page, click Start NetScanTools Pro Demo…

16 | P a g e
6. The main page of NetScanTools Pro will be displayed.

7. Then, on “Manual Tools (all)”, click ARP Ping.

8. On the "About the ARP Ping Tool" page, click OK.

17 | P a g e
9. When the OK button is clicked, it will be redirected to the following page. Do as shown in
the following image, which can be seen the results obtained from the ARP Ping against the
target 192.168.100.1.

18 | P a g e
10. For other manual tools, do the same as when the ARP Ping tool.
11. The results obtained from each manual tool:
a. ARP Scan (MAC Scan)

b. DHCP Server Discovery

19 | P a g e
 c. Ping Scanner

It will automatically open the browser and display the following page:
Note: The result might vary in your lab environment

20 | P a g e
d. Port Scanner

21 | P a g e
Bab 7 Checking for Live System using Angry IP Scanner

1. Install the Angry IP Scanner 3.5.2 setup appears as shown in the screeshoot. Clik Next to
proceed with the installation.

2. Choose Install Location window appears, check the install path and click Install as shown
in the screenshot.

22 | P a g e
3. After the installation, Completing the Angry IP Scanner 3.5.2 Setup window appears. Tick
the Run Angry IP Scanner 3.5.2 checkbox and click Finish as shown in the screenshot.

4. Angry IP Scanner starts and a Getting Started window pops up as shown in the screenhot.
Clik Close.

23 | P a g e
5. In the IP Range ficlds, input the IP range as 10.10.10.0 to 10.10.10.255 as shown in the
screenshot.
6. Click the Preferences icon beside the IP Range menu as shown in the screenshot. Note: IP
Addresses may differ in your lab environment.

7. Preferences window pops up. In the Scanning tab, under Pinging section, select the pinging
method as Combined UDP+TCP as shown in the screenshot.

8. Now, switch to the Ports tab and under the Port selection section, enter the range as 1-1000.

24 | P a g e
9. Now, switch to the Display tab and under Display in the results list section select the Alive
hosts (responding to ping) only radio button as shown in the screenshot. Click OK.

25 | P a g e
10. Click the Start button to start scanning the IP range you entered.

11. Angry IP Scanner starts scanning the IP range and starts to list out the alive hosts found.
Check the progress bar on the bottom-right corner to see the progress of the scanning.
Note: IP Addresses may differ in your lab environment. It can take the
application up to 20 minutes approximately.

26 | P a g e
12. Upon finishing, a Scan Statistics window pops up. Note the total number of hosts alive and
click Close.

13. You can see all the IPs with their hostnames and open ports listed in the main window.

27 | P a g e
14. Double-click any IP. IP address details window pops up showing all the relevant details of
the system as shown in the screenshot.

((((Dilanjutkan ke halaman selanjutnya))))

28 | P a g e
Bab 9 Perform ICMP Probing using Ping/Traceroute for Network Troubleshooting
1. Right-click the Start button in the taskbar and select Command Prompt (Admin) option.
2. A Command Prompt terminal appears, type tracert www.certifiedhacker.com and press
Enter.
3. The system resolves the URL into its IP address and starts to trace the path to the
destination.Here it takes 23 hops for the packet to reach the specified destination as shown in
the screenshot.

4. Type tracert /? And press Enter to show the different options for the command as shown in
the screenshoot.

29 | P a g e
5. Type tracert –h 5 www.certifiedhacker.com and press Enter to perform the trace with only 5
maximum hops allowed.

30 | P a g e
Bab 11 Daisy Chaining using Proxy Workbench
1. Before running this lan,turn off Smart Screen .To do this , Setting → Windows Security →
App & Browser Control → Reputation based protection → Click Off.

2. Follow the installation steps to install Proxy Workbench

3. Follow the installation steps to install Proxy Workbench on all Windows platforms.

31 | P a g e
4. After all installation complete, switch back to the attacker machine and launch the chrome
web browser.
5. Click the Open Menu button at the top-right corner of the browser window, and click
Options.

6. The Options window opens. Scroll down and click Settings.Under the Network Proxy
heading.

32 | P a g e
7. Select the Manual proxy configuration radio button in the Connection Setting Wizard.
8. Type 127.0.0.1 as the HTTP Proxy, enter the port value 8080, and check Use this proxy
server for all protocols.Then click OK.

9. If you encounter a port port error during configuration, simply ignore it

10. Launch Proxy Workbench from the Apps List

33 | P a g e
11. The Proxy Workbench welcome pop-up opens.Click OK

12. The Configure Proxy Workbench window opens. Select HTTP Proxy –Web in the left pane
and check HTTP protocol in the right pane.
13. Click Configure HTTP for port 8080

34 | P a g e
14. The HTTP Properties window opens. Click Connect via another proxy.
15. Enter the IP address of the Windows 10 virtual machine in the Proxy server is “10.10.10.10”
field and port number 8080 in the Port field
16. Click Ok

17. Click Close to close the Configure Proxy Workbench window

18. Log in to the Windows 10 virtual machine and launch Proxy Workbench
19. Repeat the configuration steps,Steps 14-19 to configure the application with proxy server
“192.168.0.123”

20. Click Close to close the Configure Proxy Workbench window

21. Launch Proxy Workbench on the Windows Server 2012 virtual machine and repeat the
configuration steps, Steps 14-19 to configure the application.

35 | P a g e
22. In Windows Server 2012, type the IP address of the Windows 8 virtual machine (10.10.10.8)

23. Click Close to close the Configure Proxy Workbench window.

24. Now, launch Proxy Workbench on the windows 8 virtual machine.
25. The proxy Workbench welcome pop-up appears. Click OK
26. The Configure Proxy Workbench windows opens. Select HTTP Proxy – Web in the left pane
and check HTTP protocol in the right pane.
27. Click the Configure HTTP for port 8080 button.
28. The HTTP properties window opens, Select On the web server, connect to port, enter number
80 and click OK.

29. Click Close to close the Configure Proxy Workbench window

36 | P a g e
30. Swich back to the host machine,launch the Firefox web browser and browse websites such as
https://id.linkedin.com/.

31. Open the Proxy Workbench GUI for more detailed information.Observe that the request is
coming from 192.168.0.17:57830 and going to 192.168.0.17:8080

37 | P a g e
Bab 13 Anonymous Browsing using CyberGhost

1. Install the CyberGhost GUI. Once the installation is complete, the CyberGhost GUI displays
the real location of your server, along with its IP address.
Note: An Upgrade Now window opens with the GUI. Close this window.
The real location traced by CyberGhost may differ in your lab environment.

38 | P a g e
2. Here's what CyberGhost looks like when it's first opened

3. Now click All server button in the CyberGhost application window

4. Select a country from the list. In this lab, Germany has been selected. The Choose
country changes to Germany, as shown in the following screenshot:

39 | P a g e
5. Click the Start Anonymous Surfing power button to start CyberGhost.

40 | P a g e
6. CyberGhost attempts to establish a connection to the proxy server located in Germany. On
successfully establishing a connection, the simulated location changes to Germany, and the
IP address changes to that of the server in Frankfurt, as shown in the following screenshot:

7. Launch the Mozilla Firefox web browser, type the URL

http//whatismyipaddress.com/location-feedback in the address bar. Browse Internet and
press Enter.
8. Scroll down to the Geographical Details section. Observe that the server IP address and
location has changed to 138.199.36.209 and Germany:

41 | P a g e
9. Open a new tab in a web browser, and surf anonymously using this proxy.

42 | P a g e
10. Once you are done browsing, click the Stop Anonymous Surfing button again to disconnect
the proxy. CyberGhost now displays your real location, as shown in the following
screenshot:

43 | P a g e
Bab 15 Drawing Network Diagrams using Network Topology Mapper
Network Topology Mapper discover a network and produces a comprehensive network diagram
that integrates OSI Layer 2 and Layer 3 topology data.
1. 1. Register by registering an email. The hope for the book is to download the “Network
Topology Mapper” application.
2. Launch and log in using the registered email.

3. You will be directed to the following page, then click the checkbox and select “Install”.

44 | P a g e
The installation process is in progress:

Next, click Continue Evaluation.

Select the radio button No, I would not like to participate, and click OK.

45 | P a g e
 Installation is complete. Click Close.

4. Next, click Continue Evaluation again to get started.

46 | P a g e
 The start page of the Network Topology Mapper is displayed. Click New Scan.

5. Next enter New Password and Confirm Password. And click Save.

47 | P a g e
6. In SNMP Credentials, click the private and public checkboxes as shown below, then click
Next.

7. In WMI Credentials, click Next.

48 | P a g e
8. In VMWare Credentials, click Next.

9. In Network Selection, input IP Ranges as follows, and click Next.

49 | P a g e
10. In Discovery Settings, give the scan name Network Topology.

11. In Scheduling, do the following.

50 | P a g e
12. Will be redirected to Summary page, and click Discover.

13. The scanning process is in progress.

51 | P a g e
52 | P a g e
Then click the IP address in the Node Display Options section.

To see detailed Node Properties, right click on a node and select Node Properties, and it
will show:

53 | P a g e
Then, right-click again on the node and select Integration with Windows Tools > Remote
Desktop.

Then, it will be redirected to a page asking for a password, and will open the targeted
machine.

54 | P a g e