Skip this Video
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 7

Enumeration - PowerPoint PPT Presentation

  • Uploaded on

Enumeration. Local IP addresses (review). Some special IP addresses localhost (loopback address) Internal networks Class A Class B to Class C to

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Enumeration' - tao

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
local ip addresses review
Local IP addresses(review)

Some special IP addresses

localhost (loopback address)

Internal networks

Class A

Class B to

Class C to

Machines behind a firewall can use these internal IP numbers to communicate among them.

Only the firewall machine/device (host) needs to have an IP address valid in the Internet.

what is enumeration
What is enumeration?


network resources and shares

users and groups

applications and banners

Techniques (OS specific)



Obtain information about accounts, network

resources and shares.

windows applications and banner enumeration
Windows applications and banner enumeration

Telnet and netcat: same in NT and UNIX.

Telnet: Connect to a known port and see the software it is running, as in this example.

Netcat: similar to telnet but provides more information.

Countermeasures: log remotely in your applications and edit banners.

FTP (TCP 21), SMTP (TCP 25) : close ftp, use ssh (we will see it later). Disable telnet in mail servers, use ssh.

Registry enumeration: default in Win2k and above Server is Administrators only.

Tools: regdmp (NTResource Kit) and DumpSec (seen previously).

Countermeasures: be sure the registry is set for Administrators only and no command prompt is accessible remotely (telnet, etc).

Novell, UNIX, SQL enumeration will be seen in another class.

windows general security
Windows general security

Protocols providing information: CIFS/SMB and NetBIOS, through TCP port 139, and another SMB port, 445.

Banner enumeration is not the main issue. (UDP 137),

Null session command: net use \\19x.16x.11x.xx\IPC$ “” /u:””


filter out NetBIOS related TCP, UDP ports 135-139 (firewall).

disable NetBIOS over TCP/IP see ShieldsUp! page on binding.

restrict anonymous using the Local Security Policy applet. More here. GetAcct bypasses these actions.

Good source of system and hacking tools: Resource kits XP and 7. Some tools were re-written by hackers.

windows network resources
Windows network resources

NetBIOS enumeration (if port closed, none work)

NetBIOS Domain hosts: net view

NetBios Name Table: nbtstatuse and example and nbtscan.

NetBIOS shares: DumpSec, Legion, NetBIOS Auditing Tool (NAT), SMBScanner, NBTdump (use, output).

Countermeasures: as discussed previously = close ports 135-139, disable NetBIOS over TCP/IP

SNMP enumeration: SolarWinds IP Network Browser(commercial, see book).

Countermeasures: Windows close port 445.

Windows DNS Zone Transfers: Active Directory is based on DNS and create new vulnerability, but provides tool -- “Computer Management” Microsoft Management Console (MMC) -- to restrict zone transfers to certain IP numbers.

windows user and group enumeration
Windows: user and group enumeration

Enumerating Users via NetBIOS: usernames and (common) passwords. Enum: use and output. DumpSec: output.

Countermeasures: as before (close ports, no NetBIOS over TCP/IP)

Enumerating Users using SNMP: SolarWinds IP Network Browser. See also snmputiland read more in the book.

Windows Active Directory enumeration using ldp: Win 2k on added LDAP through the active directory -- you login once (the good) and have access to all resources (the security problem).

Threat and countermeasures in the book (better dealt with in Operating Systems):

close ports 389 and 3268,

upgrade all systems to Win2k or above before migrating to Active Directory.