1 / 43

CITA 352

CITA 352. Chapter 6 Enumeration. Introduction to Enumeration. Enumeration extracts information about: Resources or shares on the network Usernames or groups assigned on the network User’s password and recent logon times Port scanning and footprinting Determine OS

karma
Download Presentation

CITA 352

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CITA 352 Chapter 6 Enumeration

  2. Introduction to Enumeration • Enumeration extracts information about: • Resources or shares on the network • Usernames or groups assigned on the network • User’s password and recent logon times • Port scanning and footprinting • Determine OS • Enumeration is more intrusive • Attempting to access resource • NBTscan (NetBIOS over TCP/IP) • Tool for enumerating Windows OSs

  3. Figure 6-1 NBTscan finds computers running NetBIOS

  4. Enumerating Windows Operating Systems • Enumeration techniques for older Windows OSs • Many still work with newer versions • This chapter focuses on Windows OS • As it relates to enumeration

  5. Table 6-1 Windows OS descriptions

  6. Table 6-1 Windows OS descriptions (cont’d.)

  7. Table 6-1 Windows OS descriptions (cont’d.)

  8. NetBIOS Basics • Network Basic Input Output System (NetBIOS) • Programming interface • Allows computer communication over a LAN • Used to share files and printers • Requires Server Message Block (SMB) • NetBIOS names • Computer names on Windows systems • Limit of 16 characters • Last character identifies type of service running • Must be unique on a network

  9. Table 6-2 NetBIOS names and suffixes

  10. Table 6-2 NetBIOS names and suffixes (cont’d.)

  11. NetBIOS Null Sessions • Null session • Unauthenticated connection to a Windows computer • Does not use logon and passwords values • Around for over a decade • Still present on Windows XP • Disabled by default in Windows Server 2003 • Not available in Windows Vista and Server 2008

  12. NetBIOS Enumeration Tools • Nbtstat command • Powerful enumeration tool • Included with Windows • Displays NetBIOS table • Net view command • Shows shared resources on a network host • Use port scanning information during enumeration • IP address to perform NetBIOS enumeration • Net use command • Connects computer with shared folders or files

  13. Figure 6-2 Using the Nbstat command

  14. Figure 6-3 Viewing help for the Net view command

  15. Figure 6-4 Using the Net view command with an IP address

  16. Figure 6-5 Viewing help for the Net use command

  17. Additional Enumeration Tools • Include: • Windows tools included with BackTrack • Smb4K tool • DumpSec • Hyena • Nessus and OpenVAS

  18. Using Windows Enumeration Tools • Backtrack Smb4K tool • Used to enumerate Windows computers in a network Figure 6-6 Using Smb4K on a Windows network

  19. DumpSec • Enumeration tool for Windows systems • Produced by Foundstone, Inc. • Allows user to connect to a server and “dump”: • Permissions for shares • Permissions for printers • Permissions for the Registry • Users in column or table format • Policies • Rights • Services

  20. Hyena • Excellent GUI product for managing and securing Windows OSs • Shows shares and user logon names for Windows servers and domain controllers • Displays graphical representation of: • Microsoft Terminal Services • Microsoft Windows Network • Web Client Network • Find User/Group

  21. Figure 6-8 The Hyena interface

  22. Nessus and OpenVAS • OpenVAS • Operates in client/server mode • Open-source descendent of Nessus • Popular tool for identifying vulnerabilities • Nessus Server and Client • Latest version can run on Windows, Mac OS X, FreeBSD, and most Linux distributions • Handy when enumerating different OSs on a large network • Many servers in different locations

  23. Figure 6-10 The Nessus session window

  24. Figure 6-12 The Connection Manager dialog box

  25. Figure 6-13 Nessus ready to scan

  26. Figure 6-14 Nessus enumerates a NetBIOS system

  27. Figure 6-15 Enumerating shares in Nessus

  28. Figure 6-16 Nessus indicates the OS and service pack

  29. Enumerating the NetWare Operating System • Novell NetWare • Some security professionals see as a “dead” OS • Ignoring an OS can limit your career as a security professional • NetWare • Novell does not offer any technical support for versions before 6.5

  30. Table 6-3 NetWare OS descriptions

  31. NetWare Enumeration Tools • NetWare 5.1 • Still used on many networks • New vulnerabilities are discovered daily • Vigilantly check vendor and security sites • Example • Older version of Nessus to scan a NetWare 5.1 server

  32. Figure 6-17 Nessus enumerates a NetWare server

  33. Figure 6-18 Enumerating eDirectory in Nessus

  34. Figure 6-19 Nessus discovers the FTP account’s username and password

  35. Figure 6-20 Nessus enumerates several user accounts

  36. NetWare Enumeration Tools (cont’d.) • Novell Client for Windows • Gathers information on shares and resources • Vulnerability in NetWare OS • You can click Trees, Contexts, and Servers buttons without a login name or password • Open dialog boxes showing network information

  37. Figure 6-22 Logging in with credentials supplied by Nessus

  38. Figure 6-23 Information displayed after the NetWare login is accepted

  39. Figure 6-24 Accessing NetWare through mapped drives

  40. Enumerating the *nix Operating System • Several variations • Solaris and OpenSolaris • HP-UX • Mac OS X and OpenDarwin • AIX • BSD UNIX • FreeBSD • OpenBSD • NetBSD • Linux, including several distributions

  41. UNIX Enumeration • Finger utility • Most popular enumeration tool for security testers • Finds out who is logged in to a *nix system • Determines who was running a process • Nessus • Another important *nix enumeration tool

  42. Figure 6-25 Using the Finger command

  43. Figure 6-26 Nessus enumerates a Linux system

More Related