Professional Documents
Culture Documents
Lab Objectives
Task 1: Perform NetBIOS enumeration using Windows command-line utilities
Task 2: Perform NetBIOS enumeration using NetBIOS Enumerator
Task 3: Perform NetBIOS enumeration using an NSE Script
Task 4: Perform SMTP enumeration using Telnet
Task 5: Perform SMTP Enumeration using smtp-user-enum package
*NOTE: The IP subnets will vary depending on your VMWare Workstation
Virtual Network Editor Setting. Use the appropriate subnets and IP Addresses
based on your system setup.
11. Ensure the date and time between the Windows 10 and Windows 2K Server
is within 1 minute of each other.
12. Perform the windows drive mapping in step 7.
13. Type net use to view the mapping status.
14. Using this information, the attackers can read or write to a remote computer
system, depending on the availability of shares, or even launch a DoS attack.
7. Click on the expand icon (+) to the left of the 192.168.17.133 in the left pane
of the window. Then click on the expand icon to the left of NetBIOS Names to
display NetBIOS details of the target IP address, as shown in the screenshot.
8. This enumerated NetBIOS information can be used to strategize an attack on
the target.
___________________________________________________
Q. What do the numbers in < > signify? Google search or ask ChatGPT for
the answer.
Overview of SMTP Enumeration
Source: https://www.geeksforgeeks.org/smtp-enumeration/
SMTP (Simple Mail Transfer Protocol) is a set of communication guidelines that
allow web applications to perform communication tasks over the internet, including
emails. It is a part of the TCP/IP protocol and works on moving emails across the
network. SMTP enumeration allows us to identify valid users on the SMTP server.
This is done with the built-in SMTP commands using them. VRFY – This command
is used to authenticate the user. EXPN – This command displays the actual mailing
address for aliases and mailing lists. RCPT TO – It identifies the recipient of the
message. SMTP enumeration is a technique used to enumerate the SMTP service
that is running on the target server.
Pre-Defined Commands:
VRFY: It is used to validate the user on the server.
EXPN: It is used to find the delivery address of mail aliases
RCPT TO: It points to the recipient’s address.
6. Type vrfy [email user] (where email user is the account to enumerate, in this
example email user is root)
Email user root exists.
7. Type vrfy me to enumerate email account me
_____________________________________________________
______________________________________________________
Q. What other files are found in /usr/wordlists/metasploit directory?
______________________________________________________