Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense

Published bySolomon Summers Modified over 8 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense"— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense
Chapter 6 Enumeration

2 Objectives Describe the enumeration step of security testing
Enumerate Microsoft OS targets Enumerate NetWare OS targets Enumerate *NIX OS targets

3 Introduction to Enumeration
Enumeration extracts information about: Resources or shares on the network User names or groups assigned on the network Last time user logged on User’s password Before enumeration, you use Port scanning and footprinting To Determine OS being used Intrusive process

4 NBTscan NBT (NetBIOS over TCP/IP) NBTscan
is the Windows networking protocol used for shared folders and printers NBTscan Tool for enumerating Microsoft OSs

5 Enumerating Microsoft Operating Systems
Study OS history Knowing your target makes your job easier Many attacks that work for older Windows OSs still work with newer versions

6 Windows 95 The first Windows version that did not start with DOS
Still used the DOS kernel to some extent Introduced the Registry database to replace Win.ini, Autoexec.bat, and other text files Introduced Plug and Play and ActiveX Used FAT16 file system

7 Windows 98 and ME More Stable than Win 95 Used FAT32 file system
Win ME introduced System Restore Win 95, 98, and ME are collectively called "Win 9x"

8 Windows NT 3.51 Server/Workstation
No dependence on DOS kernel Domains and Domain Controllers NTFS File System to replace FAT16 and FAT31 Much more secure and stable than Win9x Many companies still use Win NT Server Domain Controllers Win NT 4.0 was an upgrade

9 Windows 2000 Server/Professional
Upgrade of Win NT Active Directory Powerful database storing information about all objects in a network Users, printers, servers, etc. Based on Novell's Novell Directory Services Enumerating this system would include enumerating Active Directory

10 Windows XP Professional
Much more secure, especially after Service Pack 2 Windows File Protection Data Execution Prevention Windows Firewall

11 Windows Server 2003 Much more secure, especially after Service Pack 1
Network services are closed by default Internet Explorer security set higher

12 NetBIOS Basics Network Basic Input Output System (NetBIOS)
Programming interface Allows computer communication over a LAN Used to share files and printers

13 NetBIOS names Computer names on Windows systems Limit of 16 characters
Last character identifies type of service running Must be unique on a network

14 NetBIOS Suffixes For complete list, see link Ch 6h

15 NetBIOS Null Sessions Null session Around for over a decade
Unauthenticated connection to a Windows computer Does not use logon and passwords values Around for over a decade Still present on Windows XP A large vulnerability See links Ch 6a-f

16 Null Session Information
Using these NULL connections allows you to gather the following information from the host: List of users and groups List of machines List of shares Users and host SIDs (Security Identifiers) From brown.edu (link Ch 6b)

17 Demonstration of Null Sessions
Start Win 2000 Pro Share a folder From a Win XP command prompt NET VIEW \\ip-address Fails NET USE \\ip-address\IPC$ "" /u:"" Creates the null session Username="" Password="" NET VIEW \\ip-address Works now

18 Demonstration of Enumeration
Download Winfo from link Ch 6g Run it – see all the information!

19 NULL Session Information
NULL sessions exist in windows networking to allow: Trusted domains to enumerate resources Computers outside the domain to authenticate and enumerate users The SYSTEM account to authenticate and enumerate resources NetBIOS NULL sessions are enabled by default in Windows NT and 2000 From brown.edu (link Ch 6b)

20 NULL Sessions in Win XP and 2003 Server
Windows XP and 2003 don't allow Null Sessions, according to link Ch 6c. I tried the NET USE command on Win XP SP2 and it did not work Link Ch 6f says you can still do it in Win XP SP2, but you need to use a different procedure

21 NetBIOS Enumeration Tools
Nbtstat command Powerful enumeration tool included with the Microsoft OS Displays NetBIOS table

22 NetBIOS Enumeration Tools
Net view command Shows whether there are any shared resources on a network host

23 NetBIOS Enumeration Tools (continued)
Net use command Used to connect to a computer with shared folders or files

24 Additional Enumeration Tools
NetScanTools Pro DumpSec Hyena NessusWX

25 NetScanTools Pro Produces a graphical view of NetBIOS running on a network Enumerates any shares running on the computer Verifies whether access is available for shared resource using its Universal Naming Convention (UNC) name Costs about $250 per machine (link Ch 6i)

26

27

28 DumpSec Enumeration tool for Microsoft systems
Produced by Foundstone, Inc. Allows user to connect to a server and “dump” the following information Permissions for shares Permissions for printers Permissions for the Registry Users in column or table format Policies and rights Services

29 Hyena Excellent GUI product for managing and securing Microsoft OSs
Shows shares and user logon names for Windows servers and domain controllers Displays graphical representation of: Microsoft Terminal Services Microsoft Windows Network Web Client Network Find User/Group

30 Prices DumpSec seems to be free Hyena costs about $200 per station
Link Ch 6j

31

32 NessusWX This is the client part of Nessus
Allows enumeration of different OSs on a large network Running NessusWX Be sure Nessus server is up and running Open the NessusWX client application To connect your client with the Nessus server Click Communications, Connect from the menu on the session window Enter server’s name Log on the Nessus server

33 Nessus is No Longer Free
OpenVAS is the open source fork of Nessus Links Ch 6l, 6m

34

35

36 NessusWX (continued) Nessus identifies NetBIOS names in use
Shared resources Vulnerabilities with shared resources Also offers solutions to those vulnerabilities OS version OS vulnerabilities Firewall vulnerabilities

37

38

39

40

41 Etherleak Vulnerability
Padding in Ethernet frames comes from RAM, it's not just zeroes Real data can leak out that way See link Ch 6l

42

43 Enumerating the NetWare Operating System
Security professionals see Novell NetWare as a “dead horse” Ignoring an OS can limit your career as a security professional Novell NetWare version 4.11 Novell does not offer any technical support for earlier versions Novell has switched to SUSE Linux now

44 NetWare Enumeration Tools
NetWare 5.1 is still used on many networks New vulnerabilities are discovered daily You need to be vigilant in checking vendor sites and security sites Tool Nessus

45

46 NetWare Enumeration Tools (continued)
Nessus Enumerates a NetWare server Determines eDirectory information Discovers the user name and password for the FTP account Discovers names of several user accounts

47

48

49

50 NetWare Enumeration Tools (continued)
Novell Client32 Available at Client available for several OSs Specify information for Tree Content Server

51

52

53

54 Enumerating the *NIX Operating System
Several variations Solaris SunOS HP-UX Linux Ultrix AIX BSD UNIX FreeBSD OpenBSD

55 UNIX Enumeration Finger utility Nessus
Most popular tool for security testers Finds out who is logged in to a *NIX system Determine owner of any process Nessus Another important *NIX enumeration tool

56

57

Download ppt "Hands-On Ethical Hacking and Network Defense"

Similar presentations

COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 3 Operating Systems.

COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 3 Operating Systems.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
SYSTEM ADMINISTRATION Chapter 19

SYSTEM ADMINISTRATION Chapter 19
Nassau Community College

Nassau Community College
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.

Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Introduction to windows operating system i

Introduction to windows operating system i
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

Similar presentations

Ads by Google