enumerationenumeration

CS391CS391

Computer & Network SecurityComputer & Network Security

What is enumeration?What is enumeration? Enumeration Techniques.Enumeration Techniques.

What is Enumeration?What is Enumeration?

Having identified live hosts and running Having identified live hosts and running services, enumeration is the task of probing the services, enumeration is the task of probing the identified services for known weaknesses.identified services for known weaknesses.

The main difference between enumeration and The main difference between enumeration and the previous techniques is the level of the previous techniques is the level of intrusiveness.intrusiveness.

Enumeration involves active connections to Enumeration involves active connections to systems and directed queries, and accordingly systems and directed queries, and accordingly will be logged by target systems.will be logged by target systems.

Banner GrabbingBanner Grabbing

We have seen examples of banner We have seen examples of banner grabbing in the previous lecture.grabbing in the previous lecture.

In addition, telenet and netcat may be In addition, telenet and netcat may be used.used.

Banner GrabbingBanner Grabbing

telnet exampletelnet example

Smtp enumerationSmtp enumeration

Tcp port 25Tcp port 25 Two commands: vrfy and expnTwo commands: vrfy and expn Use telenetUse telenet

Zone transfersZone transfers

Dns server port 53Dns server port 53 NslookupNslookup Ls –d server nameLs –d server name

Null session enumerationNull session enumeration

Server Message Block (SMB) Protocol.Server Message Block (SMB) Protocol. Forms the basis for file and printer Forms the basis for file and printer

sharing.sharing. First step: connect to the protocol using First step: connect to the protocol using

the null session command:the null session command:

Net use Net use \\IP address\IPC$ “” /u:” address\IPC$ “” /u:” Enumaerate file shares on a hostEnumaerate file shares on a host Net view \\hostNet view \\host

Use DumpSecUse DumpSec

One can use Dumpsec tool to enumerate One can use Dumpsec tool to enumerate file shares.file shares.

Another tool is legionAnother tool is legion Another attack is to dump the Windows Another attack is to dump the Windows

registry.registry. A number of tools can be used, e.g. A number of tools can be used, e.g.

regdmpregdmp

Trusted DomainsTrusted Domains

Enumerating trusted domains:Enumerating trusted domains: Once a null session is established, nltest Once a null session is established, nltest

and /server:server_name and and /server:server_name and /trusted_domains may be used to learn /trusted_domains may be used to learn about further domains related to the about further domains related to the current domianscurrent domians

UsersUsers

Enumerating users:Enumerating users: Use dumpsecUse dumpsec