Unlimited Attempts AllowedDetails
Virtual Labs: Enumeration
Consider what you have learned so far about Enumeration as you review the objectives and scenario below. Complete the lab that follows on EC-Council’s website using the link below.
Objective
The objective of this lab is to provide expert knowledge on network enumeration and other responsibilities that include:
- User name and user groups
- Lists of computers, their operating systems, and ports
- Machine names, network resources, and services
- Lists of shares on individual hosts on the network
- Policies and passwords
Scenario
With the development of network technologies and applications, network attacks are greatly increasing both in number and severity. Attackers always look for Service vulnerabilities: Application vulnerabilities on a network or servers. If attackers find a flaw or loophole in a service run over the Internet, they will immediately use it to compromise the entire system and other data found, and thus compromise other network systems.
Similarly, if they find a workstation with administrative privileges with faults in that workstation’s applications, they can execute an arbitrary code or implant viruses to intensify the damage to the network.
As a key technique in the network security domain, an Intrusion Detection System (IDS) plays a vital role in detecting various kinds of attacks and securing the networks. Therefore, as an administrator, you should make sure that services do not run as the root user, and should be cautious of patches and updates for applications from vendors or security organizations such as CERT and CVE. Safeguards can be implemented so that email client software does not automatically open or execute attachments.
In the first step of a security assessment and penetration testing of your organization, you have collected open-source information about your organization. Now, you need to perform enumeration on the network. In this step, you have to probe the target network further to collect more details, such as network machines, users, and shared folders.
As an Expert Ethical Hacker and Penetration Tester, you must know how to enumerate target networks and extract lists of computers, user names, user groups, ports, operating systems, machine names, network resources, and services, using various enumeration techniques.
The lab this week will provide you with real-time experience in using enumeration techniques.
Week 3 Lab Assignment 1: Performing Network Enumeration using SuperScan.
Lab Task:
The objective of this lab is to help students learn and perform NetBIOS enumeration, which is carried out to obtain:
- Lists of computers that belong to a domain
- Lists of shares on the individual hosts on the network
- Policies and passwords
Lab Description:
During enumeration, information is systematically collected and individual systems are identified. Pen testers examine systems in their entirety to evaluate security weaknesses. In this lab, we extract NetBIOS information, User and Group Accounts, Network shares, and Trusted Domains and Services (running or stopped). SuperScan detects open TCP and UDP ports on target machines and determines which services are running on them, allowing attackers to exploit these open ports and hack target machines.
As an Expert Ethical Hacker and Penetration Tester, you can thus use SuperScan to enumerate target networks and extract lists of computers, user names, user groups, machine names, network resources, and services.
Access the lab here: EC-Council | iLabs (Links to an external site.)
Submit proof of this assignment completion by uploading and submitting a screenshot of the graded lab from EC-Council Labs. Refer to the Course Projects page for more information on project submissions.