Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Enumeration Tools Roy Introduction SMB Protocol Inter Process Communication(IPC)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Windows Enumeration Tools Roy Introduction SMB Protocol Inter Process Communication(IPC)"— Presentation transcript:

1 Windows Enumeration Tools Roy INSA@CCU

2 Introduction SMB Protocol Inter Process Communication(IPC)

3 Winfingerprint SMB, TCP, UDP, ICMP, RPC, and SNMP scans http://winfingerprint.sourceforge.net/wi nfingerprint.php Ping Response NetBIOS Share Fingerprint NetBIOS Share Password Policy Running Services Users SID Groups Network Service Pack Session Disks Ports

4 GetUserInfo TCP port 139 http://www.joeware.net/win32/zips/Get UserInfo.zip

5 Enum http://www.bindview.com/Resources/R AZOR/Files/enum.tar.gz

6 PsTools Using NetBIOS port Services –NetLogon –Server –RemoteRegistry IPC$ share must be available http://www.sysinternals.com/files/Pstools.zip

7 Psfile shows files opened remotely

8 PsLoggedon see who's logged on locally and via resource sharing 192.168.1.9 FATCAT-E6GDFAFE CAT User:Administrator

9 PsGetSid mike

10 PsInfo Get information about local or remote windows system

11 PsService local and remote services viewer/controller

12 PsList List the Process information Open taskmgr.exe

13 PsKill kill processes by name or process ID

14 PsSuspend suspend or resume processes on a local or remote NT system.

15 PsLogList local and remote event log viewer System Security Application I->Information E->Errors W->Warning Audit Success Audit Failure Clean Log -> -c

16 PsExec executes a program on a remote system Access to the ADMIN$ share

17 PsShutdown Shutdown, logoff and power manage local and remote systems

18 Summary SMB

Download ppt "Windows Enumeration Tools Roy Introduction SMB Protocol Inter Process Communication(IPC)"

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Ethical Hacking Module IV Enumeration.

Ethical Hacking Module IV Enumeration.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.
Configuring Windows to run Dr.Web scanner remotely.

Configuring Windows to run Dr.Web scanner remotely.
Cosc 4765 Windows Forensics Techniques. A case study First this lecture should not be confused with Computer Forensics for criminal prosecution. –That.

Cosc 4765 Windows Forensics Techniques. A case study First this lecture should not be confused with Computer Forensics for criminal prosecution. –That.
Essential NetTools Pranay Kumar. Essential NetTools  This tool is a set of network tools useful in diagnosing networks and monitoring your computer's.

Essential NetTools Pranay Kumar. Essential NetTools  This tool is a set of network tools useful in diagnosing networks and monitoring your computer's.
Windows NT Security Holes Windows NT is getting more popular. More and more companies use NT as their platform of the Internet.They also use NT as the.

Windows NT Security Holes Windows NT is getting more popular. More and more companies use NT as their platform of the Internet.They also use NT as the.
COEN 250 Computer Forensics Windows Life Analysis.

COEN 250 Computer Forensics Windows Life Analysis.
COEN 250 Computer Forensics Windows Life Analysis.

COEN 250 Computer Forensics Windows Life Analysis.
11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.

11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.
Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.

Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Monitoring and Troubleshooting Chapter 17. Review What role is required to share folders on Windows Server 2008 R2? What is the default permission listed.

Monitoring and Troubleshooting Chapter 17. Review What role is required to share folders on Windows Server 2008 R2? What is the default permission listed.
Workshop 1: Introduction to TCP/IP

Workshop 1: Introduction to TCP/IP
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.

Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.

Similar presentations

Ads by Google