1

Cases

By (Name)

Course

Date
 2

Memo

To: Donald Lee

From: (Name)

Date:

Re: Enumerating Systems on the Alexander Rocco Network

Dear Mr Donald Lee,

I discovered a flaw in your systems during an enumeration today, and it needs to be

addressed by you or a higher-up. Enumerating and the Open Source Security Testing

Methodology were two methods I used for testing (OSSTM). In this memo, I'll explain how I

came to my conclusions and what I recommend as a solution.

First, I utilized the Windows NetBIOS Enumeration Tools. And one of Windows' native

tools is named net view. Nbstat – an IP address and net view command to display the NetBIOS

Table was used to identify several Windows workstations with shared folders for the Help Desk

Department.It  was entered into the command prompt window. In the Excel file, I found the

email addresses and passwords of all of the company's employees. Afterwards, I discovered that

your NetBIOS systems were vulnerable to one of the most dangerous faults known to man. Data

from your Help Desk is collected using unauthenticated connections to Windows devices in this

"null session."

I conducted a Social Engineering Test to validate this vulnerability. An application's

security weaknesses can be discovered through the use of malicious techniques that probe the

system or network. A system's weak areas are exploited through a simulated assault that has been

approved by the system's developers. Once a system's vulnerability has been identified, it is

exploited to gain access to sensitive data. So I contacted the help desk and explained that I was
 3

outside the office and could not recall my email password. The individual requested my email

address and gave me the password without verifying my identity. I advise you to restrict access

to this folder by right-clicking the Start button and selecting File Explorer. Double-click Local

Disk (C:) and locate the Help Desk Department's shared folders. Right-click the folder, then

select Share with, followed by Specific People. In the Properties dialogue box, enter only the

names of people you believe should have access to this information. Or you can prohibit

everyone from sharing.

Respectfully,

(Name)
 4

INTERNAL MEMO

ROCCO CORPORATION

To: Supervisor

From:

Re: Researching Enum4linux On The Internet

Date:

On the network, we would like to run the enum4linux tool. This software is used to

discover as much information as possible about a target's shares. Enum4linux is an enumeration

utility that can detect and retrieve information from Windows and Linux computers and Samba

(SMB) servers on a network. Key aspects include:

• Listing of individuals who have access to the system 

• Cycling with RID (When RestrictAnonymous is set to 1 on Windows 2000)

• Determining whether a host belongs to a workgroup or domain

• Specification of group membership details

• Policy password retrieval (using polenum)

• Share numbering

• Recognition of the remote operating system

This software allows us to gather OS information without requiring the user to provide

credentials and lists shares on a server that requires credentials. Since we do not pose a threat to

the company, we believe this tool will help us perform our job duties more quickly and provide

us with all the necessary information.

 5

Respectfully,

(Name)