Module 04 - Practical
Last updated
Last updated
Those are the steps that I took to complete the flag-hunting session, in the current module of the CEH v12 Practical Course.
Name the shared folder/drive available on the Windows Server 2019 machine.
Using Windows 11 machine CMD, type: nbtstat -c
A: \\WINDOWS11\CEH-Tools
Use the NetBIOS Enumerator to perform NetBIOS enumeration on the network (10.10.1.15 – 10.10.1.100). Enter the domain name associated with the IP address 10.10.1.22.
You can use the tool netbiosenumerator.exe from E:\CEH-Tools\CEHv12 Module 04 Enumeration\NetBIOS Enumeration Tools\NetBIOS Enumerator to get the result
Or using the Parrot Terminal, the following command:
A: CEH
Use snmp-check to enumerate a target and find the hostname of the machine at the IP address 10.10.1.22.
A: Server2022.CEH.com
What is the domain name of the machine at the IP address 10.10.1.22?
From the previous command snmp-scheck 10.10.1.22
A: CEH
Enumerate the machine at 10.10.1.22 using snmp-check and find the number of user accounts.
From the previous command snmp-scheck 10.10.1.22
A: 6
Perform SNMP enumeration using SoftPerfect Network Scanner and find the hostname of the machine at 10.10.1.9.
Remember to add Host Name at: Options > SNMP Remote
A: ubuntu.local
Perform SNMP enumeration using SoftPerfect Network Scanner and find the hostname of the machine at 10.10.1.14.
From the scan image at Flag 6
A: Android.local
Perform SNMP enumeration using SoftPerfect Network Scanner and find the Host Name of the machine at 10.10.1.22.
From the scan image at Flag 6
A: Server2022
Use SnmpWalk to perform SNMP enumeration on the Windows Server 2022 machine. Enter the option that sets a community string.
From the lab documentation:
-v specifies the SNMP version number (1 / 2c / 3)
-c sets a community string
A: -c
Use various Nmap scripts to perform SNMP enumeration on the Windows Server 2022 machine. What is the option that is used to specify a UDP scan?
A: -sU
Use various Nmap scripts to perform SNMP enumeration on the Windows Server 2022 machine. Enter the option that specifies the port to be scanned.
A: -p
Perform LDAP Enumeration using Active Directory Explorer (AD Explorer) and find the Domain Controller machine’s IP address.
User: Administrator
Pass: Pa$$w0rd
A: 10.10.1.22
Perform LDAP enumeration using Active Directory Explorer (AD Explorer) and find the userPrincipalName for the user named Jason.
A: jason@CEH.com
Use Nmap and Python commands to extract details on the LDAP server and connection. Enter the port number that is used by LDAP.
A: 389
Use Python commands to extract details on the LDAP server and connection. Enter the command used in python shell to gather information such as naming context or domain name.
Step by step:
A: server.info
Use ldapsearch to perform LDAP enumeration on the target system to gather details related to the naming contexts. Which option is used to specify simple authentication?
A: -x
Use ldapsearch to perform LDAP enumeration on the target system to obtain more information about the primary domain. Which option is used to specify the base DN for search?
A: -b
Perform NFS Enumeration using RPCScan and SuperEnum and find the port used by the NFS service on 10.10.1.19.
A: 2049
Can you perform zone transfer on the primary host of certifiedhacker.com? (Yes/No)
A: No
Perform DNS enumeration and find the “responsible mail address” for the domain certifiedhacker.com.
A: dnsadmin.box5331.bluehost.com
Perform DNS enumeration using dnsrecon and find the IP address of the name server (ns2) for certifiedhacker.com.
A: 162.159.25.175
Use nmap to perform DNS enumeration on certifiedhacker.com to gather the list of all the available DNS services on the target host along with their associated ports. What is the rDNS record for 162.241.216.11?
A: box5331.bluehost.com
Use the Nmap to perform SMTP enumeration to enumerate the list of all the possible mail users on the Windows Server 2019 machine. Enter the number of users enumerated on the target machine
A: 10
Perform SMB enumeration using NetScanTools Pro. Is SMB version 1 (SMB 1) enabled on the machine at 10.10.1.19? (Yes/No)
Term: nmap -p 445 -A 10.10.1.19
A: No
Enumerate the machine at 10.10.1.19 using Nmap and find its http-server-header.
Try: nmap -T4 -A 10.10.1.19
A: Microsoft-IIS/10.0
Perform enumeration using Global Network Inventory and find the full name of the OS installed in the machine at 10.10.1.22.
A: Microsoft Windows Server 2022 Standard
Enumerate network resources using Advanced IP Scanner and find the version of the Apache httpd service running on the machine at 10.10.1.9.
A: 2.4.52
Enumerate users on the machine at 10.10.1.22 using Enum4linux and find the relative identifier (RID) for the user “shiela.”
A: 0x451
Enumerate the machine at 10.10.1.22 using Enum4linux and find its Platform_ID.
Try: enum4linux -u martin -p apple -0 10.10.1.22
A: 500
Enumerate the machine at 10.10.1.22 using Enum4linux and find its server type.
From the previous code.
A: 0x84102f
