Network Enumeration

Objectives: Network Enumeration

Network Enumeration

Network Enumeration

Lab 4-01: Perform NetBIOS Enumeration using Windows Command-Line Utilities

Scenario: FinanceSafe Inc. hired SecureDES Consultants to evaluate internal and external network security. Many systems have NetBIOS enabled, raising concerns about sensitive data disclosure.

Objective: Perform NetBIOS enumeration to identify active systems, NetBIOS names, shared resources, and user account information.

Tools & Commands:

  • nbtstat -a [IP] - Displays NetBIOS name table of a remote machine.
  • nbtstat -c - Lists NetBIOS name cache contents.
  • net use - Shows network shares and connection status.
Real-Life Example: Using nbtstat -a 192.168.1.10 can reveal server names like "FINANCE-SERVER" and user accounts that may be exploited if exposed.

Lab 4-02: Perform SNMP Enumeration using SnmpWalk

Scenario: TechCore Systems uses SNMP for network devices. Misconfigured SNMP may expose sensitive network information.

Objective: Use SnmpWalk to enumerate SNMP-enabled devices.

Tools & Commands:

sudo apt-get install snmp
snmpwalk -v1 -c public [Target IP]
snmpwalk -v2c -c public [Target IP]
Real-Life Example: Enumerating a router using snmpwalk -v2c -c public 192.168.1.1 can reveal ARP tables, routing info, and active users.

Lab 4-03: Perform LDAP Enumeration using Active Directory Explorer (AD Explorer)

Scenario: GlobalTech Solutions relies on Active Directory. Misconfigured LDAP may expose sensitive information.

Objective: Connect to the LDAP server using AD Explorer and extract user accounts, email addresses, and organizational details.

Steps:

  • Download and launch ADExplorer from Microsoft Sysinternals.
  • Connect to LDAP server (port 389) using credentials.
  • Explore DC=CEH, DC=com β†’ CN=Users for usernames.
  • View and modify attributes to understand permissions and data exposure.

Lab 4-04: Perform NFS Enumeration using RPCScan and SuperEnum

Scenario: CodeStream Innovations uses NFS for file sharing. Misconfigured NFS may expose sensitive project data.

Objective: Enumerate NFS shares and RPC services to identify security gaps.

Tools & Commands:

nmap -p 2049 [Target IP]           # Check if NFS port is open
git clone https://github.com/p4pentest/SuperEnum.git
cd SuperEnum
echo "192.168.1.10" >> Target.txt
./superenum
git clone https://github.com/hegusung/RPCScan.git
cd RPCScan
python3 rpc-scan.py [Target IP] --rpc
Real-Life Example: Open NFS shares on a developer’s server can leak source code if permissions are misconfigured.

Lab 4-05: Perform DNS Enumeration using Zone Transfer

Scenario: MarketEdge Solutions wants to evaluate DNS security. Misconfigured zone transfers may expose internal hostnames and IPs.

Objective: Attempt DNS zone transfer using dig or nslookup.

Commands:

dig ns certifiedhacker.com
dig @ns1.bluehost.com certifiedhacker.com axfr
nslookup
> set querytype=soa
> certifiedhacker.com
> ls -d ns1.bluehost.com
Real-Life Example: A successful zone transfer could reveal mail servers, subdomains, and internal IPs.

Lab 4-06: Perform SMTP Enumeration using Nmap

Scenario: DataLink Solutions is concerned about attackers enumerating valid email accounts.

Objective: Use Nmap scripts to enumerate SMTP users, commands, and relays.

Commands:

nmap -p 25 --script=smtp-enum-users [Target IP]
nmap -p 25 --script=smtp-open-relay [Target IP]
nmap -p 25 --script=smtp-commands [Target IP]
Real-Life Example: SMTP enumeration can identify valid employee email addresses, useful for phishing or social engineering.

Lab 4-07: Enumerate Information using Global Network Inventory

Scenario: FinEdge Solutions requires full network visibility across Windows and Linux machines.

Objective: Use Global Network Inventory to scan and gather complete network info.

Steps:

  • Download and install Global Network Inventory (gni_setup.exe).
  • Run single address scan, provide target IP, username, and password.
  • View scan summary, OS details, BIOS, NetBIOS, user groups, shares, services, installed software, and other system information.
Real-Life Example: Identifying outdated software or exposed services helps prevent attacks on vulnerable machines.

Lab 4-08: Enumerate Information using ShellGPT

Scenario: Use AI to automate enumeration tasks and identify potential vulnerabilities efficiently.

Objective: Perform automated enumeration using ShellGPT for NetBIOS, SNMP, SMTP, DNS, IPsec, SMB, LDAP, and FTP.

Example ShellGPT Commands:

sgpt --shell "Perform NetBIOS enumeration on target IP 10.0.2.15"
sgpt --shell "Perform SNMP enumeration on target IP 10.0.2.15 using SnmpWalk"
sgpt --chat enum --shell "Perform SMTP enumeration on target IP 10.0.2.15"
sgpt --chat enum --shell "Use Nmap to perform DNS Enumeration on target domain www.certifiedhacker.com"
sgpt --shell "Use nmap script to perform ldap-brute-force on IP 10.0.2.15"
sgpt --shell "Use Nmap to perform FTP Enumeration on www.certifiedhacker.com"
Real-Life Example: Automating enumeration with AI reduces manual effort and uncovers patterns traditional tools might miss.

Conclusion

These labs provide a complete overview of network enumeration techniques including NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, and AI-assisted enumeration. Understanding these labs helps students identify vulnerabilities, map network infrastructures, and develop security recommendations while working ethically and with authorization.

Reference Book: N/A

Author name: SIR H.A.Mwala Work email: biasharaboraofficials@gmail.com
#MWALA_LEARN Powered by MwalaJS #https://mwalajs.biasharabora.com
#https://educenter.biasharabora.com

:: 1::

β¬… ➑