Lab 2
Enumerating NetBIOS Using the SuperScan Tool
SuperScan is a TCP port scanner, pinger, and resolver. The tool's features include extensive Windows host enumeration capability, TCP S Y N scanning, and UDP scanning.
Lab Scenario
During enumeration, information is systematically collected and individual systems are identified. The pen testers examine the systems in their entirety; tins allows evaluating security weaknesses. in this lab we extract die information of NetBIOS information, user and group accounts, network shares, misted domains, and services, which are either running or stopped. SuperScan detects open TCP and UDP ports on a target machine and determines which services are nuining on those ports; by using this, an attacker can exploit the open port and hack your machine. As an expert ethical hacker and penetration tester, you need to enumerate target networks and extract lists of computers, user names, user groups, machine names, network resources, and services using various enumeration techniques.
Lab Objectives
The objective of tins lab is to help students learn and perform NetBIOS enumeration. NetBIOS enumeration is carried out to obtain:
■ List of computers that belong to a domain
■ List of shares on the individual hosts on the network
■ Policies and passwords
Lab Environment
To carry* out the lab , you need:
■ SuperScan tool is located at D:\CEH-Tools\CEHv8 Module 04 Enumeration\NetBIOS Enumeration Tools\SuperScan
■ You can also download the latest version of SuperScan from tins linkc http://www.mcatee.com/us/downloads/tree-tools/superscan.aspx
■ A computer running Windows Server 2012 as host machine
■ Windows 8 running on a virtual macliine as target machine
■ Administrative privileges to install and run tools
■ A web browser with an Internet connection
Lab Duration
Time: 10 Minutes
Overview of NetBIOS Enumeration
1. The purpose ot NetBIOS enumeration is to gather information, such as:
a. Account lockout threshold
b. Local groups and user accounts
c. Global groups and user accounts
2. Restnct anonymous bypass routine and also password checking:
a. Checks for user accounts with blank passwords
b. Checks for user accounts with passwords diat are same as die usernames in lower case
Lab Tasks
1. Double-click the SuperScan4 file. The SuperScan window appears.
2. Click the Windows Enumeration tab located on the top menu.
3. Enter the Hostname/IP/URL 111 the text box. in this lab, we have a Windows 8 virtual machine IP address. These IP addresses may van in lab environments.
4. Check the types of enumeration you want to perform.
5. Now, click Enumerate.
 |
| FIGURE 2.2: SuperScan main window with IP address |
 |
| FIGURE 2.3: SuperScan main window with results |
7. Wait for a while to complete the enumeration process.
8. Atter the completion of the enumeration process, an Enumeration completion message displays.
 | ||
| FIGURE 2.4: SuperScan main window with results |
10. To perform a new enumeration on another host name, click the Clear button at the top right of the window. The option erases all the previous results.
 |
| FIGURE 2.5: SuperScan main window with resul |
Analyze and document die results related to die lab exercise. Give your opinion on your target’s security posture and exposure.
Questions
1. Analyze how remote registry enumeration is possible (assuming appropriate access nghts have been given) and is controlled by the provided registry.txt tile.
2. As far as stealth is concerned, tins program, too, leaves a rather large footprint in die logs, even 111 SYN scan mode. Determine how you can avoid tins footprint 111 the logs.
 |
| Thêm chú thích |
Không có nhận xét nào:
Đăng nhận xét