enumeration cs391 computer & network security. what is enumeration? enumeration techniques
TRANSCRIPT
enumerationenumeration
CS391CS391
Computer & Network SecurityComputer & Network Security
What is enumeration?What is enumeration? Enumeration Techniques.Enumeration Techniques.
What is Enumeration?What is Enumeration?
Having identified live hosts and running Having identified live hosts and running services, enumeration is the task of probing the services, enumeration is the task of probing the identified services for known weaknesses.identified services for known weaknesses.
The main difference between enumeration and The main difference between enumeration and the previous techniques is the level of the previous techniques is the level of intrusiveness.intrusiveness.
Enumeration involves active connections to Enumeration involves active connections to systems and directed queries, and accordingly systems and directed queries, and accordingly will be logged by target systems.will be logged by target systems.
Banner GrabbingBanner Grabbing
We have seen examples of banner We have seen examples of banner grabbing in the previous lecture.grabbing in the previous lecture.
In addition, telenet and netcat may be In addition, telenet and netcat may be used.used.
Banner GrabbingBanner Grabbing
telnet exampletelnet example
Smtp enumerationSmtp enumeration
Tcp port 25Tcp port 25 Two commands: vrfy and expnTwo commands: vrfy and expn Use telenetUse telenet
Zone transfersZone transfers
Dns server port 53Dns server port 53 NslookupNslookup Ls –d server nameLs –d server name
Null session enumerationNull session enumeration
Server Message Block (SMB) Protocol.Server Message Block (SMB) Protocol. Forms the basis for file and printer Forms the basis for file and printer
sharing.sharing. First step: connect to the protocol using First step: connect to the protocol using
the null session command:the null session command:
Net use Net use \\IP address\IPC$ “” /u:” address\IPC$ “” /u:” Enumaerate file shares on a hostEnumaerate file shares on a host Net view \\hostNet view \\host
Use DumpSecUse DumpSec
One can use Dumpsec tool to enumerate One can use Dumpsec tool to enumerate file shares.file shares.
Another tool is legionAnother tool is legion Another attack is to dump the Windows Another attack is to dump the Windows
registry.registry. A number of tools can be used, e.g. A number of tools can be used, e.g.
regdmpregdmp
Trusted DomainsTrusted Domains
Enumerating trusted domains:Enumerating trusted domains: Once a null session is established, nltest Once a null session is established, nltest
and /server:server_name and and /server:server_name and /trusted_domains may be used to learn /trusted_domains may be used to learn about further domains related to the about further domains related to the current domianscurrent domians
UsersUsers
Enumerating users:Enumerating users: Use dumpsecUse dumpsec