Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Similar presentations


Presentation on theme: "Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration

2 Objectives After reading this chapter and completing the exercises, you will be able to: –Describe the enumeration step of security testing –Enumerate Windows OS targets –Enumerate NetWare OS targets –Enumerate *nix OS targets Hands-On Ethical Hacking and Network Defense, Second Edition2

3 Introduction to Enumeration Enumeration extracts information about: –Resources or shares on the network –Usernames or groups assigned on the network –User’s password and recent logon times Port scanning and footprinting –Determine OS Enumeration is more intrusive –Attempting to access resource NBTscan (NetBIOS over TCP/IP) –Tool for enumerating Windows OSs Hands-On Ethical Hacking and Network Defense, Second Edition3

4 4 Figure 6-1 NBTscan finds computers running NetBIOS

5 Enumerating Windows Operating Systems Enumeration techniques for older Windows OSs –Many still work with newer versions This chapter focuses on Windows OS –As it relates to enumeration Hands-On Ethical Hacking and Network Defense, Second Edition5

6 6 Table 6-1 Windows OS descriptions

7 Hands-On Ethical Hacking and Network Defense, Second Edition7 Table 6-1 Windows OS descriptions (cont’d.)

8 Hands-On Ethical Hacking and Network Defense, Second Edition8 Table 6-1 Windows OS descriptions (cont’d.)

9 NetBIOS Basics Network Basic Input Output System (NetBIOS) –Programming interface –Allows computer communication over a LAN –Used to share files and printers Requires Server Message Block (SMB) NetBIOS names –Computer names on Windows systems –Limit of 16 characters –Last character identifies type of service running –Must be unique on a network Hands-On Ethical Hacking and Network Defense, Second Edition9

10 10 Table 6-2 NetBIOS names and suffixes

11 Hands-On Ethical Hacking and Network Defense, Second Edition11 Table 6-2 NetBIOS names and suffixes (cont’d.)

12 NetBIOS Null Sessions Null session –Unauthenticated connection to a Windows computer –Does not use logon and passwords values Around for over a decade –Still present on Windows XP –Disabled by default in Windows Server 2003 –Not available in Windows Vista and Server 2008 Hands-On Ethical Hacking and Network Defense, Second Edition12

13 NetBIOS Enumeration Tools Nbtstat command –Powerful enumeration tool –Included with Windows –Displays NetBIOS table Net view command –Shows shared resources on a network host Use port scanning information during enumeration –IP address to perform NetBIOS enumeration Net use command –Connects computer with shared folders or files Hands-On Ethical Hacking and Network Defense, Second Edition13

14 Hands-On Ethical Hacking and Network Defense, Second Edition14 Figure 6-2 Using the Nbstat command

15 Hands-On Ethical Hacking and Network Defense, Second Edition15 Figure 6-3 Viewing help for the Net view command

16 Hands-On Ethical Hacking and Network Defense, Second Edition16 Figure 6-4 Using the Net view command with an IP address

17 Hands-On Ethical Hacking and Network Defense, Second Edition17 Figure 6-5 Viewing help for the Net use command

18 Additional Enumeration Tools Include: –Windows tools included with BackTrack Smb4K tool –DumpSec –Hyena –Nessus and OpenVAS Hands-On Ethical Hacking and Network Defense, Second Edition18

19 Using Windows Enumeration Tools Backtrack Smb4K tool –Used to enumerate Windows computers in a network Hands-On Ethical Hacking and Network Defense, Second Edition19 Figure 6-6 Using Smb4K on a Windows network

20 DumpSec Enumeration tool for Windows systems –Produced by Foundstone, Inc. Allows user to connect to a server and “dump”: –Permissions for shares –Permissions for printers –Permissions for the Registry –Users in column or table format –Policies –Rights –Services Hands-On Ethical Hacking and Network Defense, Second Edition20

21 Hyena Excellent GUI product for managing and securing Windows OSs –Shows shares and user logon names for Windows servers and domain controllers –Displays graphical representation of: Microsoft Terminal Services Microsoft Windows Network Web Client Network Find User/Group Hands-On Ethical Hacking and Network Defense, Second Edition21

22 Hands-On Ethical Hacking and Network Defense, Second Edition22 Figure 6-8 The Hyena interface

23 Nessus and OpenVAS OpenVAS –Operates in client/server mode –Open-source descendent of Nessus Popular tool for identifying vulnerabilities Nessus Server and Client –Latest version can run on Windows, Mac OS X, FreeBSD, and most Linux distributions –Handy when enumerating different OSs on a large network Many servers in different locations Hands-On Ethical Hacking and Network Defense, Second Edition23

24 Hands-On Ethical Hacking and Network Defense, Second Edition24 Figure 6-10 The Nessus session window

25 Hands-On Ethical Hacking and Network Defense, Second Edition25 Figure 6-12 The Connection Manager dialog box

26 Hands-On Ethical Hacking and Network Defense, Second Edition26 Figure 6-13 Nessus ready to scan

27 Hands-On Ethical Hacking and Network Defense, Second Edition27 Figure 6-14 Nessus enumerates a NetBIOS system

28 Hands-On Ethical Hacking and Network Defense, Second Edition28 Figure 6-15 Enumerating shares in Nessus

29 Hands-On Ethical Hacking and Network Defense, Second Edition29 Figure 6-16 Nessus indicates the OS and service pack

30 Enumerating the NetWare Operating System Novell NetWare –Some security professionals see as a “dead” OS –Ignoring an OS can limit your career as a security professional NetWare –Novell does not offer any technical support for versions before 6.5 Hands-On Ethical Hacking and Network Defense, Second Edition30

31 Hands-On Ethical Hacking and Network Defense, Second Edition31 Table 6-3 NetWare OS descriptions

32 NetWare Enumeration Tools NetWare 5.1 –Still used on many networks New vulnerabilities are discovered daily –Vigilantly check vendor and security sites Example –Older version of Nessus to scan a NetWare 5.1 server Hands-On Ethical Hacking and Network Defense, Second Edition32

33 Hands-On Ethical Hacking and Network Defense, Second Edition33 Figure 6-17 Nessus enumerates a NetWare server

34 Hands-On Ethical Hacking and Network Defense, Second Edition34 Figure 6-18 Enumerating eDirectory in Nessus

35 Hands-On Ethical Hacking and Network Defense, Second Edition35 Figure 6-19 Nessus discovers the FTP account’s username and password

36 Hands-On Ethical Hacking and Network Defense, Second Edition36 Figure 6-20 Nessus enumerates several user accounts

37 NetWare Enumeration Tools (cont’d.) Novell Client for Windows –Gathers information on shares and resources Vulnerability in NetWare OS –You can click Trees, Contexts, and Servers buttons without a login name or password Open dialog boxes showing network information Hands-On Ethical Hacking and Network Defense, Second Edition37

38 Hands-On Ethical Hacking and Network Defense, Second Edition38 Figure 6-22 Logging in with credentials supplied by Nessus

39 Hands-On Ethical Hacking and Network Defense, Second Edition39 Figure 6-23 Information displayed after the NetWare login is accepted

40 Hands-On Ethical Hacking and Network Defense, Second Edition40 Figure 6-24 Accessing NetWare through mapped drives

41 Enumerating the *nix Operating System Several variations –Solaris and OpenSolaris –HP-UX –Mac OS X and OpenDarwin –AIX –BSD UNIX –FreeBSD –OpenBSD –NetBSD –Linux, including several distributions Hands-On Ethical Hacking and Network Defense, Second Edition41

42 UNIX Enumeration Finger utility –Most popular enumeration tool for security testers –Finds out who is logged in to a *nix system –Determines who was running a process Nessus –Another important *nix enumeration tool Hands-On Ethical Hacking and Network Defense, Second Edition42

43 Hands-On Ethical Hacking and Network Defense, Second Edition43 Figure 6-25 Using the Finger command

44 Hands-On Ethical Hacking and Network Defense, Second Edition44 Figure 6-26 Nessus enumerates a Linux system

45 Summary Enumeration –Process of extracting information User names Passwords Shared resources Tools for enumerating Windows targets –Nbtstat –Net view –Net use –Other utilities Hands-On Ethical Hacking and Network Defense, Second Edition45

46 Summary (cont’d.) Tools for enumerating NetWare targets –Novell Client software Tools for enumerating *nix systems –Finger –Nessus –OpenVAS Hands-On Ethical Hacking and Network Defense, Second Edition46


Download ppt "Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration."

Similar presentations


Ads by Google