Download presentation
Presentation is loading. Please wait.
Published byBarnaby Farmer Modified over 8 years ago
1
Enumeration After scanning for live systems and services, hackers will probe the services more carefully looking for weaknesses This involves active connections!
2
Enumeration Hackers will try to gain information about: User Accounts Shared resources Software with vulnerabilities
3
Banner Grabbing Gain more information about servers and services C:\>telnet www.adamsmith.ac.uk 80 http/1.0 400 bad request Sever: IIS 1.1
4
Null sessions A NULL session connection is an unauthenticated connection. From a NULL session hackers can call APIs and use Remote Procedure calls to enumerate information. These techniques can, and will provide information on passwords, groups, services, users and even active processors. NULL session access can also even be used for escalating privileges and perform DoS attacks.
5
Netcat Swiss army knife for TCP IP
6
Common Probed Ports HTTP port 80 SMTP port 25 FTP port 21 Telnet port 23 DNS port 53
7
Common command line tools Telnet Ftp Nslookup Tftp Finger Net Nbtstat RPC port 135 NetBIOS port 137
8
Zone transfers C:/>nslookup ls –d labfarce.org Know your DNS record types
9
Blocking Zone Transfers On the forward lookup zone properties DEMO:
10
Sam spades Crawl Gives information about websites such as Login and passwords
11
NetBIOS scanners Enumerates file shares Dumpsec www.somarsoft.comwww.somarsoft.com Legion
12
Enumerating Users Dumpsec User2sid Sid2user Example: User2sid \\192.168.0.1 “domain user”\\192.168.0.1 Sid2user \\ 192.168.0.1 5 21 8915387 1678654 5678654 500192.168.0.1 Note: Default Rids admin 500 Guest 501
13
Enum www.bindviw.com/support/razor/utilities
14
IP Browser From Solar Winds NS auditor
15
Active Directory Administration Tool idp.exe
16
Other OSs All Operating Systems have their own leaks
17
Counter measures Shut down un-necessary services Restrict information returned from server Microsoft IIS lockdown tool and URLScan
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.