Network 101
Purpose
Configure and test common network services (HTTP, HTTPS, SNMP, SMB) for penetration testing lab environments. Enable hands-on practice with service enumeration, log analysis, and security testing against properly configured target systems.
Inputs/Prerequisites
- Windows Server or Linux system for hosting services
- Kali Linux or similar for testing
- Administrative access to target system
- Basic networking knowledge (IP addressing, ports)
- Firewall access for port configuration
Outputs/Deliverables
- Configured HTTP/HTTPS web server
- SNMP service with accessible communities
- SMB file shares with various permission levels
- Captured logs for analysis
- Documented enumeration results
Core Workflow
1. Configure HTTP Server (Port 80)
Set up a basic HTTP web server for testing:
Windows IIS Setup:
- Open IIS Manager (Internet Information Services)
- Right-click Sites β Add Website
- Configure site name and physical path
- Bind to IP address and port 80
Linux Apache Setup:
sudo apt update && sudo apt install apache2
sudo systemctl start apache2
sudo systemctl enable apache2
echo "<html><body><h1>Test Page</h1></body></html>" | sudo tee /var/www/html/index.html
curl http://localhost
Configure Firewall for HTTP:
sudo ufw allow 80/tcp
New-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
2. Configure HTTPS Server (Port 443)
Set up secure HTTPS with SSL/TLS:
Generate Self-Signed Certificate:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt
sudo a2enmod ssl
sudo systemctl restart apache2
Configure Apache for HTTPS:
sudo nano /etc/apache2/sites-available/default-ssl.conf
sudo a2ensite default-ssl
sudo systemctl reload apache2
Verify HTTPS Setup:
nmap -p 443 192.168.1.1
openssl s_client -connect 192.168.1.1:443
curl -kv https://192.168.1.1
3. Configure SNMP Service (Port 161)
Set up SNMP for enumeration practice:
Linux SNMP Setup:
sudo apt install snmpd snmp
sudo nano /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
Windows SNMP Setup:
- Open Server Manager β Add Features
- Select SNMP Service
- Configure community strings in Services β SNMP Service β Properties
SNMP Enumeration Commands:
snmpwalk -c public -v1 192.168.1.1
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.1
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.25.4.2.1.2
snmp-check 192.168.1.1 -c public
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt 192.168.1.1
4. Configure SMB Service (Port 445)
Set up SMB file shares for enumeration:
Windows SMB Share:
- Create folder to share
- Right-click β Properties β Sharing β Advanced Sharing
- Enable sharing and set permissions
- Configure NTFS permissions
Linux Samba Setup:
sudo apt install samba
sudo mkdir -p /srv/samba/share
sudo chmod 777 /srv/samba/share
sudo nano /etc/samba/smb.conf
sudo systemctl restart smbd
SMB Enumeration Commands:
smbclient -L //192.168.1.1 -N
smbclient //192.168.1.1/share -N
smbmap -H 192.168.1.1
enum4linux -a 192.168.1.1
nmap --script smb-vuln* 192.168.1.1
5. Analyze Service Logs
Review logs for security analysis:
HTTP/HTTPS Logs:
sudo tail -f /var/log/apache2/access.log
sudo tail -f /var/log/apache2/error.log
Parse Log for Credentials:
grep "POST" /var/log/apache2/access.log
awk '{print $12}' /var/log/apache2/access.log | sort | uniq -c
Quick Reference
Essential Ports
| Service |
Port |
Protocol |
| HTTP |
80 |
TCP |
| HTTPS |
443 |
TCP |
| SNMP |
161 |
UDP |
| SMB |
445 |
TCP |
| NetBIOS |
137-139 |
TCP/UDP |
Service Verification Commands
curl -I http://target
curl -kI https://target
snmpwalk -c public -v1 target
smbclient -L //target -N
Common Enumeration Tools
| Tool |
Purpose |
| nmap |
Port scanning and scripts |
| nikto |
Web vulnerability scanning |
| snmpwalk |
SNMP enumeration |
| enum4linux |
SMB/NetBIOS enumeration |
| smbclient |
SMB connection |
| gobuster |
Directory brute forcing |
Constraints
- Self-signed certificates trigger browser warnings
- SNMP v1/v2c communities transmit in cleartext
- Anonymous SMB access is often disabled by default
- Firewall rules must allow inbound connections
- Lab environments should be isolated from production
Examples
Example 1: Complete HTTP Lab Setup
sudo apt install apache2
sudo systemctl start apache2
cat << 'EOF' | sudo tee /var/www/html/login.html
<html>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
EOF
sudo ufw allow 80/tcp
Example 2: SNMP Testing Setup
sudo apt install snmpd
echo "rocommunity public" | sudo tee -a /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
snmpwalk -c public -v1 localhost
Example 3: SMB Anonymous Access
sudo apt install samba
sudo mkdir /srv/samba/anonymous
sudo chmod 777 /srv/samba/anonymous
smbclient //localhost/anonymous -N
Troubleshooting
| Issue |
Solution |
| Port not accessible |
Check firewall rules (ufw, iptables, Windows Firewall) |
| Service not starting |
Check logs with journalctl -u service-name |
| SNMP timeout |
Verify UDP 161 is open, check community string |
| SMB access denied |
Verify share permissions and user credentials |
| HTTPS certificate error |
Accept self-signed cert or add to trusted store |
| Cannot connect remotely |
Bind service to 0.0.0.0 instead of localhost |
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
