Lab 1: Windows Security Part I

Objectives In this lab, you will use standard Windows tools and utilities to
enumerate system and network information.

CLO: 5
Duration: 60+ min

Requirements  CIS Azure Virtual Lab (Windows 10 Machine)

Tasks  Task 1 Enumerate System and Network Information

Windows Utilities You will use the following utilities in this lab: ipconfig; ping; tracert;
netsh; netstat;

Student Notes You will be assessed on both the practical skills and theoretical knowledge
covered in this lab. This includes running the commands and knowing what
they do

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 1

Send an email for corrections or updates.
 Task 1: Enumerate System and Network
Information

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 2

Send an email for corrections or updates.
 Information Gathering:
Information gathering is a very important step in both security and testing and
hacking. Without information about the target, you cannot perform any attack.
Even non-technical information like someone’s name can be used in an attack.
How?

Windows Utilities
ipconfig:
Displays all current TCP/IP network configuration values and refreshes Dynamic
Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings.
Used without parameters, ipconfig displays Internet Protocol version 4 (IPv4) and
IPv6 addresses, subnet mask, and default gateway for all adapters.

ping:
Verifies IP-level connectivity to another TCP/IP computer by sending Internet
Control Message Protocol (ICMP) echo Request messages. The receipt of
corresponding echo Reply messages are displayed, along with round-trip times.
ping is the primary TCP/IP command used to troubleshoot connectivity,
reachability, and name resolution.

tracert:
This diagnostic tool determines the path taken to a destination by sending Internet
Control Message Protocol (ICMP) echo Request to the destination with
incrementally increasing time to live (TTL) field values. Each router along the path
is required to decrement the TTL in an IP packet by at least 1 before forwarding it.
Effectively, the TTL is a maximum link counter. When the TTL on a packet reaches
0, the router is expected to return an ICMP time Exceeded message to the source
computer.

netsh:
The Network Shell command-line scripting utility that allows you to, either locally
or remotely, display or modify the network configuration of a currently running
computer.
netsh has an interactive mode (meaning when you press the Enter key, you will
enter a subsection).

netstat:
Displays active TCP connections, ports on which the computer is listening, Ethernet
statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP
protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over
IPv6 protocols). Used without parameters, this command displays active TCP
connections.

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 3

Send an email for corrections or updates.
 Important Notes:
 Course machine = Cloud machine = Azure machine
 You will conduct all your lab activities on the cloud machine
 Kali Linux is a VM inside your cloud machine
 Windows XP is a VM inside your cloud machine

Cloud machine can be access using the following address:

https://labs.azure.com/virtualmachines

Understanding basics of Network connectivity & Networking Devices

1) Watch the video below and complete the lab activities

CIS2103 Lab Environment

https://youtu.be/-QyPAMlqXKU

2) Access and start your CIS2103 cloud machine

3) Start your Windows XP VM
4) For the main cloud machine, get system information by typing system in the Windows start

menu , and answer the following questions

What is the Operating System (OS)?

How much memory is allocated to this machine?
How much disk space do you have available?
Answer:

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 4

Send an email for corrections or updates.
 5) Click the Windows icon and type cmd
6) In the Command Prompt, try the following commands, and answer the questions that follow

ipconfig
ipconfig /all

ping IP-Address-of-WindowsXP
ping google.ae

tracert IP-Address-of-WindowsXP
tracert google.ae

netsh (press Enter)

netsh>advfirewall (press Enter)
netsh advfirewall>help (press Enter)
netsh advfirewall>show mode (press Enter)
netsh advfirewall>show allprofiles (press Enter)

netstat

If ping google.ae does not work from your cloud machine (it times out), try it from
your physical machine.

If tracert google.ae does not work from your cloud machine (it times out), try it
from your physical machine.

Some questions require research. Use the Internet or the help system.

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 5

Send an email for corrections or updates.
 7) Discover the following information for each adaptor

Windows IP Configurations
Host Name ML-RefVm-146379

Ethernet adapter Ethernet 3:

Is DHCP Enabled? yes

IPv4 Address 10.0.0.41(Preferred)

Subnet Mask 255.255.240.0

Default Gateway 10.0.0.1

DHCP Server 168.63.129.16

DNS Server 168.63.129.16

For Ethernet adapter vEthernet (Default Switch):

Is DHCP Enabled? No

IPv4 Address 172.17.64.1(Preferred)

Subnet Mask 255.255.240.0

8) Answer the following questions relating to the utilities of the lab

Answer ALL the questions below:

1. Try the commands with all caps. Is the Windows OS case-sensitive? NO
2. What is the difference between the ipconfig and ipconfig /all commands?
gives you basic IP address information on your primary network connection.
Ipconfig /all gives you status of every adapter installed on your machine ex: ip
address , DNS server info, MAC address and etc.
3. What is a Default Gateway and what does it do?
a computer network using the internet protocol suite that serves as the
forwarding host (router) to other networks when no other route specification
matches the destination IP address of a packet.

4. What is a DHCP Server and what does it do?

Host Configuration Protocol) it provides internet protocol host with its IP address
and related stuff configuration stuff such as subnet mask and default gateaway.

5. What is a DNS Server and what does it do?

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 6

Send an email for corrections or updates.
 6. Analyze the results of pinging the Windows XP machine
7. Analyze the results of the traceroute for google.ae
8. What is the status of the firewall?
9. What are the available profiles?
10. What is the state of each profile?
11. What is the policy of each profile?
12. How many connections are established?
13. One established connection should have the 3389 port in the local address.
What service is running on this port?
Answers:

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 7

Send an email for corrections or updates.
Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 8
Send an email for corrections or updates.
 9) Show the answers to your instructor
10) Discuss the questions and answer in class

*** End of Lab Activity ***

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 9

Send an email for corrections or updates.
 Review Questions

1. List the utilities you used in this lab

Ipconfig
Netsh
netshtat

2. Which Windows utility allows you to find out the possible routes between you and
another host?
A. ipconfig
B. ping
C. tracert
D. netstat

3. Which Windows utility would display the IP address of a domain like google.com?
A. ipconfig
B. ping
C. netstat
D. netsh

4. Which Windows utility allows you get the state and policy of a firewall?
A. ipconfig
B. ping
C. tracert
D. netsh

5. Which Windows utility allows you to see established connections?

A. ipconfig
B. ping
C. tracert
D. netstat

Dr. Samer Aoudi | [email protected] | CIS2103 | V1.0 June 2021 1

Send an email for corrections or updates. 0