Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Lab3 SE161942

Download as pdf or txt
Download as pdf or txt
You are on page 1of 15

Lab 1: Perform NetBIOS Enumeration

1.1 Perform NetBIOS Enumeration using Windows Command-Line Utilities


Type nbtstat -a <IP address of the remote machine> (in this example, the target IP address is
10.10.10.10) and press Enter.

In the same Command Prompt Window, type nbtstat -c and press Enter.
1.2 Perform NetBIOS Enumeration using NetBIOS Enumerator
The NetBIOS Enumerator main window appears, as shown in the screenshot.

Under IP range to scan, enter an IP range in the from and to fields and click the Scan button to
initiate the scan (In this example, we are targeting the IP range 10.10.10.15-10.10.10.20).
The Debug window section in the right pane shows the scanning range of IP addresses and
displays Ready! after the scan is finished.

Click on the expand icon (+) to the left of the 10.10.10.16 and 10.10.10.19 IP addresses in the
left pane of the window. Then click on the expand icon to the left of NetBIOS Names to display
NetBIOS details of the target IP address, as shown in the screenshot.
1.3 Perform NetBIOS Enumeration using an NSE Script
The Zenmap window appears. In the Command field, type the command nmap -sV -v --script
nbstat.nse <Target IP Address> (in this example, the target IP address is 10.10.10.16) and click
Scan.
The scan results appear, displaying the open ports and services, along with their versions.
Displayed under the Host script results section are details about the target system such as the
NetBIOS name, NetBIOS user, and NetBIOS MAC address, as shown in the screenshot.
In the Command field of Zenmap, type nmap -sU -p 137 -script nbstat.nse <Target lP Address>
(in this case, the target IP address is 10.10.10.16) and click Scan.
The scan results appear, displaying the open NetBIOS port (137) and, under the Host script
results section, NetBIOS details such as NetBIOS name, NetBIOS user, and NetBIOS MAC of the
target system, as shown in the screenshot.
Lab 6: Perform RPC, SMB, and FTP Enumeration
6.1 Perform RPC and SMB Enumeration using NetScanTools Pro
The NetScanTools Pro main window appears, as shown in the screenshot.

In the left pane, under Manual Tools (all), scroll down and click *nix RPC Info, as shown in the
screenshot.
In the Target Hostname or IPv4 Address field in the right pane, enter the target IP address (in
this case, 10.10.10.19) and click the Dump Portmap button to start RPC enumeration.

In the left pane, under the Manual Tools (all) section, scroll down and click the SMB Scanner
option, as shown in the screenshot.
In the right pane, click the Start SMB Scanner (external App) button.
The SMB Scanner window appears; click the Edit Target List button.
The Edit Target List window appears. In the Hostname or IPv4 Address field, enter the target IP
address (10.10.10.19, in this example). Click the Add to List button to add the target IP address
to Target List.

Now, click Edit Share Login Credentials to add credentials to access the target systems.
The Login Credentials List for Share Checking window appears. Enter in the Username and
Password fields, respectively. Click Add to List to add the credentials to the list and click OK.
In the SMB Scanner window, click the Get SMB Versions button.
Once the scan is complete, the result appears, displaying information such as the NetBIOS
Name, DNS Name, SMB versions, and Shares for each target IP address.
6.2 Perform RPC, SMB, and FTP Enumeration using Nmap
Click on the File Explorer icon at the bottom of Desktop. In the File Explorer window, right-click
on Local Disk (C:) and click New -> Folder.
A New Folder appears. Rename it to FTP-Site Data, as shown in the screenshot.

In the Internet Information Services (IIS) Manager window, click to expand SERVER2019
(SERVER2019\Administrator) in the left pane. Right-click Sites, and then click Add FTP Site....
In the Add FTP Site window, type CEH.com in the FTP site name field.
In the Physical path field, click on the (…) icon. In the Browse For Folder window, click Local
Disk (C:) and FTP-Site Data, and then click OK.

The Binding and SSL Settings wizard appears. Under the Binding section, in the IP Address field,
click the drop-down icon and select 10.10.10.19. Under the SSL section, select the No SSL radio
button and click Next.
The Authentication and Authorization Information wizard appears. In the Allow access to
section, select All users from the drop-down list. In the Permissions section, select both the
Read and Write options and click Finish.

The Internet Information Services (IIS) Manager window appears with a newly added FTP site
(CEH.com) in the left pane. Click the Site node in the left pane and note that the Status is
Started (ftp), as shown in the screenshot.
Turn on Parrot Security virtual machine.

In the Parrot Terminal window, type nmap -p 21 <Target IP Address> (in this case, 10.10.10.19)
and press Enter.
The scan result appears, indicating that port 21 is open and the FTP service is running on it, as
shown in the screenshot.
In the terminal window, type nmap -T4 -A <Target IP Address> (In this example, the target IP
address is 10.10.10.19) and press Enter.
The scan result appears, displaying that port 135 is open, and giving detailed information about
the services running on it, along with their versions.

In the terminal window, type nmap -p <Target Port> -A <Target IP Address> (in this example,
the target port is 445 and the target IP address is 10.10.10.19) and press Enter.
The scan result appears, displaying that port 445 is open, and giving detailed information under
the Host script results section about the running SMB, as shown in the screenshot.
In the terminal window, type nmap -p <Target Port> -A <Target IP Address> (in this example,
the target port is 21 and target IP address is 10.10.10.19) and press Enter.
The scan result appears, displaying that port 21 is open, and giving traceroute information, as
shown in the screenshot.

You might also like