Presentation is loading. Please wait.

Presentation is loading. Please wait.

CITA 352 Chapter 6 Enumeration.

Published byWilliam Adams Modified over 7 years ago

Similar presentations

Presentation on theme: "CITA 352 Chapter 6 Enumeration."— Presentation transcript:

1 CITA 352 Chapter 6 Enumeration

2 Introduction to Enumeration
Enumeration extracts information about: Resources or shares on the network Usernames or groups assigned on the network User’s password and recent logon times Port scanning and footprinting Determine OS Enumeration is more intrusive Attempting to access resource NBTscan (NetBIOS over TCP/IP) Tool for enumerating Windows OSs

3 Figure 6-1 NBTscan finds computers running NetBIOS

4 Enumerating Windows Operating Systems
Enumeration techniques for older Windows OSs Many still work with newer versions This chapter focuses on Windows OS As it relates to enumeration

5 Table 6-1 Windows OS descriptions

6 Table 6-1 Windows OS descriptions (cont’d.)

7 Table 6-1 Windows OS descriptions (cont’d.)

8 NetBIOS Basics Network Basic Input Output System (NetBIOS)
Programming interface Allows computer communication over a LAN Used to share files and printers Requires Server Message Block (SMB) NetBIOS names Computer names on Windows systems Limit of 16 characters Last character identifies type of service running Must be unique on a network

9 Table 6-2 NetBIOS names and suffixes

10 Table 6-2 NetBIOS names and suffixes (cont’d.)

11 NetBIOS Null Sessions Null session Around for over a decade
Unauthenticated connection to a Windows computer Does not use logon and passwords values Around for over a decade Still present on Windows XP Disabled by default in Windows Server 2003 Not available in Windows Vista and Server 2008

12 NetBIOS Enumeration Tools
Nbtstat command Powerful enumeration tool Included with Windows Displays NetBIOS table Net view command Shows shared resources on a network host Use port scanning information during enumeration IP address to perform NetBIOS enumeration Net use command Connects computer with shared folders or files

13 Figure 6-2 Using the Nbstat command

14 Figure 6-3 Viewing help for the Net view command

15 Figure 6-4 Using the Net view command with an IP address

16 Figure 6-5 Viewing help for the Net use command

17 Additional Enumeration Tools
Include: Windows tools included with BackTrack Smb4K tool DumpSec Hyena Nessus and OpenVAS

18 Using Windows Enumeration Tools
Backtrack Smb4K tool Used to enumerate Windows computers in a network Figure 6-6 Using Smb4K on a Windows network

19 DumpSec Enumeration tool for Windows systems
Produced by Foundstone, Inc. Allows user to connect to a server and “dump”: Permissions for shares Permissions for printers Permissions for the Registry Users in column or table format Policies Rights Services

20 Hyena Excellent GUI product for managing and securing Windows OSs
Shows shares and user logon names for Windows servers and domain controllers Displays graphical representation of: Microsoft Terminal Services Microsoft Windows Network Web Client Network Find User/Group

21 Figure 6-8 The Hyena interface

22 Nessus and OpenVAS OpenVAS Nessus Server and Client
Operates in client/server mode Open-source descendent of Nessus Popular tool for identifying vulnerabilities Nessus Server and Client Latest version can run on Windows, Mac OS X, FreeBSD, and most Linux distributions Handy when enumerating different OSs on a large network Many servers in different locations

23 Figure 6-10 The Nessus session window

24 Figure 6-12 The Connection Manager dialog box

25 Figure 6-13 Nessus ready to scan

26 Figure 6-14 Nessus enumerates a NetBIOS system

27 Figure 6-15 Enumerating shares in Nessus

28 Figure 6-16 Nessus indicates the OS and service pack

29 Enumerating the NetWare Operating System
Novell NetWare Some security professionals see as a “dead” OS Ignoring an OS can limit your career as a security professional NetWare Novell does not offer any technical support for versions before 6.5

30 Table 6-3 NetWare OS descriptions

31 NetWare Enumeration Tools
Still used on many networks New vulnerabilities are discovered daily Vigilantly check vendor and security sites Example Older version of Nessus to scan a NetWare 5.1 server

32 Figure 6-17 Nessus enumerates a NetWare server

33 Figure 6-18 Enumerating eDirectory in Nessus

34 Figure 6-19 Nessus discovers the FTP account’s username and password

35 Figure 6-20 Nessus enumerates several user accounts

36 NetWare Enumeration Tools (cont’d.)
Novell Client for Windows Gathers information on shares and resources Vulnerability in NetWare OS You can click Trees, Contexts, and Servers buttons without a login name or password Open dialog boxes showing network information

37 Figure 6-22 Logging in with credentials supplied by Nessus

38 Figure 6-23 Information displayed after the NetWare login is accepted

39 Figure 6-24 Accessing NetWare through mapped drives

40 Enumerating the *nix Operating System
Several variations Solaris and OpenSolaris HP-UX Mac OS X and OpenDarwin AIX BSD UNIX FreeBSD OpenBSD NetBSD Linux, including several distributions

41 UNIX Enumeration Finger utility Nessus
Most popular enumeration tool for security testers Finds out who is logged in to a *nix system Determines who was running a process Nessus Another important *nix enumeration tool

42 Figure 6-25 Using the Finger command

43 Figure 6-26 Nessus enumerates a Linux system

Download ppt "CITA 352 Chapter 6 Enumeration."

Similar presentations

Ethical Hacking Module IV Enumeration.

Ethical Hacking Module IV Enumeration.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
SYSTEM ADMINISTRATION Chapter 19

SYSTEM ADMINISTRATION Chapter 19
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.

Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
MCT260-Operating Systems I Operating Systems I Networking.

MCT260-Operating Systems I Operating Systems I Networking.
Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.

Lesson 5-Accessing Networks. Overview Introduction to Windows XP Professional. Introduction to Novell Client. Introduction to Red Hat Linux workstation.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Resource Sharing Over a Network

Resource Sharing Over a Network
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Samba

Samba

Similar presentations

Ads by Google