enumeration

1. enumeration CS391 Computer & Network Security

2. What is enumeration? • Enumeration Techniques.

3. What is Enumeration? • Having identified live hosts and running services, enumeration is the task of probing the identified services for known weaknesses. • The main difference between enumeration and the previous techniques is the level of intrusiveness. • Enumeration involves active connections to systems and directed queries, and accordingly will be logged by target systems.

4. Banner Grabbing • We have seen examples of banner grabbing in the previous lecture. • In addition, telenet and netcat may be used.

5. Banner Grabbing • telnet example

6. Smtp enumeration • Tcp port 25 • Two commands: vrfy and expn • Use telenet

7. Zone transfers • Dns server port 53 • Nslookup • Ls –d server name

8. Null session enumeration • Server Message Block (SMB) Protocol. • Forms the basis for file and printer sharing. • First step: connect to the protocol using the null session command: Net use \\IP address\IPC$ “” /u:” • Enumaerate file shares on a host • Net view \\host

9. Use DumpSec • One can use Dumpsec tool to enumerate file shares. • Another tool is legion • Another attack is to dump the Windows registry. • A number of tools can be used, e.g. regdmp

10. Trusted Domains • Enumerating trusted domains: • Once a null session is established, nltest and /server:server_name and /trusted_domains may be used to learn about further domains related to the current domians

11. Users • Enumerating users: • Use dumpsec