Description

The hostname should be “ALI”

When completed, you will have one Microsoft Word document with two screenshots:

1. script.sh (Note: This will be the output of running: “cat nmap_script.sh” so that I can see your

script

2. Screen output of running script.sh

Use the follow infoseclearning lab: Scanning the Network on the LAN. Keep in mind that you

will be limited to 90 minutes per lab session and you will not be able to “copy and paste”

your code – you could, however, take a screenshot of your code before the lab time expires.

If you feel that you need more time to practice the lab script, you can download Kali Linux

and use it. Keep in mind your nmap script will not be the same, so you would have to copy

the script to the infoseclearning environment before submitting. https://lab.infoseclearning.com/labs

(I will provide you with user name and password)

LOCAL INSTALLATION USING VIRTUALIZATION SOFTWARE INSTRUCTIONS

1. Choose your virtualization software (either works fine and they are both free):

o VirtualBox:

o https://www.virtualbox.org/wiki/Downloads

o VMware Workstation Player:

o https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmw

are_workstation_player/14_0

2. Kali Linux can be downloaded from:

o https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-hyperv-image-download/

3. Metasploitable can be downloaded from:

o https://sourceforge.net/projects/metasploitable/files/Metasploitable2/

4. If you need additional help installing Kali, please review Kali Linux Revealed for step-by-step

instructions:

o https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf

INSTRUCTIONS

1. Write a script that will run an Nmap scan of metasploitable. The script should be named script.sh.

The script is required to do the below. (Hint: These are separate options that you will need to

configure for your nmap scan)

o Scan only the top 5 ports

o Do not ping

o Get Service versions

o Scan as fast as possible

o Do not resolve names

o Do not invoke the nmap nse scripts (this means you can’t use the ‘-A’ option)

2. After the nmap scan completes, have the script automatically attempt to use rlogin

against the metasploitable box. It should accept the default username that will

automatically be sent. You will need to provide msfadmin as the password when prompted

(per the script output below)

o rlogin to the metasploitable machine that you just scanned with nmap. This should

automatically run as part of the script – do not have the script prompt you for the target to