1 / 59

Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense. Chapter 6 Enumeration. Objectives. Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate NetWare OS targets Enumerate *NIX OS targets. Introduction to Enumeration. Enumeration extracts information about:

zuwena
Download Presentation

Hands-On Ethical Hacking and Network Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration

  2. Objectives • Describe the enumeration step of security testing • Enumerate Microsoft OS targets • Enumerate NetWare OS targets • Enumerate *NIX OS targets Hands-On Ethical Hacking and Network Defense

  3. Introduction to Enumeration • Enumeration extracts information about: • Resources or shares on the network • User names or groups assigned on the network • Last time user logged on • User’s password • Port scanning and footprinting • Determine OS being used • Intrusive process • NBT (NetBIOS over TCP/IP) • Tool for enumerating Microsoft OSs Hands-On Ethical Hacking and Network Defense

  4. Introduction to Enumeration (continued) • Linux application installation • Create a new directory • Gzip command • Tape archive (tar) file • Configure installation • Install application Hands-On Ethical Hacking and Network Defense

  5. Hands-On Ethical Hacking and Network Defense

  6. Hands-On Ethical Hacking and Network Defense

  7. Hands-On Ethical Hacking and Network Defense

  8. Introduction to Enumeration (continued) • Using NBTscan • Use nbtscan command to scan a range of IP addresses • Example: nbtscan 192.168.0.0./24 Hands-On Ethical Hacking and Network Defense

  9. Hands-On Ethical Hacking and Network Defense

  10. Enumerating Microsoft Operating Systems • Study OS history • Knowing your target makes your job easier • Many attacks that work for older Windows OSs still work with newer versions Hands-On Ethical Hacking and Network Defense

  11. Hands-On Ethical Hacking and Network Defense

  12. Hands-On Ethical Hacking and Network Defense

  13. Hands-On Ethical Hacking and Network Defense

  14. NetBIOS Basics • Network Basic Input Output System (NetBIOS) • Programming interface • Allows computer communication over a LAN • Used to share files and printers • NetBIOS names • Computer names on Windows systems • Limit of 16 characters • Last character identifies type of service running • Must be unique on a network Hands-On Ethical Hacking and Network Defense

  15. Hands-On Ethical Hacking and Network Defense

  16. Hands-On Ethical Hacking and Network Defense

  17. NetBIOS Null Sessions • Null session • Unauthenticated connection to a Windows computer • Does not use logon and passwords values • Around for over a decade • Still present on Windows XP Hands-On Ethical Hacking and Network Defense

  18. NetBIOS Enumeration Tools • Nbtstat command • Powerful enumeration tool included with the Microsoft OS • Displays NetBIOS table • Net view command • Shows whether there are any shared resources on a network host • Use information obtained from port scanning during enumeration • Use IP address obtained when port scanning to perform a NetBIOS enumeration Hands-On Ethical Hacking and Network Defense

  19. Hands-On Ethical Hacking and Network Defense

  20. Hands-On Ethical Hacking and Network Defense

  21. Hands-On Ethical Hacking and Network Defense

  22. NetBIOS Enumeration Tools (continued) • Net use command • Used to connect to a computer with shared folders or files Hands-On Ethical Hacking and Network Defense

  23. Hands-On Ethical Hacking and Network Defense

  24. Additional Enumeration Tools • NetScanTools Pro • DumpSec • Hyena • NessusWX Hands-On Ethical Hacking and Network Defense

  25. NetScanTools Pro • Produces a graphical view of NetBIOS running on a network • Enumerates any shares running on the computer • Verifies whether access is available for shared resource using its Universal Naming Convention (UNC) name Hands-On Ethical Hacking and Network Defense

  26. Hands-On Ethical Hacking and Network Defense

  27. Hands-On Ethical Hacking and Network Defense

  28. DumpSec • Enumeration tool for Microsoft systems • Produced by Foundstone, Inc. • Allows user to connect to a server and “dump” the following information • Permissions for shares • Permissions for printers • Permissions for the Registry • Users in column or table format • Policies and rights • Services Hands-On Ethical Hacking and Network Defense

  29. Hyena • Excellent GUI product for managing and securing Microsoft OSs • Shows shares and user logon names for Windows servers and domain controllers • Displays graphical representation of: • Microsoft Terminal Services • Microsoft Windows Network • Web Client Network • Find User/Group Hands-On Ethical Hacking and Network Defense

  30. Hands-On Ethical Hacking and Network Defense

  31. NessusWX • Allows enumeration of different OSs on a large network • Running NessusWX • Be sure Nessus server is up and running • Open the NessusWX client application • To connect your client with the Nessus server • Click Communications, Connect from the menu on the session window • Enter server’s name • Log on the Nessus server Hands-On Ethical Hacking and Network Defense

  32. Hands-On Ethical Hacking and Network Defense

  33. Hands-On Ethical Hacking and Network Defense

  34. NessusWX (continued) • Nessus identifies • NetBIOS names in use • Shared resources • Vulnerabilities with shared resources • Also offers solutions to those vulnerabilities Hands-On Ethical Hacking and Network Defense

  35. Hands-On Ethical Hacking and Network Defense

  36. Hands-On Ethical Hacking and Network Defense

  37. Hands-On Ethical Hacking and Network Defense

  38. NessusWX (continued) • Nessus identifies (continued) • OS version • OS vulnerabilities • Firewall vulnerabilities Hands-On Ethical Hacking and Network Defense

  39. Hands-On Ethical Hacking and Network Defense

  40. Hands-On Ethical Hacking and Network Defense

  41. Hands-On Ethical Hacking and Network Defense

  42. Enumerating the NetWare Operating System • Security professionals see Novell NetWare as a “dead horse” • Ignoring an OS can limit your career as a security professional • Novell NetWare version 4.11 • Novell does not offer any technical support for earlier versions Hands-On Ethical Hacking and Network Defense

  43. Hands-On Ethical Hacking and Network Defense

  44. NetWare Enumeration Tools • NetWare 5.1 is still used on many networks • New vulnerabilities are discovered daily • You need to be vigilant in checking vendor sites and security sites • Tool • Nessus Hands-On Ethical Hacking and Network Defense

  45. Hands-On Ethical Hacking and Network Defense

  46. NetWare Enumeration Tools (continued) • Nessus • Enumerates a NetWare server • Determines eDirectory information • Discovers the user name and password for the FTP account • Discovers names of several user accounts Hands-On Ethical Hacking and Network Defense

  47. Hands-On Ethical Hacking and Network Defense

  48. Hands-On Ethical Hacking and Network Defense

  49. Hands-On Ethical Hacking and Network Defense

  50. NetWare Enumeration Tools (continued) • Novell Client32 • Available at www.novell.com • Client available for several OSs • Specify information for • Tree • Content • Server Hands-On Ethical Hacking and Network Defense

More Related