Lab 5 - DNS Enumeration and NetBIOS Enumeration

Description: In this lab, we will do Enumeration. Enumeration is defined as the process of

extracting user names, machine names, network resources, shares and services from a system.
Actually, there are various types of enumeration techniques, but the major ones are-
• DNS Enumeration
• NetBIOS Enumeration

Part 1 - DNS Enumeration - DNS enumeration is the process of locating all the DNS servers
and their corresponding records for an organization. DNS enumeration will yield usernames,
computer names, and IP addresses of potential target systems. The list of DNS record provides
an overview of types of resource records (database records) stored in the zone files of the Domain
Name System (DNS). The DNS implements a distributed, hierarchical, and redundant database
for information associated with Internet domain names and addresses.

DNS Zone Transfer is a process where a DNS server passes a copy of part of its data
base (which is called a “zone”) to another DNS server. DNS Zone Transfer used to
replicate DNS data across a number of DNS servers or to back up DNS files. A user or
server will perform a specific zone transfer request from a ―name server. If the name
server allows zone transfers by an anonymous user to occur, all the DNS names and IP
addresses hosted by the name server will be returned in human-readable ASCII text.

Requirements for the lab: Kali Linux / Parrot OS

Step 1: Launch your Kali virtual machine and log in

Step 2: Launch a Terminal window
Step 3: At the prompt, enter: dnsenum zonetransfer.me
Step 4: Once this is done, write down your observations and answer questions given below,
based on your observations.
Step 5: Now, you can use a different command to give some more information, open a
separate terminal and type host zonetransfer.me
Step 6: Now, to get information about the name server, type in terminal - host –t ns
zonetransfer.me
Step 7: Now, in order to perform zone transfer, write down the name of the name server that
you got from the previous command, and type in terminal – host –l zonetransfer.me
nsztm1.digi.ninja
(The name of the name server is written at last).
Step 8: Now, we can also use another command to do the zone transfer and get some useful
information, open a separate terminal and type dig zonetransfer.me NAME OF THE NAME
SERVER ( e.g. nsztm1.digi.ninja)
Step 9: Now, in order to get some more information about the target, the attacker may use
nslookup command.Open a separate terminal and type nslookup zonetransfer.me
Note: It will take several minutes to run the scan.

Question 1: Do you see any crucial information after doing DNS enumeration?

If yes, please write some of them below:

Question 2: Do you see any mail servers?

If yes, please write some of them below:?

Question 3: Do you see any name servers?

If yes, please write some of them below:?

Part 2 - NetBIOS Enumeration – NetBIOS stands for Network Basic Input Output System. It
allows computer communication over a LAN and allows them to share files and printers.
NetBIOS names are used to identify network devices over TCP/IP (Windows).

It must be unique on a network, limited to 16 characters where 15 characters are used for the
device name and the 16th character is reserved for identifying the type of services running or name
record type.

Attackers use the NetBIOS enumeration to obtain:

 List of computers that belongs to a domain

 List of shares on the individual hosts on the network
 Policies and passwords

Requirements for the lab: Windows OS and metasploitable VM

Step 1: Launch your Windows virtual machine and log in

Step 2: Launch a Terminal window (cmd)
Step 3: At the prompt, enter: nbtstat –a ip address of target
Step 4: In ip address, you should write down the ip address of your metasploitable machine
Step 5: Now, observe the output given by the command and based on that answer the
following questions

Question 1: Do you see any workgroup related information?

If yes, please write some of them below: