Network 101
Network 101
Purpose
Configure and test common network services (HTTP, HTTPS, SNMP, SMB) for penetration testing lab environments. Enable hands-on practice with service enumeration, log analysis, and security testing against properly configured target systems.
Inputs/Prerequisites
- Windows Server or Linux system for hosting services
- Kali Linux or similar for testing
- Administrative access to target system
- Basic networking knowledge (IP addressing, ports)
- Firewall access for port configuration
Outputs/Deliverables
- Configured HTTP/HTTPS web server
- SNMP service with accessible communities
- SMB file shares with various permission levels
- Captured logs for analysis
- Documented enumeration results
Core Workflow
1. Configure HTTP Server (Port 80)
Set up a basic HTTP web server for testing:
Windows IIS Setup:
- Open IIS Manager (Internet Information Services)
- Right-click Sites → Add Website
- Configure site name and physical path
- Bind to IP address and port 80
Linux Apache Setup:
# Install Apache
sudo apt update && sudo apt install apache2
# Start service
sudo systemctl start apache2
sudo systemctl enable apache2
# Create test page
echo "<html><body><h1>Test Page</h1></body></html>" | sudo tee /var/www/html/index.html
# Verify service
curl http://localhost
Configure Firewall for HTTP:
# Linux (UFW)
sudo ufw allow 80/tcp
# Windows PowerShell
New-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
2. Configure HTTPS Server (Port 443)
Set up secure HTTPS with SSL/TLS:
Generate Self-Signed Certificate:
# Linux - Generate certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt
# Enable SSL module
sudo a2enmod ssl
sudo systemctl restart apache2
Configure Apache for HTTPS:
# Edit SSL virtual host
sudo nano /etc/apache2/sites-available/default-ssl.conf
# Enable site
sudo a2ensite default-ssl
sudo systemctl reload apache2
Verify HTTPS Setup:
# Check port 443 is open
nmap -p 443 192.168.1.1
# Test SSL connection
openssl s_client -connect 192.168.1.1:443
# Check certificate
curl -kv https://192.168.1.1
3. Configure SNMP Service (Port 161)
Set up SNMP for enumeration practice:
Linux SNMP Setup:
# Install SNMP daemon
sudo apt install snmpd snmp
# Configure community strings
sudo nano /etc/snmp/snmpd.conf
# Add these lines:
# rocommunity public
# rwcommunity private
# Restart service
sudo systemctl restart snmpd
Windows SNMP Setup:
- Open Server Manager → Add Features
- Select SNMP Service
- Configure community strings in Services → SNMP Service → Properties
SNMP Enumeration Commands:
# Basic SNMP walk
snmpwalk -c public -v1 192.168.1.1
# Enumerate system info
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.1
# Get running processes
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.25.4.2.1.2
# SNMP check tool
snmp-check 192.168.1.1 -c public
# Brute force community strings
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt 192.168.1.1
4. Configure SMB Service (Port 445)
Set up SMB file shares for enumeration:
Windows SMB Share:
- Create folder to share
- Right-click → Properties → Sharing → Advanced Sharing
- Enable sharing and set permissions
- Configure NTFS permissions
Linux Samba Setup:
# Install Samba
sudo apt install samba
# Create share directory
sudo mkdir -p /srv/samba/share
sudo chmod 777 /srv/samba/share
# Configure Samba
sudo nano /etc/samba/smb.conf
# Add share:
# [public]
# path = /srv/samba/share
# browsable = yes
# guest ok = yes
# read only = no
# Restart service
sudo systemctl restart smbd
SMB Enumeration Commands:
# List shares anonymously
smbclient -L //192.168.1.1 -N
# Connect to share
smbclient //192.168.1.1/share -N
# Enumerate with smbmap
smbmap -H 192.168.1.1
# Full enumeration
enum4linux -a 192.168.1.1
# Check for vulnerabilities
nmap --script smb-vuln* 192.168.1.1
5. Analyze Service Logs
Review logs for security analysis:
HTTP/HTTPS Logs:
# Apache access log
sudo tail -f /var/log/apache2/access.log
# Apache error log
sudo tail -f /var/log/apache2/error.log
# Windows IIS logs
# Location: C:\inetpub\logs\LogFiles\W3SVC1\
Parse Log for Credentials:
# Search for POST requests
grep "POST" /var/log/apache2/access.log
# Extract user agents
awk '{print $12}' /var/log/apache2/access.log | sort | uniq -c
Quick Reference
Essential Ports
| Service | Port | Protocol |
|---|---|---|
| HTTP | 80 | TCP |
| HTTPS | 443 | TCP |
| SNMP | 161 | UDP |
| SMB | 445 | TCP |
| NetBIOS | 137-139 | TCP/UDP |
Service Verification Commands
# Check HTTP
curl -I http://target
# Check HTTPS
curl -kI https://target
# Check SNMP
snmpwalk -c public -v1 target
# Check SMB
smbclient -L //target -N
Common Enumeration Tools
| Tool | Purpose |
|---|---|
| nmap | Port scanning and scripts |
| nikto | Web vulnerability scanning |
| snmpwalk | SNMP enumeration |
| enum4linux | SMB/NetBIOS enumeration |
| smbclient | SMB connection |
| gobuster | Directory brute forcing |
Constraints
- Self-signed certificates trigger browser warnings
- SNMP v1/v2c communities transmit in cleartext
- Anonymous SMB access is often disabled by default
- Firewall rules must allow inbound connections
- Lab environments should be isolated from production
Examples
Example 1: Complete HTTP Lab Setup
# Install and configure
sudo apt install apache2
sudo systemctl start apache2
# Create login page
cat << 'EOF' | sudo tee /var/www/html/login.html
<html>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
EOF
# Allow through firewall
sudo ufw allow 80/tcp
Example 2: SNMP Testing Setup
# Quick SNMP configuration
sudo apt install snmpd
echo "rocommunity public" | sudo tee -a /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
# Test enumeration
snmpwalk -c public -v1 localhost
Example 3: SMB Anonymous Access
# Configure anonymous share
sudo apt install samba
sudo mkdir /srv/samba/anonymous
sudo chmod 777 /srv/samba/anonymous
# Test access
smbclient //localhost/anonymous -N
Troubleshooting
| Issue | Solution |
|---|---|
| Port not accessible | Check firewall rules (ufw, iptables, Windows Firewall) |
| Service not starting | Check logs with journalctl -u service-name |
| SNMP timeout | Verify UDP 161 is open, check community string |
| SMB access denied | Verify share permissions and user credentials |
| HTTPS certificate error | Accept self-signed cert or add to trusted store |
| Cannot connect remotely | Bind service to 0.0.0.0 instead of localhost |
More from zebbern/claude-code-guide
sql injection testing
This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.
68top 100 web vulnerabilities reference
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
65pentest checklist
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
63wordpress penetration testing
This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.
63security scanning tools
This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.
62active directory attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
61