Week 5 - Target Enumeration and Uncovering Real IPs

As always, any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. All practical exercises were conducted on authorized target domains.

Week 5 of Ethical Hacking and Penetration Testing moved us from discovering targets into actively enumerating them. Led by S. Pradono Suryodiningrat, the lecture focused on extracting highly specific information from our targets—things like network shares, active usernames, passwords, and the exact operating systems running on the machines.

Here are my notes from the session, followed by the results of our practical lab assignment.

The Theory: Enumerating Environments 

Enumeration is an intrusive process. We looked heavily into enumerating Microsoft operating systems, specifically utilizing NetBIOS over TCP/IP (NBT). We practiced installing and using nbtscan on our Kali Linux setups to scan ranges of IP addresses.

We also reviewed more advanced vulnerability scanners and enumeration tools, specifically:

  • DumpSec and Hyena: For Microsoft OS enumeration.

  • Nessus: A heavy-duty client used to identify NetBIOS names, shared resources, OS versions, and specific firewall vulnerabilities.

  • Service Enumeration Tools: Amap, Httprint, Httsquash, and Ike-scan.

Practical Assignment: Unmasking pentest.id 

For our assignment, we were given a live target network space: pentest.id

The goal was to enumerate the users for wp1.pentest.id and jo1.pentest.id, find their real IP addresses, and enumerate an email address associated with the domain.

Here is how I broke it down and what I found:

  • Finding the Real IPs: I started my reconnaissance using theHarvester (with the crtsh source) and ran a dig MX pentest.id query to pull the DNS records. During the testing process, I discovered that both the wp1 and jo1 subdomains were actually sharing the same IP addresses.

    Digging deeper to find legitimate, distinct infrastructure on the domain, I successfully identified two different IP addresses:

    1. 120.89.92.81 (smtp.pentest.id) - Geolocation data placed this IP in Jakarta, Indonesia, under the ISP PT Royal Audrey Megah.

    2. 209.141.59.59 (mdw2.pentest.id) - This IP was traced to Las Vegas, Nevada, operating under FranTech Solutions (PONYNET).

  • Email Enumeration: To find an email address tied to the domain, I utilized h8mail combined with my Hunter.io API key. By running a domain search through the API, I successfully extracted the email address kalpin@pentest.id. I cross-referenced this online via the Hunter dashboard to verify the finding.

It is incredibly satisfying to see the footprinting and discovery techniques from previous weeks finally piece together into actionable intelligence.

Comments

Post a Comment

Popular posts from this blog

Week 2 - Target Scoping and Information Gathering

Here is a draft for your Week 2 blog post, keeping that same grounded, realistic student perspective. Just a reminder as required by the course: any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. Week 2 of Ethical Hacking is here, and my Kali Linux VM is finally set up and running smoothly. This week, we moved past the legal definitions and jumped right into the first two steps of the Kali Linux Testing Methodology: Target Scoping and Information Gathering. To prepare, our reading assignment was chapters 3 and 4 from Kali Linux: Assuring Security By Penetration Testing (KLASPT). Here are my notes on the early phases of a penetration test. Step 1: Target Scoping Before you even think about touching a network or firing up a terminal, you have to define the scope of the test. This is arguably the most important part from a legal and professional standpoint. Scoping ...
Read more

Week 1 - Intro to Ethical Hacking and Building the Lab

As required by the course guidelines, any tools, techniques, and tutorials shared on this blog are strictly for educational purposes . I am not responsible for any misuse of the information or tools demonstrated here. We just had our first session for the Ethical Hacking & Pen Test course at BINUS University International . Our lecturer, Pak Kalpin Erlangga Silaen , laid out the syllabus, the ground rules, and what we will be covering this semester. The main objective of the course is straightforward: get hands-on experience with hacking tools and penetration testing techniques . We will be walking through the complete ethical hacking cycle, which includes information gathering, enumeration, system hacking, privilege escalation, and covering tracks . Our main textbook for the semester is Mastering Kali Linux by Noah Hardy . Course Policies and Ethics One thing made very clear today is that professional ethics are non-negotiable in this field. We are actually expected to sign an a...
Read more