Enumeration.

Slides:



Advertisements
Similar presentations
Ethical Hacking Module IV Enumeration.
Advertisements

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Accessing the Internet with Anonymous FTP Transferring Files from Remote Computers.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Chapter 6 Enumeration Modified Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.
Workshop 1: Introduction to TCP/IP
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Penetration Testing Training Day Capture the Flag Training.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
Hands-On Ethical Hacking and Network Defense
Chapter 3 Enumeration Last modified
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
CS391 Computer & Network Security
1 Pertemuan 6 Finishing the Configuration. Discussion Topics Importance of configuration standards Interface descriptions Configuring interface description.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
COMP1321 Digital Infrastructure Richard Henson February 2014.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
1 Welcome to CSC 301 Web Programming Charles Frank.
Internet Business Foundations © 2004 ProsoftTraining All rights reserved.
SCSC 555 Frank Li.  Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS  Enumerate NetWare OS (skip) 2.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Chapter 3 Enumeration Last modified Definition Scanning identifies live hosts and running services Enumeration probes the identified services.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Hacking Windows What to do first?  Patch : of course the first thing to do is apply SP3 and the critical updates. More will come …critical updates.
Week 4-1 Week 4: Enumeration What is Enumeration? –Now that you have a live target the next step is find what services are running and what version.
FTP Short for File Transfer Protocol, the protocol for exchanging files over the Internet.protocolfilesInternet works in the same way as HTTP for transferring.
Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!
Networking in Linux: a brief overview. TCP/IP  TCP/IP concepts we have seen are applicable to Linux (a version of UNIX, where TCP/IP started)  Some.
TCOM Information Assurance Management System Hacking.
Accessing Evitech network via FTP by Susan Jansson.
Logging into the linux machines This series of view charts show how to log into the linux machines from the Windows environment. Machine name IP address.
Retina Network Security Scanner
Hands-On Ethical Hacking and Network Defense
© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.
Announcements RSA Security Conference (extra credit) RSA Security Conference (extra credit) –April 7 through April 11, San Francisco –Visit the Forum for.
Footprinting and Scanning
CS3695/M6-109 – Network Vulnerability Assessment & Risk Mitigation–
Remote Access Usages. Remote Desktop Remote desktop technology makes it possible to view another computer's desktop on your computer. This means you can.
File Transfer Protocol (FTP) CIS 130. File Transfer Protocol (FTP) Copy files from one internet host (server) to your account on another host –Need domain.
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
COMP1321 Digital Infrastructure Richard Henson March 2016.
Mitchell Adair Computer Security Group Feb. 10th, 2010 Enumerating Windows Users.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Getting Connected to NGS while on the Road…
CITA 352 Chapter 6 Enumeration.
Application Layer Functionality and Protocols
LESSON Networking Fundamentals Understand TCP/IP.
Introduction to Operating Systems
Footprinting and Scanning
Chapter 4: Security Baselines
LINUX ADMINISTRATION 1
Footprinting and Scanning
Chapter 4 Core TCP/IP Protocols
ما هي خدمة بروتوكول نقل الملفات؟
Getting Connected to NGS while on the Road…
Computer Networks Protocols
Presentation transcript:

Enumeration

Local IP addresses (review) Some special IP addresses localhost 127.0.0.1 (loopback address) Internal networks Class A 10.0.0.0 Class B 172.16.0.0 to 172.31.0.0 Class C 192.168.0.0 to 192.168.255.0 Machines behind a firewall can use these internal IP numbers to communicate among them. Only the firewall machine/device (host) needs to have an IP address valid in the Internet.

What is enumeration? Categories Techniques (OS specific) Obtain information about accounts, network resources and shares. Categories network resources and shares users and groups applications and banners Techniques (OS specific) Windows UNIX/Linux

Windows applications and banner enumeration Telnet and netcat: same in Windows and UNIX. Telnet: Connect to a known port and see the software it is running, as in this example. Netcat: similar to telnet but provides more information. Countermeasures: log remotely in your applications and edit banners. FTP (TCP 21), SMTP (TCP 25) : close ftp, use ssh (we will see it later). Disable telnet in mail servers, use ssh. Registry enumeration: default in Windows. Server is Administrators only. Tools:regdmp.exe, DumpSec see an example and limitations (more later). Countermeasures: be sure the registry is set for Administrators only and no command prompt is accessible remotely (telnet, etc). .

Windows sources of information Protocols providing information: CIFS/SMB and NetBIOS, through TCP port 139, and another SMB port, 445. Banner enumeration is not the main issue. (UDP 137), Null session command: net use \\19x.16x.11x.xx\IPC$ “” /u:”” countermeasures: filter out NetBIOS related TCP, UDP ports 135-139 (firewall). disable NetBIOS over TCP/IP see ShieldsUp! page on binding. restrict anonymous using the Local Security Policy applet. More here. GetAcct bypasses these actions (download the GetAcct tool). .

Windows network resources NetBIOS enumeration (if port closed, none work) NetBIOS Domain hosts: net view NetBios Name Table: nbtstat use and example and nbtscan (download). NetBIOS shares: DumpSec, NetBIOS Auditing Tool (NAT), NBTdump (use, output). ShareEnum (download, example). Countermeasures: as discussed previously => close ports 135-139, disable NetBIOS over TCP/IP SNMP enumeration: SolarWinds IP Network Browser (commercial). Countermeasures: close port 445. Windows DNS Zone Transfers: Active Directory is based on DNS and create new vulnerability, but provides tool -- “Computer Management” Microsoft Management Console (MMC) -- to restrict zone transfers to certain IP numbers.

Windows: user and group enumeration Enumerating Users via NetBIOS: usernames and (common) passwords. Enum(NBTEnum): use and output. DumpSec: output. Countermeasures: as before (close ports, no NetBIOS over TCP/IP) Using sid2user and user2sid and download them here. Using Cain and Abel for both network resources and user and group enumeration. See manual and download. We will use it again in future classes for more involved uses. Enumerating Users using SNMP: SolarWinds IP Network Browser. See also snmputil. Windows Active Directory enumeration using ldp: Win 2k on added LDAP through the active directory -- you login once (the good) and have access to all resources (the security problem). close ports 389 and 3268. You will not practice this in the course.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.