Scribd Logo
Upload

Welcome to Scribd!

  • LAB04 - IA1602 - TRẦN DOÃN ANH - SE150630

    Uploaded by

    Anh Trần
    15 views5 pages
    The document describes how to perform various enumeration techniques against a target system including NetBIOS, SNMP, and DNS enumeration using tools like nmap, snmp-check, dig, and nslookup. The steps show how to discover open ports and services, obtain system information like the NetBIOS name, and perform operations like zone transfers to learn more about a target domain.

    Original Description:

    Original Title

    LAB04_IA1602_TRẦN DOÃN ANH_SE150630

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes how to perform various enumeration techniques against a target system including NetBIOS, SNMP, and DNS enumeration using tools like nmap, snmp-check, dig, and nslookup. The steps show how to discover open ports and services, obtain system information like the NetBIOS name, and perform operations like zone transfers to learn more about a target domain.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    15 views5 pages

    LAB04 - IA1602 - TRẦN DOÃN ANH - SE150630

    Uploaded by

    Anh Trần
    The document describes how to perform various enumeration techniques against a target system including NetBIOS, SNMP, and DNS enumeration using tools like nmap, snmp-check, dig, and nslookup. The steps show how to discover open ports and services, obtain system information like the NetBIOS name, and perform operations like zone transfers to learn more about a target domain.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    Lab 04: Enumeration

    Name: Trần Doãn Anh

    ID: SE150630

    Perform NetBIOS Enumeration using an NSE Script


    1. The Zenmap window appears. In the Command field, type the
    command nmap -sV -v --script nbstat.nse [Target IP Address]  and
    click Scan.

    2. The scan results appear, displaying the open ports and services, along with their
    versions. Displayed under the Host script results section are details about the
    target system such as the NetBIOS name, NetBIOS user, and NetBIOS MAC
    address, as shown in the screenshot.
    3. In the Command field of Zenmap, type nmap -sU -p 137 --script nbstat.nse
    [Target IP Address]  and click Scan.
    4. The scan results appear, displaying the open NetBIOS port (137) and, under
    the Host script results section, NetBIOS details such as NetBIOS name,
    NetBIOS user, and NetBIOS MAC of the target system, as shown in the
    screenshot.

    Perform SNMP Enumeration using snmp-check


    1. In the Kali Terminal window, type nmap -sU -p 161 [Target IP address] and
    press Enter.

    The results appear, displaying that port 161 is open|filtered and being used by SNMP,
    as shown in the screenshot.

    We have established that the SNMP service is running on the target machine. Now,
    we shall exploit it to obtain information about the target system.

    2. In the Kali Terminal window, type snmp-check [Target IP Address]  and


    press Enter.
    Perform DNS Enumeration using Zone Transfer
    1. A Parrot Terminal window appears. In the terminal window, type dig ns
    [Target Domain] (in this case, the target domain
    is www.certifiedhacker.com); press Enter.

    1. In the terminal window type dig @[[NameServer]] [[Target Domain]]


    axfr (in this example, the name server is ns1.bluehost.com and the target
    domain is www.certifiedhacker.com); press Enter.

    Note: In this command, axfr retrieves zone information.


    1. The Command Prompt window appears; type nslookup, and press Enter.

    In the nslookup interactive mode, type set querytype=soa, and press Enter.

    Type the target domain certifiedhacker.com and press Enter. This resolves the


    target domain information.

    Note: set querytype=soa sets the query type to SOA (Start of Authority) record to


    retrieve administrative information about the DNS zone of the target
    domain certifiedhacker.com.
    2. In the nslookup interactive mode, type ls -d [Name Server] (in this example,
    the name is ns1.bluehost.com) and press Enter, as shown in the screenshot.

    Note: In this command, ls -d requests a zone transfer of the specified


    name server.

    You might also like