Task 1What is the IP address of the infected web server?直接找nmap相关流量，然后追一个包。 192.168.1.3 Task 2What is the IP address of the Attacker?同Task1 192.168.1.5 Task 3How many open ports were discovered by the attacker?先找到nmap的扫描包段 观察扫描成功的包和失败的包之间的差异，(((ip.src == 192.168.1.5)) && (tcp.completeness == 39)) && (tcp.flags == 0x0002)，而后过滤得到所有成功的端口。 14 Task 4What are the first five ports identified by the attacker in numerical order during the enumeration phase, not considering th...

nmap1234567891011121314151617181920212223└─$ sudo nmap -sS 10.10.11.132 -p- --min-rate=1500Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-10 02:27 ESTNmap scan report for 10.10.11.132Host is up (0.11s latency).Not shown: 65532 filtered tcp ports (no-response)PORT STATE SERVICE80/tcp open http5985/tcp open wsman8080/tcp open http-proxy└─$ sudo nmap -sU 10.10.11.132 --top-ports=200 --min-rate=2000[sudo] password for fonllge:Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-1...

NMAP1234567891011121314151617181920212223242526272829303132333435─$ sudo nmap -sU 10.10.11.187 --top-port=200 --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-07 00:41 ESTNmap scan report for 10.10.11.187Host is up (0.14s latency).Not shown: 197 open|filtered udp ports (no-response)PORT STATE SERVICE88/udp open kerberos-sec123/udp open ntp389/udp open ldap└─$ sudo nmap -sS 10.10.11.187 -p- --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-07 00:41...

Nmap12345678910111213141516171819202122232425262728293031323334353637└─$ sudo nmap -sS 10.10.10.248 -p- --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-02 23:57 ESTNmap scan report for 10.10.10.248Host is up (0.13s latency).Not shown: 65516 filtered tcp ports (no-response)PORT STATE SERVICE53/tcp open domain80/tcp open http88/tcp open kerberos-sec135/tcp open msrpc139/tcp open netbios-ssn389/tcp open ldap445/tcp open microsoft-ds464/tcp open...

解决了困扰了我很久的ldaps需要证书，和smb的krb认证连接问题 Nmap123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495010.10.11.168└─$ sudo nmap -sS 10.10.11.168 -p- --min-rate=2000Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-02 03:31 ESTStats: 0:00:36 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth ScanSYN Stealth Scan Timing: About 37.25% done; ETC: 03:33 (0:01:01 remaining)Stats: 0:01:38 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth ScanSYN ...