SlideShare a Scribd company logo

Module 4 Enumeration

Download as PPT, PDF
L
leminhvuong

The document discusses techniques for enumerating information from systems during the hacking process. It describes establishing null sessions to extract user names, shares, and other details without authentication. Tools like DumpSec, Netview, Nbtstat, GetAcct, and PS Tools are also covered as ways to enumerate users, groups, shares, permissions, and more from Windows and UNIX systems. The document also provides countermeasures like restricting null sessions and the anonymous user to protect against enumeration attacks.

1 of 18
Downloaded 265 times
MODULE 4 ENUMERATION
Objective Overview of System Hacking Cycle Enumeration Techniques for Enumeration Establishing Null Session Enumerating User Accounts Null User Countermeasures SNMP Scan SNMP Enumeration MIB SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration AD Enumeration Countermeasures
Overview of System Hacking Cycle
What is Enumeration? Enumeration is defined as extraction of user names, machine names, network resources, shares, and services Enumeration techniques are conducted in an intranet environment Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders: Network resources and shares Users and groups Applications and banners Auditing settings
Techniques for Enumeration Some of the techniques for enumeration are: Extract user names using Win2k enumeration Extract user names using SNMP Extract user names using email IDs Extract information using default passwords Brute force Active Directory
Netbios Null Sessions The null session is often refereed to as the Holy Grail of Windows hacking. Null sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) You can establish a null session with a Windows (NT/2000/XP) host by logging on with a null user name and password Using these null connections allows you to gather the following information from the host: List of users and groups List of machines List of shares Users and host SIDs (Security Identifiers)
So What's the Big Deal? Anyone with a NetBIOS connection to your computer can easily get a full dump of all your user names, groups, shares, permissions, policies, services, and more using the null user. The attacker now has a channel over which to attempt various techniques. The CIFS/SMB and NetBIOS standards in Windows 2000 include APIs that return rich information about a machine via TCP port 139—even to unauthenticated users. This works on Windows 2000/XP systems, but not on Win 2003 The following syntax connects to the hidden Inter Process Communication 'share' (IPC$) at IP address 192.34.34.2 with the built-in anonymous user (/u:'''') with a ('''') null password
Tool: DumpSec www.systemtools.com/somarsoft/ DumpSec reveals shares over a null session with the target computer. It allows users to remotely connect to any computer and dump permissions, audit settings, and ownership for the Windows NT/2000 file system. Hackers can choose to dump either NTFS or share permissions. It can also dump permissions for printers and the registry
NetBIOS Enumeration Using Netview
Nbtstat Enumeration Tool
NBTScan http:// www.inetcat.org/software/nbtscan.html . NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. NBTscan uses port 137 UDP for sending queries.
Hacking Tool: GetAcct GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines. Downloadable from (www.securityfriday.com)
Null Session Countermeasure Null sessions require access to TCP 139 and/ or TCP 445 ports. You could also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface. Edit the registry to restrict the anonymous user. 1. Open regedt32, navigate to HKLM\SYSTEM\CurrentControlSet\LSA 2. Choose edit | add value value name: ResticAnonymous Data Type: REG_WORD Value: 2
PS Tools PS Tools was developed by Mark Russinovich of SysInternals, and contains a collection of enumeration tools. Some of the tools require user authentication to the system: PsExec - Executes processes remotely PsFile - Shows files opened remotely PsGetSid - Displays the SID of a computer or a user PsKill - Kills processes by name or process ID PsInfo - Lists information about a system PsList - Lists detailed information about processes PsLoggedOn - Shows who's logged on locally and via resource sharing PsLogList - Dumps event log records PsPasswd - Changes account passwords PsService - Views and controls services PsShutdown - Shuts down and optionally reboots a computer PsSuspend - Suspends processes PsUptime - Shows how long a system has been running since its last reboot
UNIX Enumeration Commands used to enumerate Unix network resources are as follows: showmount: – Finds the shared directories on the machine – [root $] showmount –e 19x.16x. xxx.xx Finger: – Enumerates the user and host – Enables you to view the user’s home directory, login time, idle times, office location, and the last time they both received or read mail – [root$] finger –1 @target.hackme.com rpcinfo: – Helps to enumerate Remote Procedure Call protocol – RPC protocol allows applications to talk to one another over the network – [root] rpcinfo –p 19x.16x.xxx.xx
Tool: Winfingerprint Winfingerprint is GUIbased. It has the option of scanning a single host or a continuous network block Has two main windows: IP address range Windows options
Enumerate Systems Using Default Passwords
http://www.defaultpassword.com
Ad

Recommended

Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
begmohsin
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Man in the middle
Man in the middleMan in the middle
Man in the middle
AhmadThaqifAimanAhma
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Password Attacks.pdf
Password Attacks.pdfPassword Attacks.pdf
Password Attacks.pdf
Andy32903
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
Michael Gough
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
Netwax Lab
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
Nikhil Mittal
 
Ransomware
Ransomware Ransomware
Ransomware
Armor
 
Writing Identification Tests
Writing Identification TestsWriting Identification Tests
Writing Identification Tests
dessandrea
 
Beyond 'neutrality' - how to reconnect regulation to reality?
Beyond 'neutrality' - how to reconnect regulation to reality?Beyond 'neutrality' - how to reconnect regulation to reality?
Beyond 'neutrality' - how to reconnect regulation to reality?
Martin Geddes
 
Ad

More Related Content

What's hot (20)

Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Password Attacks.pdf
Password Attacks.pdfPassword Attacks.pdf
Password Attacks.pdf
Andy32903
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
Michael Gough
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
Netwax Lab
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
Nikhil Mittal
 
Ransomware
Ransomware Ransomware
Ransomware
Armor
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
 
Password Attacks.pdf
Password Attacks.pdfPassword Attacks.pdf
Password Attacks.pdf
Andy32903
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
THOR Apt Scanner
THOR Apt ScannerTHOR Apt Scanner
THOR Apt Scanner
Florian Roth
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
Michael Gough
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
Netwax Lab
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
Nikhil Mittal
 
Ransomware
Ransomware Ransomware
Ransomware
Armor
 

Viewers also liked (20)

Writing Identification Tests
Writing Identification TestsWriting Identification Tests
Writing Identification Tests
dessandrea
 
Beyond 'neutrality' - how to reconnect regulation to reality?
Beyond 'neutrality' - how to reconnect regulation to reality?Beyond 'neutrality' - how to reconnect regulation to reality?
Beyond 'neutrality' - how to reconnect regulation to reality?
Martin Geddes
 
CNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationCNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: Enumeration
Sam Bowne
 
6 enumerated, typedef
6 enumerated, typedef6 enumerated, typedef
6 enumerated, typedef
Frijo Francis
 
15 1. enumeration, typedef
15 1. enumeration, typedef15 1. enumeration, typedef
15 1. enumeration, typedef
웅식 전
 
Cehv8 - Module 05: System Hacking
Cehv8 - Module 05: System HackingCehv8 - Module 05: System Hacking
Cehv8 - Module 05: System Hacking
Vuz Dở Hơi
 
Intro. to Linguistics_10 Lexicology
Intro. to Linguistics_10 LexicologyIntro. to Linguistics_10 Lexicology
Intro. to Linguistics_10 Lexicology
Edi Brata
 
Net neutrality
Net neutralityNet neutrality
Net neutrality
ZEESHAN ALI
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
 
Enumeration
EnumerationEnumeration
Enumeration
Eliécer Díaz
 
MS Access teaching powerpoint tasks
MS Access teaching powerpoint tasksMS Access teaching powerpoint tasks
MS Access teaching powerpoint tasks
skomadina
 
Net neutrality explained
Net neutrality explainedNet neutrality explained
Net neutrality explained
Grant Wright
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Essay type tests
Essay type testsEssay type tests
Essay type tests
Parsa Sabbahat
 
Test type questions
Test type questionsTest type questions
Test type questions
Gerald Diana
 
Methods of Paragraph Development
Methods of Paragraph DevelopmentMethods of Paragraph Development
Methods of Paragraph Development
Ivan Bendiola
 
Essays
EssaysEssays
Essays
shoffma5
 
8 essay test
8 essay test8 essay test
8 essay test
janevenus21
 
Principles of Test Construction 1
Principles of Test Construction 1Principles of Test Construction 1
Principles of Test Construction 1
Monica P
 
Essay type test
Essay type testEssay type test
Essay type test
Dr.Shazia Zamir
 
Writing Identification Tests
Writing Identification TestsWriting Identification Tests
Writing Identification Tests
dessandrea
 
Beyond 'neutrality' - how to reconnect regulation to reality?
Beyond 'neutrality' - how to reconnect regulation to reality?Beyond 'neutrality' - how to reconnect regulation to reality?
Beyond 'neutrality' - how to reconnect regulation to reality?
Martin Geddes
 
CNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationCNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: Enumeration
Sam Bowne
 
6 enumerated, typedef
6 enumerated, typedef6 enumerated, typedef
6 enumerated, typedef
Frijo Francis
 
15 1. enumeration, typedef
15 1. enumeration, typedef15 1. enumeration, typedef
15 1. enumeration, typedef
웅식 전
 
Cehv8 - Module 05: System Hacking
Cehv8 - Module 05: System HackingCehv8 - Module 05: System Hacking
Cehv8 - Module 05: System Hacking
Vuz Dở Hơi
 
Intro. to Linguistics_10 Lexicology
Intro. to Linguistics_10 LexicologyIntro. to Linguistics_10 Lexicology
Intro. to Linguistics_10 Lexicology
Edi Brata
 
Net neutrality
Net neutralityNet neutrality
Net neutrality
ZEESHAN ALI
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
 
Enumeration
EnumerationEnumeration
Enumeration
Eliécer Díaz
 
MS Access teaching powerpoint tasks
MS Access teaching powerpoint tasksMS Access teaching powerpoint tasks
MS Access teaching powerpoint tasks
skomadina
 
Net neutrality explained
Net neutrality explainedNet neutrality explained
Net neutrality explained
Grant Wright
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
leminhvuong
 
Essay type tests
Essay type testsEssay type tests
Essay type tests
Parsa Sabbahat
 
Test type questions
Test type questionsTest type questions
Test type questions
Gerald Diana
 
Methods of Paragraph Development
Methods of Paragraph DevelopmentMethods of Paragraph Development
Methods of Paragraph Development
Ivan Bendiola
 
Essays
EssaysEssays
Essays
shoffma5
 
8 essay test
8 essay test8 essay test
8 essay test
janevenus21
 
Principles of Test Construction 1
Principles of Test Construction 1Principles of Test Construction 1
Principles of Test Construction 1
Monica P
 
Essay type test
Essay type testEssay type test
Essay type test
Dr.Shazia Zamir
 
Ad

Similar to Module 4 Enumeration (20)

Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
amiable_indian
 
Class Presentation
Class PresentationClass Presentation
Class Presentation
webhostingguy
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hacking
nayakslideshare
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
leminhvuong
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: Enumeration
Sam Bowne
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]
RootedCON
 
Ch06.ppt
Ch06.pptCh06.ppt
Ch06.ppt
RobinRohit2
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptxWeek 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
amardeux
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networks
Adeel Javaid
 
cyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.pptcyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.ppt
mcjaya2024
 
File000125
File000125File000125
File000125
Desmond Devendran
 
Secure network
Secure networkSecure network
Secure network
shelusharma
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
Hacking
Roshan Chaudhary
 
Footprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfFootprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdf
sdfghj21
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
Greater Noida Institute Of Technology
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
amiable_indian
 
Class Presentation
Class PresentationClass Presentation
Class Presentation
webhostingguy
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hacking
nayakslideshare
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
leminhvuong
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: Enumeration
Sam Bowne
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]
RootedCON
 
Ch06.ppt
Ch06.pptCh06.ppt
Ch06.ppt
RobinRohit2
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
 
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptxWeek 8 IT infrastructure Scanning and Enumeration Part 2.pptx
Week 8 IT infrastructure Scanning and Enumeration Part 2.pptx
amardeux
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networks
Adeel Javaid
 
cyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.pptcyber forensics-enum,sniffing,malware threat.ppt
cyber forensics-enum,sniffing,malware threat.ppt
mcjaya2024
 
File000125
File000125File000125
File000125
Desmond Devendran
 
Secure network
Secure networkSecure network
Secure network
shelusharma
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
Hacking
Roshan Chaudhary
 
Footprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfFootprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdf
sdfghj21
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
Greater Noida Institute Of Technology
 
Ad

More from leminhvuong (20)

Proxy
ProxyProxy
Proxy
leminhvuong
 
Lession2 Xinetd
Lession2 XinetdLession2 Xinetd
Lession2 Xinetd
leminhvuong
 
Module 7 Sql Injection
Module 7 Sql InjectionModule 7 Sql Injection
Module 7 Sql Injection
leminhvuong
 
Iptables
IptablesIptables
Iptables
leminhvuong
 
Lession1 Linux Preview
Lession1 Linux PreviewLession1 Linux Preview
Lession1 Linux Preview
leminhvuong
 
Http
HttpHttp
Http
leminhvuong
 
Dns
DnsDns
Dns
leminhvuong
 
Net Admin Intro
Net Admin IntroNet Admin Intro
Net Admin Intro
leminhvuong
 
Lession4 Dhcp
Lession4 DhcpLession4 Dhcp
Lession4 Dhcp
leminhvuong
 
Lession3 Routing
Lession3 RoutingLession3 Routing
Lession3 Routing
leminhvuong
 
Module 1 Introduction
Module 1 IntroductionModule 1 Introduction
Module 1 Introduction
leminhvuong
 
Wire Less
Wire LessWire Less
Wire Less
leminhvuong
 
Net Security Intro
Net Security IntroNet Security Intro
Net Security Intro
leminhvuong
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
leminhvuong
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
leminhvuong
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
leminhvuong
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
leminhvuong
 
Call Back
Call BackCall Back
Call Back
leminhvuong
 
Module 1 Introduction
Module 1 IntroductionModule 1 Introduction
Module 1 Introduction
leminhvuong
 
Proxy
ProxyProxy
Proxy
leminhvuong
 
Lession2 Xinetd
Lession2 XinetdLession2 Xinetd
Lession2 Xinetd
leminhvuong
 
Module 7 Sql Injection
Module 7 Sql InjectionModule 7 Sql Injection
Module 7 Sql Injection
leminhvuong
 
Iptables
IptablesIptables
Iptables
leminhvuong
 
Lession1 Linux Preview
Lession1 Linux PreviewLession1 Linux Preview
Lession1 Linux Preview
leminhvuong
 
Http
HttpHttp
Http
leminhvuong
 
Dns
DnsDns
Dns
leminhvuong
 
Net Admin Intro
Net Admin IntroNet Admin Intro
Net Admin Intro
leminhvuong
 
Lession4 Dhcp
Lession4 DhcpLession4 Dhcp
Lession4 Dhcp
leminhvuong
 
Lession3 Routing
Lession3 RoutingLession3 Routing
Lession3 Routing
leminhvuong
 
Module 1 Introduction
Module 1 IntroductionModule 1 Introduction
Module 1 Introduction
leminhvuong
 
Wire Less
Wire LessWire Less
Wire Less
leminhvuong
 
Net Security Intro
Net Security IntroNet Security Intro
Net Security Intro
leminhvuong
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
leminhvuong
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
leminhvuong
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
leminhvuong
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
leminhvuong
 
Call Back
Call BackCall Back
Call Back
leminhvuong
 
Module 1 Introduction
Module 1 IntroductionModule 1 Introduction
Module 1 Introduction
leminhvuong
 

Recently uploaded (20)

DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 

Module 4 Enumeration

  • 2. Objective Overview of System Hacking Cycle Enumeration Techniques for Enumeration Establishing Null Session Enumerating User Accounts Null User Countermeasures SNMP Scan SNMP Enumeration MIB SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration AD Enumeration Countermeasures
  • 3. Overview of System Hacking Cycle
  • 4. What is Enumeration? Enumeration is defined as extraction of user names, machine names, network resources, shares, and services Enumeration techniques are conducted in an intranet environment Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders: Network resources and shares Users and groups Applications and banners Auditing settings
  • 5. Techniques for Enumeration Some of the techniques for enumeration are: Extract user names using Win2k enumeration Extract user names using SNMP Extract user names using email IDs Extract information using default passwords Brute force Active Directory
  • 6. Netbios Null Sessions The null session is often refereed to as the Holy Grail of Windows hacking. Null sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) You can establish a null session with a Windows (NT/2000/XP) host by logging on with a null user name and password Using these null connections allows you to gather the following information from the host: List of users and groups List of machines List of shares Users and host SIDs (Security Identifiers)
  • 7. So What's the Big Deal? Anyone with a NetBIOS connection to your computer can easily get a full dump of all your user names, groups, shares, permissions, policies, services, and more using the null user. The attacker now has a channel over which to attempt various techniques. The CIFS/SMB and NetBIOS standards in Windows 2000 include APIs that return rich information about a machine via TCP port 139—even to unauthenticated users. This works on Windows 2000/XP systems, but not on Win 2003 The following syntax connects to the hidden Inter Process Communication 'share' (IPC$) at IP address 192.34.34.2 with the built-in anonymous user (/u:'''') with a ('''') null password
  • 8. Tool: DumpSec www.systemtools.com/somarsoft/ DumpSec reveals shares over a null session with the target computer. It allows users to remotely connect to any computer and dump permissions, audit settings, and ownership for the Windows NT/2000 file system. Hackers can choose to dump either NTFS or share permissions. It can also dump permissions for printers and the registry
  • 11. NBTScan http:// www.inetcat.org/software/nbtscan.html . NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. NBTscan uses port 137 UDP for sending queries.
  • 12. Hacking Tool: GetAcct GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines. Downloadable from (www.securityfriday.com)
  • 13. Null Session Countermeasure Null sessions require access to TCP 139 and/ or TCP 445 ports. You could also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface. Edit the registry to restrict the anonymous user. 1. Open regedt32, navigate to HKLM\SYSTEM\CurrentControlSet\LSA 2. Choose edit | add value value name: ResticAnonymous Data Type: REG_WORD Value: 2
  • 14. PS Tools PS Tools was developed by Mark Russinovich of SysInternals, and contains a collection of enumeration tools. Some of the tools require user authentication to the system: PsExec - Executes processes remotely PsFile - Shows files opened remotely PsGetSid - Displays the SID of a computer or a user PsKill - Kills processes by name or process ID PsInfo - Lists information about a system PsList - Lists detailed information about processes PsLoggedOn - Shows who's logged on locally and via resource sharing PsLogList - Dumps event log records PsPasswd - Changes account passwords PsService - Views and controls services PsShutdown - Shuts down and optionally reboots a computer PsSuspend - Suspends processes PsUptime - Shows how long a system has been running since its last reboot
  • 15. UNIX Enumeration Commands used to enumerate Unix network resources are as follows: showmount: – Finds the shared directories on the machine – [root $] showmount –e 19x.16x. xxx.xx Finger: – Enumerates the user and host – Enables you to view the user’s home directory, login time, idle times, office location, and the last time they both received or read mail – [root$] finger –1 @target.hackme.com rpcinfo: – Helps to enumerate Remote Procedure Call protocol – RPC protocol allows applications to talk to one another over the network – [root] rpcinfo –p 19x.16x.xxx.xx
  • 16. Tool: Winfingerprint Winfingerprint is GUIbased. It has the option of scanning a single host or a continuous network block Has two main windows: IP address range Windows options
  • 17. Enumerate Systems Using Default Passwords