Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

Slides:

Advertisements

Similar presentations

Hacking Exposed 7 Network Security Secrets & Solutions

Advertisements

System Security Scanning and Discovery Chapter 14.

Forces that Have Brought the world to it’s knees over the centuries.

Vulnerability Analysis Borrowed from the CLICS group.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

The Internet Useful Definitions and Concepts About the Internet.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

COEN 252: Computer Forensics Router Investigation.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Computation for Physics 計算物理概論 Introduction to Linux.

Chapter 3 Enumeration Last modified

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

CS391 Computer & Network Security

Honeypot and Intrusion Detection System

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

1 Version 3.0 Module 11 TCP Application and Transport.

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

Application Services COM211 Communications and Networks CDA College Theodoros Christophides

Chapter 3 Enumeration Last modified Definition Scanning identifies live hosts and running services Enumeration probes the identified services.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

G CITRIXHACKIN. Citrix Presentation Server 4.5 New version is called XenApp/Server Common Deployments Nfuse classic CSG – Citrix Secure Gateway Citrix.

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!

SMTP / MIME Florin Zidaru.

TCOM Information Assurance Management System Hacking.

Linux Services Configuration

Security fundamentals Topic 10 Securing the network perimeter.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Announcements RSA Security Conference (extra credit) RSA Security Conference (extra credit) –April 7 through April 11, San Francisco –Visit the Forum for.

CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.

Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

INTERNET APPLICATIONS CPIT405 Install a web server and analyze packets.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Instructor Materials Chapter 5 Providing Network Services

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

FTP - File Transfer Protocol

HACKIN G CITRIX.

Chapter 7 Network Applications

Presentation transcript:

Enumeration

Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses Enumeration is more intrusive, using active connections and directed queries Enumeration will usually be logged and noticed

Goals of Enumeration User account names to inform subsequent password-guessing attacks Oft-misconfigured shared resources for example, unsecured file shares Older software versions with known security vulnerabilities such as web servers with remote buffer overflows

Normal nmap Scan

nmap Version Scanning

Vulnerability Scanners Very noisy and easy to detect Thorough and slow Nessus OpenVAS Cenzic Hailstorm Accunetrix Many others

Nessus Probably most well-known vulnerability assessment tool Uses nmap for initial port scanning Two-level architecture Server: runs scans Client: control scans, view reports

Nessus Structure Uses plug-ins to abstract vulnerability tests Tests further grouped into families Uses accounts for authorization Can configure through running server interactively as opposed to running server in daemon state

Nessus Notes Plugins tab Be careful with enabling all plugins Dangerous plugins can interrupt or even crash services on ports

Nessus results Good graphical interface Listing of findings with recommendations Examples:

Banner Grabbing with netcat

Telnet in Vista and Windows 7 First you need to install Telnet In Control Panel, Programs and Features, Turn Windows Features on or off, check Telnet Client

Banner Grabbing Connecting to remote applications and observing the output Simple way, at a command prompt telnet 80www.just.edu.jo On the next blank screen type in GET / HTTP/1.1 Press Enter twice

Example Banners tells you too much cnn.com is better

Netcat Banner Grabs

Banner-Grabbing Countermeasures Turn off unnecessary services Disable the presentation of the vendor and version in banners Audit yourself regularly with port scans and raw netcat connects to active ports

Enumerating Common Network Services FTP, TCP 21 Telnet, TCP 23 SMTP, TCP 25 DNS, TCP/UDP 53 TFTP, TCP/UDP 69 Finger, TCP/UDP 79 HTTP, TCP 80

FTP Enumeration, TCP 21 FTP is becoming obsolete, see ftp.sun.com FTP passwords are sent in the clear Don't allow anonymous uploads Turn it off, use secure FTP instead

Googling for FTP Servers Search for intitle:"Index of ftp://" Here's an overly informative HTTP banner

FTP Banner Here's the corresponding overly informative FTP banner

Eliminate FTP Plaintext password transmission! Alternatives: SFTP (over SSH) FTPS (over SSL) Public content should be served over HTTP, not FTP

Enumerating Telnet, TCP 23 Telnet sometimes has banners, and allows bruteforce username enumeration It sends passwords in cleartext Telnet should be eliminated if possible Use SSH instead If you must use Telnet, restrict it to proper source IP addresses Or run it through a VPN

Enumerating SMTP, TCP 25 SMTP can be enumerated with Telnet, using these commands VRFY confirms names of valid users EXPN reveals the actual delivery addresses of aliases and mailing lists

Antivirus Note McAfee antivirus blocks telnets to port 25 "Prevent mass mailing worms from sending mail"

SMTP Enumeration Countermeasures Disable the EXPN and VRFY commands, or restrict them to authenticated users Sendmail and Exchange both allow that in modern versions

DNS Zone Transfers, TCP 53 Zone transfers dump the entire contents of a given domain's zone files Restricted to authorized machines on most DNS servers now

Zone Transfer Example

DNS Cache Snooping +norecurse – examines only the local DNS data (note ANSWER: 0)

Recursive DNS

Now It's in the Cache

DNS Enumeration Tools dnsenum Google scraping Brute forcing More

DNS Enumeration Countermeasures Use separate internal and external DNS servers Block or restrict DNS zone transfers Restrict DNS queries to limit cache snooping

Enumerating TFTP, TCP/UDP 69 TFTP is inherently insecure Runs in cleartext No authentication at all Anyone can grab any file (even /etc/passwd in the worst cases) Used in routers and VoIP Telephones to update firmware

TFTP Enumeration Countermeasures Wrap it to restrict access Using a tool such as TCP Wrappers TCP Wrappers is like a software firewall, only allowing certain clients to access a service Limit access to the /tftpboot directory Make sure it's blocked at the border firewall

Finger, TCP/UDP 79 Shows users on local or remote systems, if enabled Useful for social engineering Countermeasure: block remote access to finger

Enumerating HTTP, TCP 80 Grab banners with netcat or telnet Crawl Web sites with Sam Spade

Grendel-Scan Crawls sites and reports on vulnerabilities In BackTrack Very slow

HTTP Enumeration Countermeasures Change the banner on your web servers URLScan for IIS v 4 and later