Objective: Use a range of tools to find as much information as possible about the target network’s systems. 

Machines Used: 

• Windows 10
• Windows Server 2019
• Parrot OS

Applications/Tools Used:

• Global Network Inventory
• Advanced IP Scanner
• Enum4linux

Name: Global Network Inventory

Objective: Enumerate Information using Global Network Inventory

Function:  Used as an audit scanner inside of a network, can scan a range of addresses and will output raw hardware data, AD information, running services, installed software, share drives, memory, and other info. 

Commands and Options: GUI BASED

Example Usage:

1. Under the Audit Scan Mode section, click the Single address scan radio button, and then click Next.
   1. You can also scan an IP range by clicking on the IP range scan radio button, after which you will specify the target IP range.
2. Under the Single Address Scan section, specify the target IP address in the Name field of the Single address option; Click Next.
3. The next section is Authentication Settings; select the Connect as radio button and enter the Windows Server 2016 machine credentials, and then click Next.
4. Inspect the scan summary to see what you can find.

Results: The results from the scan are very detailed but as an attacker it is doubtful that you would have not only this level of access but also have this tool installed on the system. It would provide some really good information for a systems administrator. 

Name: Advanced IP Scanner

Objective: Enumerate Network Resources using Advanced IP Scanner

Function: The program shows all network devices, gives you access to shared folders, provides remote control of computers.

Commands and Options: GUI Based

Example Usage:

1. In the IP address range field, specify the IP range. Click the Scan button.
2. The scan results appear, displaying information about active hosts in the target network such as status, machine name, IP address, manufacturer name, and MAC addresses, as shown in the screenshot.
3. Right-click any of the detected IP addresses to list available options.

Results: Like the previous tool this seems more useful to an auditor or admin doing an inventory. But rather than one host this seems to be more designed around a corporate network. 

Name: Enum4linux

Objective: Enumerate Information from Windows and Samba Hosts using Enum4linux

Function: It is described as a wrapper script that combines the rpcclient, net, nmblookup and smbclient tools. 

Commands and Options:

Basic Syntax:

• enum4linux <options> <IP Address>
• -u <user> specifies the username
• -p <pass> specifies the password

Results: A nice script that automates some enumeration using the default built in samba tools and lists out the information in an easy to read format. 

Precautions: The same as labs 1-6

Countermeasures/Mitigation: The same as labs 1-6, also try using these tools against your own network if possible.

Personal Reflection: The labs here were good for helping in the understanding of how networks are structured, and what services are running on them. The tools that were selected were a little strange from an attackers perspective, this seemed more focused on auditing and mapping out the network from a systems administrator point of view. For example tools like linPEAS, winPEAS, and CrackMapExec all offer a realistic stealthier approach to enumeration. The “attacks” shown here are loud and should be caught or stopped in seconds.  

Works Cited (MLA):

EC-Council. Certified Ethical Hacker (CEH) Version 11 eBook w/ iLabs (Volumes 1 through 4). International Council of E-Commerce Consultants (EC Council), 2020. [VitalSource Bookshelf].