Lap 01. Open Source Information Gathering using Windows Command Line Utilities. (Updating…)

02. Footprinting and Reconnaissance, CEH v10 Labs 5 Minutes

Windows offers several powerful command line utilities that help attackers as well as ethical hackers and pen testers to gather open source information about target of the evaluation.

Lab Objectives
This lab demonstrates how to use ping, nslookup, and tracert utilities to gather information about a target. The lab teaches how to:
1. Use ping utility to find the IP address of a target domain
2. Use ping utility to emulate the tracert (traceroute) command
3. Find the maximum frame size for the network
4. Identify Internet Control Message Protocol (ICMP) type and the code for echo request and echo reply packets

Lab Environment
To carry out this lab, you need
1. Administrator privileges to run the tools
2. TCP/IP settings correctly configured, and an accessible DNS server
3. Windows Server 2016 running as a machine

Overview of The Lab
Ping is a network administration utility used to test the reachability of a host on an IP network and no measure the round-trip time for messages sent from the originating host to a destination computer. The ping command sends ICMP response. During this request-response process, ping measures the time from transmission to reception, known as round-trip time, and records any loss of packets. The ICMP type and code in the ping reply provide important insight into the network.
The nslookup is a network administration command-line tool generally used for querying the Domain Name System (DNS) to obtain a domain name or IP address mapping or for any other specific DNS record.
The traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an IP network.

Lab Tasks

Task 1 | Finding IP Address of a Target Domain

  • 1. Find the IP address for http://www.certifiedhacker.com
  • 2. Right-click the Windows icon at the lower-left corner of the screen.
  • 3. Click Command Prompt form the context menu to launch.
  • 4. Type ping http://www.certifiedhacker.com in the command prompt window, and press Enter to find its IP address. The displayed response should be similar to the one shown in the following screenshot.
  • 5. Note the target domain’s IP address in the result above: . You also get information on Ping Statistics, such as packets sent, packets received, packets lost, and Approximate round-trip time. (The IP address may differ in your lab environment.)
Windows 10 : I did the same thing with WS2016, because I just want to know what is different between of two.
Windows Server 2016
Kali Linux: Also I want to know what is the outcome in Kali Linux.
For the command, ping -c count, specify the number of echo requests to send.

Task 2 | Finding Maximum Frame Size

  • 6. Now, find the maximum frame size on the network. In the command prompt window, type ping http://www.certifiedhacker.com -f -l 1500 (-f switch sets the Do Not Fragment bit on the ping packet. By default, the ping packet allows fragmentation.) (In the ping command, the -l size option means to send the buffer size.)
  • 7. The response, Packet needs to be fragmented but DF set, means that the frame is too large to be on the network and needs to be fragmented. Since we used -f switch with the ping command, the packet was not sent, and the ping command returned this error.
  • 8. Type ping http://www.certifiedhacker.com -f -l 1300
  • 9. Observe that the maximum packet size is less than 1500 bytes and more than 1300 bytes.
  • 10. Now, try different values until you find the maximum frame size. For instance, ping http://www.certifiedhacker.com -f -l 1473 replies with Packet needs to be fragmented but DF set, and ping http://www.certifiedhacker.com -f -l 1472 replies with a successful ping. It indicates that 1472 bytes is the maximum frame size on this machine’s network. (The maximum frame size will differ depending upon on the target network.)
  • 11. Now, find out what happens when TTL (Time to Live) expires. Every frame on the network has TTL defined. If TTL reaches 0, the router discards the packet. This mechanism prevents the loss of packets.
  • 12. In the command prompt, type ping http://www.certifiedhacker.com -i 3. This option sets the time to live (-i) value as 3. (The maximum value you can set for TTL is 255.) (The ping command, “ping -i wait,” means wait time, that is the number of seconds to wait between each ping.)
  • 13. Reply from .: TTL expired in expired in transit means that the router discarded the frame, because its TTL has expired (reached 0). (The router discards packets when TTL reaches 0 value.)
I couldn’t get the same result: TTL expired in transit. but succeed on every value. I’ll figure out about this next time.

Task 3 | Emulate Tracert

  • 14. We will use the ping command to emulate a traceroute.
  • 15. Find the traceroute from your PC to http://www.certifiedhacker.com using the tracert command. ( Traceroute sends a sequence of Internet Control Message Protocol [ICMP] echo request packets addressed to a destination host.)
  • 16. The results you receive might differ from in this lab.
  • 17. Launch a new command prompt and type tracert http://www.certifiedhacker.com. This command traceroutes the network configuration information of the target domain.
You should type traceroute, not tracert in Kali.
  • 18. Minimize the command prompt shown above and launch a new command prompt. In the command prompt window, type ping http://www.certifiedhacker.com -i 2 -n 1. The only difference from the previous ping command is that we are setting the TTL to two in an attempt to check the life span of the packet.
  • 19. In the command prompt window, type ping http://www.certifiedhacker.com -3 -n 1. This sets the TTL value to 3.
  • 20. Observe that there is a reply coming from the IP address and there is no packet loss
  • 22. Repeat the above step until you reach the IP address for http://www.certifiedhacker.com.
  • 23. Here the successful ping to reach http://www.certifiedhacker.com is 17 hops. The output will be similar to the trace route results.
  • 24. This implies that, at a time to live value of 17, the reply is received from the destination host.
  • 25. Make a not of all the IP addresses from which you receive a reply during the ping to emulate tracert.

Task 4 | Launch nslookup terminal

  • 26. Launch a new command prompt, type nslookup, and press Enter. This displays the default server and its address assigned to Windows Server 2016 machine.

Task 5 | Obtain the IP Address of the Target Domain using nslookup

  • 27. In the nslookup interactive mode, type set type=a and press Enter. Setting the type as a configures nslookup to query for the IP address of a given domain.
  • 28. Type the target domain http://www.certifiedhacker.com and press Enter. This resolves the IP address and displays the the result shown in the following screenshot:
  • 29. The firt two lines in the result are:
  • 30. Thus, if the response is coming from your local machine’s server, but not the server that legitimately hosts the domain http://www.certifiedhacker.com, it is considered to be a non-authoritative answer.
  • 31. Since the result returned is non-authoritative, you need to obtain the domain’s authoritative name server.
Unknown's avatar

Published by Gray

Published

Leave a comment