| name | network-101 |
| description | Configure and test common network services (HTTP, HTTPS, SNMP, SMB) for penetration testing lab environments. Enable hands-on practice with service enumeration, log analysis, and security testing against properly configured target systems. |
| risk | unknown |
| source | community |
| author | zebbern |
| date_added | 2026-02-27 |
Network 101
Purpose
Configure and test common network services (HTTP, HTTPS, SNMP, SMB) for penetration testing lab environments. Enable hands-on practice with service enumeration, log analysis, and security testing against properly configured target systems.
Inputs/Prerequisites
- Windows Server or Linux system for hosting services
- Kali Linux or similar for testing
- Administrative access to target system
- Basic networking knowledge (IP addressing, ports)
- Firewall access for port configuration
Outputs/Deliverables
- Configured HTTP/HTTPS web server
- SNMP service with accessible communities
- SMB file shares with various permission levels
- Captured logs for analysis
- Documented enumeration results
Core Workflow
1. Configure HTTP Server (Port 80)
Set up a basic HTTP web server for testing:
Windows IIS Setup:
- Open IIS Manager (Internet Information Services)
- Right-click Sites → Add Website
- Configure site name and physical path
- Bind to IP address and port 80
Linux Apache Setup:
sudo apt update && sudo apt install apache2
sudo systemctl start apache2
sudo systemctl enable apache2
echo "<html><body><h1>Test Page</h1></body></html>" | sudo tee /var/www/html/index.html
curl http://localhost
Configure Firewall for HTTP:
sudo ufw allow 80/tcp
New-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
2. Configure HTTPS Server (Port 443)
Set up secure HTTPS with SSL/TLS:
Generate Self-Signed Certificate:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt
sudo a2enmod ssl
sudo systemctl restart apache2
Configure Apache for HTTPS:
sudo nano /etc/apache2/sites-available/default-ssl.conf
sudo a2ensite default-ssl
sudo systemctl reload apache2
Verify HTTPS Setup:
nmap -p 443 192.168.1.1
openssl s_client -connect 192.168.1.1:443
curl -kv https://192.168.1.1
3. Configure SNMP Service (Port 161)
Set up SNMP for enumeration practice:
Linux SNMP Setup:
sudo apt install snmpd snmp
sudo nano /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
Windows SNMP Setup:
- Open Server Manager → Add Features
- Select SNMP Service
- Configure community strings in Services → SNMP Service → Properties
SNMP Enumeration Commands:
snmpwalk -c public -v1 192.168.1.1
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.1
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.25.4.2.1.2
snmp-check 192.168.1.1 -c public
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt 192.168.1.1
4. Configure SMB Service (Port 445)
Set up SMB file shares for enumeration:
Windows SMB Share:
- Create folder to share
- Right-click → Properties → Sharing → Advanced Sharing
- Enable sharing and set permissions
- Configure NTFS permissions
Linux Samba Setup:
sudo apt install samba
sudo mkdir -p /srv/samba/share
sudo chmod 777 /srv/samba/share
sudo nano /etc/samba/smb.conf
sudo systemctl restart smbd
SMB Enumeration Commands:
smbclient -L //192.168.1.1 -N
smbclient //192.168.1.1/share -N
smbmap -H 192.168.1.1
enum4linux -a 192.168.1.1
nmap --script smb-vuln* 192.168.1.1
5. Analyze Service Logs
Review logs for security analysis:
HTTP/HTTPS Logs:
sudo tail -f /var/log/apache2/access.log
sudo tail -f /var/log/apache2/error.log
Parse Log for Credentials:
grep "POST" /var/log/apache2/access.log
awk '{print $12}' /var/log/apache2/access.log | sort | uniq -c
Quick Reference
Essential Ports
| Service | Port | Protocol |
|---|
| HTTP | 80 | TCP |
| HTTPS | 443 | TCP |
| SNMP | 161 | UDP |
| SMB | 445 | TCP |
| NetBIOS | 137-139 | TCP/UDP |
Service Verification Commands
curl -I http://target
curl -kI https://target
snmpwalk -c public -v1 target
smbclient -L //target -N
Common Enumeration Tools
| Tool | Purpose |
|---|
| nmap | Port scanning and scripts |
| nikto | Web vulnerability scanning |
| snmpwalk | SNMP enumeration |
| enum4linux | SMB/NetBIOS enumeration |
| smbclient | SMB connection |
| gobuster | Directory brute forcing |
Constraints
- Self-signed certificates trigger browser warnings
- SNMP v1/v2c communities transmit in cleartext
- Anonymous SMB access is often disabled by default
- Firewall rules must allow inbound connections
- Lab environments should be isolated from production
Examples
Example 1: Complete HTTP Lab Setup
sudo apt install apache2
sudo systemctl start apache2
cat << 'EOF' | sudo tee /var/www/html/login.html
<html>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
EOF
sudo ufw allow 80/tcp
Example 2: SNMP Testing Setup
sudo apt install snmpd
echo "rocommunity public" | sudo tee -a /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
snmpwalk -c public -v1 localhost
Example 3: SMB Anonymous Access
sudo apt install samba
sudo mkdir /srv/samba/anonymous
sudo chmod 777 /srv/samba/anonymous
smbclient //localhost/anonymous -N
Troubleshooting
| Issue | Solution |
|---|
| Port not accessible | Check firewall rules (ufw, iptables, Windows Firewall) |
| Service not starting | Check logs with journalctl -u service-name |
| SNMP timeout | Verify UDP 161 is open, check community string |
| SMB access denied | Verify share permissions and user credentials |
| HTTPS certificate error | Accept self-signed cert or add to trusted store |
| Cannot connect remotely | Bind service to 0.0.0.0 instead of localhost |
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
