scsc 555 frank li. introduction to enumeration enumerate microsoft os enumerate *nix os ...
TRANSCRIPT
![Page 1: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/1.jpg)
SCSC 555Frank Li
![Page 2: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/2.jpg)
Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip)
2
![Page 3: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/3.jpg)
Enumeration extracts information about:◦ Resources or shares on the network◦ User names or groups assigned on the network◦ Last time user logged on◦ User’s password
Enumeration is more intrusive than passive port scanning◦ First need to determine OS of the target host
By Port scanning and footprinting◦ E.g. NBT (NetBIOS over TCP/IP) is the tool for
enumerating Microsoft OSs
3
![Page 4: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/4.jpg)
Using enumeration tool nbtscan◦ Use nbtscan command to scan a range of IP
addresses ◦ Example: nbtscan 192.168.0.0./24
4
![Page 5: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/5.jpg)
Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS
5
![Page 6: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/6.jpg)
Study OS history◦ Knowing your target makes your job easier◦ Many attacks that work for older Windows OSs
still work with newer versions
6
![Page 7: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/7.jpg)
7
![Page 8: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/8.jpg)
8
![Page 9: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/9.jpg)
Network Basic Input Output System (NetBIOS)◦ Is a MS programming interface◦ Allows computer communication over a LAN◦ Used to share files and printers
NetBIOS names are computer names assigned to Windows systems◦ Must be unique on a network◦ Limit of 16 characters◦ The last character (suffix) is reserved for identifies
type of service running next page
9
![Page 10: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/10.jpg)
10
![Page 11: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/11.jpg)
11
![Page 12: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/12.jpg)
One of the biggest vulnerabilities of NetBIOS system -- NetBIOS Null session◦ Is unauthenticated connection to a Windows
computer Does not use logon and passwords values
Attackers use enumeration tool to establish a null session ◦ to gather logon accounts, group membership, and
file shares from target hosts
12
![Page 13: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/13.jpg)
NetBIOS NULL sessions are enabled by default in Windows NT and 2000.
Windows XP and 2003 will allow anonymous enumeration of shared network resources, but not accounts.
13
![Page 14: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/14.jpg)
For the most part if the appropriate ports are accessible a NULL session is possible.
14
Port Protocol Description
135 TCP Location Service (RPC endpoint mapping)
135 UDP Location Service (RPC endpoint mapping)
137 TCP NETBIOS Name Service
137 UDP NETBIOS Name Service
138 TCP NETBIOS Datagram Service
138 UDP NETBIOS Datagram Service
139 TCP NETBIOS Session Service
139 UDP NETBIOS Session Service
445 TCP SMB/CIFS
![Page 15: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/15.jpg)
Use IP address obtained when port scanning to perform a NetBIOS enumeration
NetBIOS Enumeration Tools◦ Nbtstat◦ Net view◦ Net use◦ NetScanTools Pro◦ DumpSec◦ Hyena◦ NessusWX◦ Enum◦ Hunt
15
![Page 16: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/16.jpg)
Nbtstat command◦ Powerful enumeration tool included with the Microsoft OS◦ Displays NetBIOS table◦ E.g., Nbstat –a salesrep
16
![Page 17: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/17.jpg)
Net view command◦ Shows whether there are any shared
resources on a network host E.g., net view \\192.168.0.106
17
![Page 18: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/18.jpg)
Net use command◦ Used to connect to a computer with shared
folders or files◦ view the information about current computer
connections. ◦ also can controls persistent network connections.
E.g., To assign the disk-drive device name E: to the Letters shared directory on the \\Fin server, type: net use e: \\fin\letters
18
![Page 19: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/19.jpg)
NetScanTools Pro produces a graphical view of NetBIOS running on a network◦ Enumerates any shares running on the computer◦ Verifies whether access is available for shared
resource using its Universal Naming Convention (UNC) name
◦ Example: figure 6-10, 6-11 the \\SALEsMGR\SharedDocs comment entry is blank.
to see whether access is available, an attacker enters the UNC \\SALEsMGR\SharedDocs in the Run dialog ox in Windows
19
![Page 20: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/20.jpg)
DumpSechttp://www.systemtools.com/cgi-in/download.pl?DumpAcl
Produced by Foundstone, Inc. Allows user to connect to a server and “dump”
the following information◦ Permissions for shares◦ Permissions for printers◦ Permissions for the Registry◦ Users in column or table format◦ Policies and rights◦ Services
20
![Page 21: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/21.jpg)
Hyena is GUI product for managing and securing Microsoft OSs◦ Shows shares and user logon names for
Windows servers and domain controllers◦ Displays graphical representation of:
Microsoft Terminal Services Microsoft Windows Network Web Client Network Find User/Group
21
![Page 22: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/22.jpg)
NessusWX allows enumeration of different OSs on a large network
Running NessusWX1. Nessus server is up and running2. Open the NessusWX client application3. To connect your NessusWX client with the
Nessus server1. Click Communications, Connect from the menu on
the session window2. Enter server’s name3. Log on the Nessus server
22
![Page 23: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/23.jpg)
23
![Page 24: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/24.jpg)
24
![Page 25: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/25.jpg)
Enum http://www.bindview.com/Services/RAZOR/Utilities/Windows/enum_readme.cfm
one of the best tools for exploiting the NULL session vulnerability
allowing you to exploits every aspect of this flaw. ◦ the ability to enumerate users, ◦ and then try to brute force the password using a supplied
password list.
25
![Page 26: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/26.jpg)
Hunt http://www.foundstone.com/resources/freetools/hunt.zip
Part of the NT Forensic Toolkit from Foundstone,
this tool makes it very easy to enumerate users and shares from a vulnerable windows host, and is the most accurate
26
![Page 27: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/27.jpg)
Nessus identifies ◦ NetBIOS names in use◦ Shared resources◦ Password information
27
![Page 28: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/28.jpg)
28
![Page 29: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/29.jpg)
29
![Page 30: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/30.jpg)
30
![Page 31: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/31.jpg)
Nessus also identifies:◦ OS and service pack◦ OS vulnerabilities◦ Firewall vulnerabilities
31
![Page 32: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/32.jpg)
32
![Page 33: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/33.jpg)
33
![Page 34: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/34.jpg)
34
![Page 35: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/35.jpg)
Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS
35
![Page 36: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/36.jpg)
variations of Unix◦ Solaris◦ SunOS◦ HP-UX◦ Linux◦ Ultrix◦ AIX◦ BSD UNIX◦ FreeBSD◦ OpenBSD
36
![Page 37: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/37.jpg)
Finger utility◦ Is the most popular tool for security testers◦ Finds out who is logged in to a *NIX system◦ Determine owner of any process
Nessus can also be used for *NIX enumeration
37
![Page 38: SCSC 555 Frank Li. Introduction to Enumeration Enumerate Microsoft OS Enumerate *NIX OS Enumerate NetWare OS (skip) 2](https://reader030.vdocuments.mx/reader030/viewer/2022032415/56649efb5503460f94c0d367/html5/thumbnails/38.jpg)
E.g., # finger -b -p james
display the following information about the user james.Login name, Computer Hope on since Feb 11 23:37:16 on pts/7 from domain.computerhope.com28 seconds Idle TimeUnread mail since Mon Feb 12 00:22:52 2001
38