Scribd
Upload
28 views14 pages

CH 06

Enumeration is a process that gathers detailed information about network resources and services beyond basic scanning, utilizing protocols like ICMP and SNMP. It can uncover usernames, shares, routing tables, and more, often using methods such as NULL sessions and tools like SNMPWalk and PsTools. This active measure is crucial for revealing sensitive information and assessing network security.

Uploaded by

Hisham Dahshan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
28 views14 pages

CH 06

Enumeration is a process that gathers detailed information about network resources and services beyond basic scanning, utilizing protocols like ICMP and SNMP. It can uncover usernames, shares, routing tables, and more, often using methods such as NULL sessions and tools like SNMPWalk and PsTools. This active measure is crucial for revealing sensitive information and assessing network security.

Uploaded by

Hisham Dahshan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Enumeration

Chapter 6

© SYBEX Inc. 2016. All Rights Reserved.


What Is Enumeration?
Gathers detailed information beyond
scanning

Uses different protocols such as ICMP and


SNMP

Can create effective picture of network

Relies on both manual and automated


methods

© SYBEX Inc. 2016. All Rights Reserved.


Enumeration
You can expect to Network resources and
shares
gain even more
information during
Users and groups
this step as you are
digging deeper and
gathering Routing tables
information such as
usernames, host Auditing and service
names, share settings
names, services,
application data, Applications and banners
group information,
and much more. SNMP and DNS details
© SYBEX Inc. 2016. All Rights Reserved.
What to Uncover and
How
The process of enumeration is finding out about
what services are running, including versions,
open shares, account details, or possible points of
entry. One such target is SMB.

Using
NULL Enumerat
sessions ing Active Targeting
to extract Directory routers
informati accounts
on

© SYBEX Inc. 2016. All Rights Reserved.


Ports of Interest
• TCP 53: This is used for DNS zone transfers.
• TCP 135: This is used by email clients to
connect to email servers.
• TCP 137: NBNS provides name resolution
services for the NetBIOS protocol.
• TCP 139: This is for NetBIOS Session Service
or SMB over NetBIOS.
• TCP 445: SMB over TCP or Direct Host
improves network access.
• UDP 161: SNMP is a protocol used for network
management.
• TCP/UDP 389: LDAP is used by many directory
applications.
• TCP / UDP 3368: This is the Global Catalog
Service associated with Active Directory.
• TCP 25: SMTP is used for the transmission of Reserved.
© SYBEX Inc. 2016. All Rights
NetBIOS
Commonly exploited service

Designed for small networks


This service was
originally Is extremely vulnerable
intended to assist
Can be used to extract all
in the access to sorts of information from a
resources on a target
LAN only.
Considered a legacy protocol

Still available and running on


Windows systems by default

© SYBEX Inc. 2016. All Rights Reserved.


NULL Sessions and
This feature is usedNetBIOS
to allow clients or endpoints of a
connection to access certain types of information
across the network.
List of
List of
users
machin
and
es
groups
Users
List of and
shares host
SIDs

The NULL session allows access to a system using a


special account known as a NULL user. The account
can be used to reveal information about system shares
or user accounts while not requiring a username or
password to do so. © SYBEX Inc. 2016. All Rights Reserved.
Working with NIULL
Sessions
NULL sessions can be used to retrieve extreme
amounts of information.

Information includes user IDs, share names,


security policy settings, users currently logged
in, and more.

Windows XP and Windows Server 2003 are not


vulnerable to null session attacks.

Patches won’t fix the issue, and most hardening


techniques won’t keep it from being exploited.

© SYBEX Inc. 2016. All Rights Reserved.


Using a NULL Session
• Requires a short list of commands
• Main command is the “net” command
• To connect to a remote session, use:
– net use \\<machine name> “/user:”
• To view shares on a remote system,
use:
– net view \\<machine name>
• To connect to a remote share, use:
– net use <drive letter> \\<machine
name>\<shared folder name>

© SYBEX Inc. 2016. All Rights Reserved.


Extracting from SNMP
SNMPWalk is an open Retrieves
source tool that was part information from
SNMP
of the Net-SNMP project
at Carnegie Mellon
University in the early Preys upon plaintext
1990s when SNMP was information
first deployed.
Queries devices to
determine if
information is kept
secret
SNMP is open
source and can
inform
administrators
© SYBEX Inc. 2016. All Rights Reserved.
PsTools Suite for
Enumeration
PsTools made by Systernals (now
Microsoft)

Patterned after UNIX commands

Tools allow for detailed exploration of a


remote system

Can perform many actions and tasks

PsTools is a useful suite for both remote and local


system assessment and exploitation.
© SYBEX Inc. 2016. All Rights Reserved.
NetCat for Enumeration

Freeware utility

Commonly used
for backdoor
utility

Can be used to
push files from one
system to another
Can grab banners, do
port scanning and
port enumeration, and
perform remote
actions
© SYBEX Inc. 2016. All Rights Reserved.
What About
Metasploit?
The Metasploit Metasploit was
framework was designed for security
research and
introduced as a
assessments
research project by
the well-known Contains numerous
security researchers exploits to be used
H.D. Moore and
spoonm. Can target applications
and many operating
systems

Is command line but


also has web interface

© SYBEX Inc. 2016. All Rights Reserved.


Summary
• Enumeration follows
scanning.
• Enumeration seeks to reveal
information from a system.
• Enumeration is an active
measure.
• Information can include
usernames, group
information, printer data,
and other data. © SYBEX Inc. 2016. All Rights Reserved.

You might also like