IT Network Security Lab #01
B. Tech CSF V Semester
By: Dr. Akashdeep Bhardwaj
Lab Objective: Troubleshoot Network without using tools
Description: Perform basic network information gathering without using any tools, use just Windows
command line utilities to gather network information OR troubleshoot. These commands can also be used
to run living-off-the-land (LOTL) commands when connected on any victim’s system remotely & using in
form of ‘Fileless Malware’ attacks.
Attackers are increasingly making use of tools already installed on targeted computers or are running
simple scripts and shellcode directly in memory. Creating less new files on the hard disk means less chance
of being detected by traditional security tools and therefore minimizes the risk of an attack being blocked.
Requirements:
• Windows 10 OS/VM
• Administrator privileges to run commands
Step 1: Logon as Admin to the Windows OS.
Step 2: Check execution of the below mentioned commands.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Objectives
List IP configuration, host name, adapter installed and MAC address
View/Access the Windows OS Group Policies implemented
Flushe the DNS resolver cache of the system
Discover who is logged/connected to the system
Purge and reload the remote cache name table
Lists local NetBIOS names
Detect error when browsing WINS or NetBIOS
The ‘b’ switch links each used port with its application
Shows open ports of the Windows system
Retrieve list of network connections
Show user accounts for the computer
Specifies computers available in a specific domain
Resolve IP to Hostname (try using Facebook or Twitter IP)
Shows the Logon server
Confirms whether the port is open
Locates lines with number 15868 and redisplays every one second
17. Shows open ports with LISTENING status
Commands
C:\> ipconfig /all
C:\> Gpresult
Ipconfig /flushdns
nbtstat -a <System name>
nbtstat -R
nbtstat -n
nbtstat -r
netstat -ab
netstat -an
net use
net user
net view / domain
ping -a <IP Address>
set L
telnet <IP> <port>
netstat -an 1 | find
“15868”
netstat -an | find
“LISTENING”
Step 3: Create a batch file of the following commands and execute them on your VM.
1. Information Gathering done by Hacker Group ‘Waterbug’
• Systeminfo
• net view
• net view /domain
• tasklist /v
• gpresult /z
• netstat –nao
• ipconfig /all
• arp –a
• net share
• net use
• net user administrator
• net user /domain
• net user administrator /domain
• tasklist /fi
• dir %systemdrive%\Users\*.*
• dir %userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*
• dir %userprofile%\Desktop\*.*
2. Information Gathering done by Hacker Group ‘Appleworm/Lazarus’
• hostname
• whoami
• ver
• ipconfig -all
• ping www.google.com
• query user
• net user
• net view
• net view /domain
• reg query \"HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\"
• tasklist /svc
• netstat -ano | find \TCP\
• msdtc [IP] [port]
3. Information Gathering done by Hacker Group ‘Billbug’
• net user
• ipconfig /all
• net start
• systeminfo
• gpresult
Lab #01 Assignment: Execute the commands for each hacker group on the victim VM. You have a choice
to execute them using batch files or MSF payloads or document macros to run them automatically.
Gather the output in screenshots as objective for this lab for each of the group’s attack commands.
Note:
• Submit only WORD DOCX. Do not copy experiments from others OR share your work with others.
• Those who copy from others or share their documents with others will be graded as ZERO.