1 / 46

Hands-On Ethical Hacking and Network Defense Second Edition

Learn about enumeration techniques for Windows, NetWare, and *nix OS targets. Understand NetBIOS basics, null sessions, and tools like Nbtstat, Net view, and Net use. Explore tools like Smb4K, DumpSec, Hyena, Nessus, and OpenVAS for efficient enumeration.

spieker
Download Presentation

Hands-On Ethical Hacking and Network Defense Second Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hands-On Ethical Hacking and Network DefenseSecond Edition Chapter 6 Enumeration

  2. Objectives • After reading this chapter and completing the exercises, you will be able to: • Describe the enumeration step of security testing • Enumerate Windows OS targets • Enumerate NetWare OS targets • Enumerate *nix OS targets Hands-On Ethical Hacking and Network Defense, Second Edition

  3. Introduction to Enumeration • Enumeration extracts information about: • Resources or shares on the network • Usernames or groups assigned on the network • User’s password and recent logon times • Port scanning and footprinting • Determine OS • Enumeration is more intrusive • Attempting to access resource • NBTscan (NetBIOS over TCP/IP) • Tool for enumerating Windows OSs Hands-On Ethical Hacking and Network Defense, Second Edition

  4. Figure 6-1 NBTscan finds computers running NetBIOS Hands-On Ethical Hacking and Network Defense, Second Edition

  5. Enumerating Windows Operating Systems • Enumeration techniques for older Windows OSs • Many still work with newer versions • This chapter focuses on Windows OS • As it relates to enumeration Hands-On Ethical Hacking and Network Defense, Second Edition

  6. Table 6-1 Windows OS descriptions Hands-On Ethical Hacking and Network Defense, Second Edition

  7. Table 6-1 Windows OS descriptions (cont’d.) Hands-On Ethical Hacking and Network Defense, Second Edition

  8. Table 6-1 Windows OS descriptions (cont’d.) Hands-On Ethical Hacking and Network Defense, Second Edition

  9. NetBIOS Basics • Network Basic Input Output System (NetBIOS) • Programming interface • Allows computer communication over a LAN • Used to share files and printers • Requires Server Message Block (SMB) • NetBIOS names • Computer names on Windows systems • Limit of 16 characters • Last character identifies type of service running • Must be unique on a network Hands-On Ethical Hacking and Network Defense, Second Edition

  10. Table 6-2 NetBIOS names and suffixes Hands-On Ethical Hacking and Network Defense, Second Edition

  11. Table 6-2 NetBIOS names and suffixes (cont’d.) Hands-On Ethical Hacking and Network Defense, Second Edition

  12. NetBIOS Null Sessions • Null session • Unauthenticated connection to a Windows computer • Does not use logon and passwords values • Around for over a decade • Still present on Windows XP • Disabled by default in Windows Server 2003 • Not available in Windows Vista and Server 2008 Hands-On Ethical Hacking and Network Defense, Second Edition

  13. NetBIOS Enumeration Tools • Nbtstat command • Powerful enumeration tool • Included with Windows • Displays NetBIOS table • Net view command • Shows shared resources on a network host • Use port scanning information during enumeration • IP address to perform NetBIOS enumeration • Net use command • Connects computer with shared folders or files Hands-On Ethical Hacking and Network Defense, Second Edition

  14. Figure 6-2 Using the Nbstat command Hands-On Ethical Hacking and Network Defense, Second Edition

  15. Figure 6-3 Viewing help for the Net view command Hands-On Ethical Hacking and Network Defense, Second Edition

  16. Figure 6-4 Using the Net view command with an IP address Hands-On Ethical Hacking and Network Defense, Second Edition

  17. Figure 6-5 Viewing help for the Net use command Hands-On Ethical Hacking and Network Defense, Second Edition

  18. Additional Enumeration Tools • Include: • Windows tools included with BackTrack • Smb4K tool • DumpSec • Hyena • Nessus and OpenVAS Hands-On Ethical Hacking and Network Defense, Second Edition

  19. Using Windows Enumeration Tools • Backtrack Smb4K tool • Used to enumerate Windows computers in a network Figure 6-6 Using Smb4K on a Windows network Hands-On Ethical Hacking and Network Defense, Second Edition

  20. DumpSec • Enumeration tool for Windows systems • Produced by Foundstone, Inc. • Allows user to connect to a server and “dump”: • Permissions for shares • Permissions for printers • Permissions for the Registry • Users in column or table format • Policies • Rights • Services Hands-On Ethical Hacking and Network Defense, Second Edition

  21. Hyena • Excellent GUI product for managing and securing Windows OSs • Shows shares and user logon names for Windows servers and domain controllers • Displays graphical representation of: • Microsoft Terminal Services • Microsoft Windows Network • Web Client Network • Find User/Group Hands-On Ethical Hacking and Network Defense, Second Edition

  22. Figure 6-8 The Hyena interface Hands-On Ethical Hacking and Network Defense, Second Edition

  23. Nessus and OpenVAS • OpenVAS • Operates in client/server mode • Open-source descendent of Nessus • Popular tool for identifying vulnerabilities • Nessus Server and Client • Latest version can run on Windows, Mac OS X, FreeBSD, and most Linux distributions • Handy when enumerating different OSs on a large network • Many servers in different locations Hands-On Ethical Hacking and Network Defense, Second Edition

  24. Figure 6-10 The Nessus session window Hands-On Ethical Hacking and Network Defense, Second Edition

  25. Figure 6-12 The Connection Manager dialog box Hands-On Ethical Hacking and Network Defense, Second Edition

  26. Figure 6-13 Nessus ready to scan Hands-On Ethical Hacking and Network Defense, Second Edition

  27. Figure 6-14 Nessus enumerates a NetBIOS system Hands-On Ethical Hacking and Network Defense, Second Edition

  28. Figure 6-15 Enumerating shares in Nessus Hands-On Ethical Hacking and Network Defense, Second Edition

  29. Figure 6-16 Nessus indicates the OS and service pack Hands-On Ethical Hacking and Network Defense, Second Edition

  30. Enumerating the NetWare Operating System • Novell NetWare • Some security professionals see as a “dead” OS • Ignoring an OS can limit your career as a security professional • NetWare • Novell does not offer any technical support for versions before 6.5 Hands-On Ethical Hacking and Network Defense, Second Edition

  31. Table 6-3 NetWare OS descriptions Hands-On Ethical Hacking and Network Defense, Second Edition

  32. NetWare Enumeration Tools • NetWare 5.1 • Still used on many networks • New vulnerabilities are discovered daily • Vigilantly check vendor and security sites • Example • Older version of Nessus to scan a NetWare 5.1 server Hands-On Ethical Hacking and Network Defense, Second Edition

  33. Figure 6-17 Nessus enumerates a NetWare server Hands-On Ethical Hacking and Network Defense, Second Edition

  34. Figure 6-18 Enumerating eDirectory in Nessus Hands-On Ethical Hacking and Network Defense, Second Edition

  35. Figure 6-19 Nessus discovers the FTP account’s username and password Hands-On Ethical Hacking and Network Defense, Second Edition

  36. Figure 6-20 Nessus enumerates several user accounts Hands-On Ethical Hacking and Network Defense, Second Edition

  37. NetWare Enumeration Tools (cont’d.) • Novell Client for Windows • Gathers information on shares and resources • Vulnerability in NetWare OS • You can click Trees, Contexts, and Servers buttons without a login name or password • Open dialog boxes showing network information Hands-On Ethical Hacking and Network Defense, Second Edition

  38. Figure 6-22 Logging in with credentials supplied by Nessus Hands-On Ethical Hacking and Network Defense, Second Edition

  39. Figure 6-23 Information displayed after the NetWare login is accepted Hands-On Ethical Hacking and Network Defense, Second Edition

  40. Figure 6-24 Accessing NetWare through mapped drives Hands-On Ethical Hacking and Network Defense, Second Edition

  41. Enumerating the *nix Operating System • Several variations • Solaris and OpenSolaris • HP-UX • Mac OS X and OpenDarwin • AIX • BSD UNIX • FreeBSD • OpenBSD • NetBSD • Linux, including several distributions Hands-On Ethical Hacking and Network Defense, Second Edition

  42. UNIX Enumeration • Finger utility • Most popular enumeration tool for security testers • Finds out who is logged in to a *nix system • Determines who was running a process • Nessus • Another important *nix enumeration tool Hands-On Ethical Hacking and Network Defense, Second Edition

  43. Figure 6-25 Using the Finger command Hands-On Ethical Hacking and Network Defense, Second Edition

  44. Figure 6-26 Nessus enumerates a Linux system Hands-On Ethical Hacking and Network Defense, Second Edition

  45. Summary • Enumeration • Process of extracting information • User names • Passwords • Shared resources • Tools for enumerating Windows targets • Nbtstat • Net view • Net use • Other utilities Hands-On Ethical Hacking and Network Defense, Second Edition

  46. Summary (cont’d.) • Tools for enumerating NetWare targets • Novell Client software • Tools for enumerating *nix systems • Finger • Nessus • OpenVAS Hands-On Ethical Hacking and Network Defense, Second Edition

More Related