SCSC 555 Frank Li.  Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS  Enumerate NetWare OS (skip) 2.

Slides:



Advertisements
Similar presentations
Ethical Hacking Module IV Enumeration.
Advertisements

1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 11 Windows on a Network.
Chapter One The Essence of UNIX.
System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
MCT260-Operating Systems I Operating Systems I Networking.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.
Chapter 6 Enumeration Modified Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
Module 7: Configuring TCP/IP Addressing and Name Resolution.
1 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS.
Hands-On Ethical Hacking and Network Defense
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
File Recovery and Forensics
CS391 Computer & Network Security
Configuring Network Connectivity Lesson 7. Skills Matrix Technology SkillObjective DomainObjective # Using the Network and Sharing Center Use the Network.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
PC Maintenance: Preparing for A+ Certification Chapter 23: Using a Windows Network.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Chapter 10: Rights, User, and Group Administration.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 6 Resolving Network Host Names.
Retina Network Security Scanner
Hands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Modified
IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.
1 Terminology. 2 Requirements for Network Printing Print server Sufficient RAM to process documents Sufficient disk space on the print server.
Hands-On Ethical Hacking and Network Defense
CS3695/M6-109 – Network Vulnerability Assessment & Risk Mitigation–
Guide to Parallel Operating Systems with Windows 7 and Linux Chapter 11 Networking.
Objective Enumeration takes port scanning to the next level. Now that you know how to discover live systems on a network, the next steps are finding what.
Enumeration March 2, 2010 MIS 4600 – MBA © Abdou Illia.
CITA 352 Chapter 2 TCP/IP Concepts Review. Overview of TCP/IP Protocol –Language used by computers –Transmission Control Protocol/Internet Protocol (TCP/IP)
COMP1321 Digital Infrastructure Richard Henson March 2016.
Mitchell Adair Computer Security Group Feb. 10th, 2010 Enumerating Windows Users.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Web Technology Seminar
Guide to Operating Systems, 5th Edition
CITA 352 Chapter 6 Enumeration.
Nessus Vulnerability Scan
Enumeration.
WINDOWS NT VERSUS UNIX NT & UNIX OVERVIEW by Zhuo Hong Liu
Telnet/SSH Connecting to Hosts Internet Technology.
Hands-On Ethical Hacking and Network Defense
Lesson 16-Windows NT Security Issues
Hacking Windows Damian Gordon.
Presentation transcript:

SCSC 555 Frank Li

 Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS  Enumerate NetWare OS (skip) 2

 Enumeration extracts information about: ◦ Resources or shares on the network ◦ User names or groups assigned on the network ◦ Last time user logged on ◦ User’s password  Enumeration is more intrusive than passive port scanning ◦ First need to determine OS of the target host  By Port scanning and footprinting ◦ E.g. NBT (NetBIOS over TCP/IP) is the tool for enumerating Microsoft OSs 3

 Using enumeration tool nbtscan ◦ Use nbtscan command to scan a range of IP addresses ◦ Example: nbtscan /24 4

 Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS 5

 Study OS history ◦ Knowing your target makes your job easier ◦ Many attacks that work for older Windows OSs still work with newer versions 6

7

8

 Network Basic Input Output System (NetBIOS) ◦ Is a MS programming interface ◦ Allows computer communication over a LAN ◦ Used to share files and printers  NetBIOS names are computer names assigned to Windows systems ◦ Must be unique on a network ◦ Limit of 16 characters ◦ The last character (suffix) is reserved for identifies type of service running  next page 9

10

11

 One of the biggest vulnerabilities of NetBIOS system -- NetBIOS Null session ◦ Is unauthenticated connection to a Windows computer  Does not use logon and passwords values  Attackers use enumeration tool to establish a null session ◦ to gather logon accounts, group membership, and file shares from target hosts 12

 NetBIOS NULL sessions are enabled by default in Windows NT and  Windows XP and 2003 will allow anonymous enumeration of shared network resources, but not accounts. 13

 For the most part if the appropriate ports are accessible a NULL session is possible. 14 PortProtocolDescription 135TCPLocation Service (RPC endpoint mapping) 135UDPLocation Service (RPC endpoint mapping) 137TCPNETBIOS Name Service 137UDPNETBIOS Name Service 138TCPNETBIOS Datagram Service 138UDPNETBIOS Datagram Service 139TCPNETBIOS Session Service 139UDPNETBIOS Session Service 445TCPSMB/CIFS

 Use IP address obtained when port scanning to perform a NetBIOS enumeration  NetBIOS Enumeration Tools ◦ Nbtstat ◦ Net view ◦ Net use ◦ NetScanTools Pro ◦ DumpSec ◦ Hyena ◦ NessusWX ◦ Enum ◦ Hunt 15

 Nbtstat command ◦ Powerful enumeration tool included with the Microsoft OS ◦ Displays NetBIOS table ◦ E.g., Nbstat –a salesrep 16

 Net view command ◦ Shows whether there are any shared resources on a network host  E.g., net view \\

 Net use command ◦ Used to connect to a computer with shared folders or files ◦ view the information about current computer connections. ◦ also can controls persistent network connections.  E.g., To assign the disk-drive device name E: to the Letters shared directory on the \\Fin server, type: net use e: \\fin\letters 18

 NetScanTools Pro produces a graphical view of NetBIOS running on a network ◦ Enumerates any shares running on the computer ◦ Verifies whether access is available for shared resource using its Universal Naming Convention (UNC) name ◦ Example: figure 6-10, 6-11  the \\SALEsMGR\SharedDocs comment entry is blank. to see whether access is available, an attacker enters the UNC \\SALEsMGR\SharedDocs in the Run dialog ox in Windows\\SALEsMGR\SharedDocs 19

 DumpSec in/download.pl?DumpAcl  Produced by Foundstone, Inc.  Allows user to connect to a server and “dump” the following information ◦ Permissions for shares ◦ Permissions for printers ◦ Permissions for the Registry ◦ Users in column or table format ◦ Policies and rights ◦ Services 20

 Hyena is GUI product for managing and securing Microsoft OSs ◦ Shows shares and user logon names for Windows servers and domain controllers ◦ Displays graphical representation of:  Microsoft Terminal Services  Microsoft Windows Network  Web Client Network  Find User/Group 21

 NessusWX allows enumeration of different OSs on a large network  Running NessusWX 1.Nessus server is up and running 2.Open the NessusWX client application 3.To connect your NessusWX client with the Nessus server 1.Click Communications, Connect from the menu on the session window 2.Enter server’s name 3.Log on the Nessus server 22

23

24

Enum /Windows/enum_readme.cfm /Windows/enum_readme.cfm  one of the best tools for exploiting the NULL session vulnerability  allowing you to exploits every aspect of this flaw. ◦ the ability to enumerate users, ◦ and then try to brute force the password using a supplied password list. 25

Hunt ools/hunt.zip ools/hunt.zip  Part of the NT Forensic Toolkit from Foundstone,  this tool makes it very easy to enumerate users and shares from a vulnerable windows host, and is the most accurate 26

 Nessus identifies ◦ NetBIOS names in use ◦ Shared resources ◦ Password information 27

28

29

30

 Nessus also identifies: ◦ OS and service pack ◦ OS vulnerabilities ◦ Firewall vulnerabilities 31

32

33

34

 Introduction to Enumeration  Enumerate Microsoft OS  Enumerate *NIX OS 35

 variations of Unix ◦ Solaris ◦ SunOS ◦ HP-UX ◦ Linux ◦ Ultrix ◦ AIX ◦ BSD UNIX ◦ FreeBSD ◦ OpenBSD 36

 Finger utility ◦ Is the most popular tool for security testers ◦ Finds out who is logged in to a *NIX system ◦ Determine owner of any process  Nessus can also be used for *NIX enumeration 37

 E.g., # finger -b -p james display the following information about the user james. Login name, Computer Hope on since Feb 11 23:37:16 on pts/7 from domain.computerhope.com 28 seconds Idle Time Unread mail since Mon Feb 12 00:22:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.