Introduction
This lab is dedicated to network enumeration. Before you begin, you must understand this term. If you were to look up the term enumeration in a dictionary, such as Merriam-Webster Online, you would see this definition: "to name things one after another in a list." Similarly, if you were to ask your university peers majoring in mathematics to define this term, they would describe it as "listing all elements in a number set, such as enumerating the ordinal positive numbers (1, 2, 3, 4, and so on)." So what does it mean if you enumerate a network?
In the previous lab, you scanned the network. You discovered that the network was composed of three subnets, each containing a few servers. Through port scanning, you were able to make educated guesses as to the operating system running on those servers and what services might be available for connection. Enumeration is the next logical step in gathering information on those servers, their operating systems, and what services are available. After you scan and map a network, as you did in the previous lab, your next activity is to enumerate much more information from those available servers.
If a hacker were to enumerate your network, the results would immediately be useful in determining what vulnerabilities might be present to exploit. Even without exploiting a vulnerability, a hacker can gain other knowledge, such as names and usernames. Both of these can provide valuable insider knowledge for attacking offline using a false pretense, also known as social engineering.
In this lab, you will learn and practice network and resource enumeration. The tools used for this lab are some of the industry's most popular and well-known scanning tools available.
This lab has four parts, which should be completed in the order specified.
In the first part of the lab, you will scan all machines available throughout the network more deeply than done previously. You will also research the challenging distinctions between file sharing protocols.
In the second part of the lab, you will enumerate all scanned machines to identify a subset of machines. Of those machines, you will select a particular machine for connection.
In the third part of the lab, you will establish a network connection to a machine. This exercise demonstrates the ability to create connections without credentials or authentication.
Finally, if assigned by your instructor, you will explore the virtual environment on your own in the fourth part of the lab to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.
Learning Objectives
Upon completing this lab, you will be able to:
Differentiate between network scanning, mapping, and enumeration.
Understand the difference between NetBIOS and SMB and the ports used by each.
Employ tools to enumerate and establish a connection to a system.
From scan results and enumeration, determine what machine will be your target for exploitation in a later lab.
Select another machine on the network and run the nbtstat command to enumerate and determine the NetBIOS name of that IP address.
With the NetBIOS name of the machine in hand, try to establish an IPC$ share connection to that machine. What happened? Use Internet research to determine why you received the results you did.
Log back into the Student machine. Find out the NetBIOS name of that local computer.
Explain the difference between network scanning or network mapping and enumeration.
Why is it important to enumerate systems for available services, shares, users, and so on?
What Microsoft command utility can provide you with the NetBIOS name of a remote computer?
What three ports were singled out to assist in OS detection?
What is the difference between CIFS and SMB?
How was the target machine selected from all scanned machines on the network?
What is the commandline switch for nbtstat to display the NetBIOS name of the target IP address?
What commandline utility permits the establishment ofa IPC$ connection to a Windows 2003 machine?
What was the IP address of the identified machine with the oldest OS version?
What command-line statement deletes a connection to a remote machine?