Service Enumeration Lecture Notes

Overview

Series covering service enumeration topics in a 6-part playlist.
Today's focus: various service enumerations (FTP, SNMP, SMB, RDP, and NetBIOS).
Importance of understanding these protocols for networking and examination preparation.

FTP (File Transfer Protocol)
- Default port: 21.
- Used for transferring files between computers over TCP connections.
- Commands and tools will be demonstrated practically.

Identifying Targets
- Use nmap to find hosts with FTP running on port 21.
- Command: nmap -p 21 <target-ip>.
Connecting to FTP
- Connect using the command: ftp <target-ip>.
- Example login attempt with credentials:
  - Username: root
  - Password: tour
- Expect login failure if credentials are incorrect.
Brute Forcing Login Credentials
- Use of Hydra tool for brute forcing:
  - Basic flags for Hydra:
    - -l (single username)
    - -L (list of usernames)
    - -p (single password)
    - -P (list of passwords)
  - Command structure: hydra -L <usernames.txt> -P <passwords.txt> ftp://<target-ip>.
- Example password list location: /usr/share/wordlists/.
- Identify valid credentials during brute force attempts.
Accessing Files via FTP
- After successful login, use get <filename> to download files.
- Example: get secret.txt to download a file.

NetBIOS (Network Basic Input/Output System)
- Ports: 137, 138 (UDP), 139 (TCP).
- Used for file sharing and printer access over a LAN.

Using Nmap for Enumeration
- Command: nmap -sV --script nbstat <target-ip> to discover services and versions.
- Identify the workgroup and NB name of the host.
Understanding Output
- Output includes:
  - Workgroup name
  - NB name
  - MAC address of the host.

Covered service enumeration for FTP and NetBIOS.
Key tools: Nmap for scanning, Hydra for brute forcing credentials.
Importance of understanding protocol functions and enumeration techniques for exams.