SlideShare a Scribd company logo

Ceh v5 module 04 enumeration

Vi Tính Hoàng Nam
Vi Tính Hoàng Nam

Ceh v5 module 04 enumeration

Technology
1 of 33
Download to read offline
Module IV Enumeration Ethical Hacking Version 5
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: Overview of System Hacking Cycle Enumeration Techniques for Enumeration Establishing Null Session Enumerating User Accounts Null User Countermeasures SNMP Scan SNMP Enumeration MIB SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration AD Enumeration Countermeasures
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Overview of SHC Enumeration Establishing Null Session Enumerating User Accounts MIB Null User Countermeasures SNMP Scan AD Enumeration Countermeasures SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration SNMP Enumeration Techniques for Enumeration
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Overview of System Hacking Cycle Step 1: Enumerate users • Extract user names using Win 2K enumeration, SNMP probing Step 2: Crack the password • Crack the password of the user and gain access to the system Step 3: Escalate privileges • Escalate to the level of administrator Step 4: Execute applications • Plant keyloggers, spywares, and rootkits on the machine Step 5: Hide files • Use steganography to hide hacking tools, and source code Step 6: Cover your tracks • Erase tracks so that you will not be caught Enumerate Crack Escalate Execute Hide Tracks
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited What is Enumeration? Enumeration is defined as extraction of user names, machine names, network resources, shares, and services Enumeration techniques are conducted in an intranet environment Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders: • Network resources and shares • Users and groups • Applications and banners • Auditing settings
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Techniques for Enumeration Some of the techniques for enumeration are: • Extract user names using Win2k enumeration • Extract user names using SNMP • Extract user names using email IDs • Extract information using default passwords • Brute force Active Directory
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Netbios Null Sessions The null session is often refereed to as the Holy Grail of Windows hacking. Null sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) You can establish a null session with a Windows (NT/2000/XP) host by logging on with a null user name and password Using these null connections allows you to gather the following information from the host: • List of users and groups • List of machines • List of shares • Users and host SIDs (Security Identifiers)
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited So What's the Big Deal? Anyone with a NetBIOS connection to your computer can easily get a full dump of all your user names, groups, shares, permissions, policies, services, and more using the null user. The following syntax connects to the hidden Inter Process Communication 'share' (IPC$) at IP address 192.34.34.2 with the built-in anonymous user (/u:'''') with a ('''') null password The attacker now has a channel over which to attempt various techniques. The CIFS/SMB and NetBIOS standards in Windows 2000 include APIs that return rich information about a machine via TCP port 139— even to unauthenticated users. This works on Windows 2000/XP systems, but not on Win 2003 Windows: C:>net use 192.34.34.2IPC$ “” /u:”” Linux: $ smbclient targetipc$ "" –U ""
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: DumpSec DumpSec reveals shares over a null session with the target computer
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited NetBIOS Enumeration Using Netview The Netview tool allows you to gather two essential bits of information: 1. List of computers that belong to a domain 2. List of shares on individual hosts on the network The first thing a remote attacker will try on a Windows 2000 network is to get a list of hosts attached to the wire net view /domain Net view <some-computer> nbstat -A <some IP>
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Nbtstat Enumeration Tool Nbtstat is a Windows command-line tool that can be used to display information about a computer’s NetBIOS connections and name tables Run: nbtstat –A <some ip address> C:nbtstat Displays protocol statistics and current TCP/IP connections using NBT(NetBIOS over TCP/IP). NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-s] [S] [interval] ]
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: SuperScan4 A powerful connect-based TCP port scanner, pinger, and hostname resolver Performs ping scans and port scans by using any IP range or by specifying a text file to extract addresses Scans any port range from a built-in list or specified range Resolves and reverse-lookup any IP address or range Modifies the port list and port descriptions using the built-in editor Connects to any discovered open port using user-specified "helper" applications (e.g., Telnet, web browser, FTP), and assigns a custom helper application to any port
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Snapshot for Windows Enumeration
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: enum Available for download from http://razor.bindview.com enum is a console-based Win32 information enumeration utility Using null sessions, enum can retrieve user lists, machine lists, share lists, name lists, group and membership lists, and password and LSA policy information enum is also capable of rudimentary brute-force dictionary attacks on individual accounts
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Enumerating User Accounts Two powerful NT/2000 enumeration tools are: • 1.sid2user • 2.user2sid They can be downloaded at www.chem.msu.su/^rudnyi/NT/ These are command-line tools that look up NT SIDs from user name input and vice versa
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: GetAcct GetAcct sidesteps "Restrict Anonymous=1" and acquires account information on Windows NT/2000 machines Downloadable from www.securityfriday.com
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Null Session Countermeasures Null sessions require access to TCP 139 and/or TCP 445 ports Null sessions do not work with Windows 2003 You could also disable SMB services entirely on individual hosts by unbinding the WINS Client TCP/IP from the interface Edit the registry to restrict the anonymous user: 1. Open regedt32 and navigate to HKLMSYSTEMCurrentControlSetLSA 2. Choose edit | add value • value name: Restrict Anonymous • Data Type: REG_WORD • Value: 2
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited PS Tools PS Tools was developed by Mark Russinovich of SysInternals, and contains a collection of enumeration tools. Some of the tools require user authentication to the system: • PsExec - Executes processes remotely • PsFile - Shows files opened remotely • PsGetSid - Displays the SID of a computer or a user • PsKill - Kills processes by name or process ID • PsInfo - Lists information about a system • PsList - Lists detailed information about processes • PsLoggedOn - Shows who's logged on locally and via resource sharing • PsLogList - Dumps event log records • PsPasswd - Changes account passwords • PsService - Views and controls services • PsShutdown - Shuts down and optionally reboots a computer • PsSuspend - Suspends processes • PsUptime - Shows how long a system has been running since its last reboot
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP Enumeration SNMP stands for Simple Network Management Protocol Managers send requests to agents, and the agents send back replies The requests and replies refer to variables accessible to agent software Managers can also send requests to set values for certain variables Traps let the manager know that something significant has happened at the agent's end of things: • A reboot • An interface failure • Or, that something else that is potentially bad has happened Enumerating NT users via SNMP protocol is easy using snmputil GET/SET TRAP Agent Mgmt
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Management Information Base MIB provides a standard representation of the SNMP agent’s available information and where it is stored MIB is the most basic element of network management MIB-II is the updated version of the standard MIB MIB-II adds new SYNTAX types and adds more manageable objects to the MIB tree Look for SNMP systems with the community string “public,” which is the default for most systems.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMPutil Example
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: Solarwinds It is a set of network management tools The tool set consists of the following: • Discovery • Cisco Tools • Ping Tools • Address Management • Monitoring • MIB Browser • Security • Miscellaneous
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: SNScan V1.05 It is a Windows-based SNMP scanner that can effectively detect SNMP- enabled devices on the network It scans specific SNMP ports and uses public and user-defined SNMP community names It is a handy tool for information gathering
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Getif SNMP MIB Browser
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited UNIX Enumeration Commands used to enumerate Unix network resources are as follows: • showmount: – Finds the shared directories on the machine – [root $] showmount –e 19x.16x. xxx.xx • Finger: – Enumerates the user and host – Enables you to view the user’s home directory, login time, idle times, office location, and the last time they both received or read mail – [root$] finger –1 @target.hackme.com • rpcinfo: – Helps to enumerate Remote Procedure Call protocol – RPC protocol allows applications to talk to one another over the network – [root] rpcinfo –p 19x.16x.xxx.xx
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP UNIX Enumeration An SNMP agent in the Unix platform can be enumerated using the snmpwalk tool SNMP running on UDP port 161 can be enumerated using the command: • [root] # nmap –sU –p161 19x.16x.1.60 • Query is passed to any MIB agent with snmpget: – [root] # snmpwalk 19x.16x.x.xx public system. Sysname.x Countermeasures: • Ensure proper configuration with required names “PUBLIC” and “PRIVATE.” • Implement SNMP v3 version, which is a more secure version
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP Enumeration Countermeasures Simplest way to prevent such activity is to remove the SNMP agent or turn off the SNMP service If shutting off SNMP is not an option, then change the default “public” community name Implement the Group Policy security option called “Additional restrictions for anonymous connections.” Access to null session pipes, null session shares, and IPSec filtering should also be restricted
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: Winfingerprint Winfingerprint is GUI- based It has the option of scanning a single host or a continuous network block Has two main windows: • IP address range • Windows options Source: http://winfingerprint.sourceforge.net
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Windows Active Directory Attack Tool w2kdad.pl is a perl script that attacks Windows 2000/2003 against Active Directory Enumerates users and passwords in a native W2k AD There is an option to use SNMP to gather user data, as well as a DoS option to lock out every user found A successful DoS attack will depend on whether or not the domain has account lockout enabled
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited IP Tools Scanner IP Tools is a complete suite of 19 essential TCP/IP networking utilities that includes : • Local Info • Connections Monitor • NetBIOS Scanner • Shared resources • Scanner, SNMP • Scanner, HostName • Scanner, Ports • Scanner, UDP Scanner • Ping Scanner • Trace, LookUp • Finger • WhoIs • Time Synchronizer • Telnet client • HTTP client • IP-Monitor • Hosts Monitor and SNMP Trap Watcher
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Enumerate Systems Using Default Passwords Many devices like switches/hubs/routers might still be enabled with “default password” Try to gain access using default passwords www.phenoelit.de/dpl/dpl.html contains interesting list of passwords
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Steps to Perform Enumeration 1. Extract user names using win 2k enumeration 2. Gather information from the host using null sessions 3. Perform Windows enumeration using the tool Super Scan4 4. Get the users’ accounts using the tool GetAcct 5. Perform an SNMP port scan using the tool SNScan V1.05
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Summary Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders includes network resources and shares, users and groups, and applications and banners Crackers often use Null sessions to connect to target systems NetBIOS and SNMP enumerations can be disguised using tools such as snmputil, and nat Tools such as user2sid, sid2user, and userinfo can be used to identify vulnerable user accounts

Recommended

Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanningVi Tính Hoàng Nam
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 

Recommended

Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanningVi Tính Hoàng Nam
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingVi Tính Hoàng Nam
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffersVi Tính Hoàng Nam
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprintingVi Tính Hoàng Nam
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)Wail Hassan
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowVi Tính Hoàng Nam
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingVi Tính Hoàng Nam
 

More Related Content

What's hot

Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)Wail Hassan
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 

What's hot (20)

Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffers
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scanner
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 

Viewers also liked

Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowVi Tính Hoàng Nam
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)Vi Tính Hoàng Nam
 
CEH - Module4 : Enumeration
CEH - Module4 : EnumerationCEH - Module4 : Enumeration
CEH - Module4 : EnumerationAvirot Mitamura
 
Enumerated data types in C
Enumerated data types in CEnumerated data types in C
Enumerated data types in CArpana shree
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasuresPresentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasurestharindunew
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Vuz Dở Hơi
 

Viewers also liked (13)

Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflowCeh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hacking
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
 
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
 
CEH - Module4 : Enumeration
CEH - Module4 : EnumerationCEH - Module4 : Enumeration
CEH - Module4 : Enumeration
 
Enumerated data types in C
Enumerated data types in CEnumerated data types in C
Enumerated data types in C
 
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasuresPresentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasures
 
Snmp mib oid тухай
Snmp mib oid тухайSnmp mib oid тухай
Snmp mib oid тухай
 
Anatomy Of Hack
Anatomy Of HackAnatomy Of Hack
Anatomy Of Hack
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 

Similar to Ceh v5 module 04 enumeration

Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumerationleminhvuong
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric VanderburgNetworking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric VanderburgEric Vanderburg
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 

Similar to Ceh v5 module 04 enumeration (20)

Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumeration
 
File000125
File000125File000125
File000125
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Ch06.ppt
Ch06.pptCh06.ppt
Ch06.ppt
 
RemoteAdmin.pptx
RemoteAdmin.pptxRemoteAdmin.pptx
RemoteAdmin.pptx
 
File000126
File000126File000126
File000126
 
Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
 
Network security
Network securityNetwork security
Network security
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache),
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache),
 
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric VanderburgNetworking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
 
Class Presentation
Class PresentationClass Presentation
Class Presentation
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Hacking
HackingHacking
Hacking
 

More from Vi Tính Hoàng Nam

CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)Vi Tính Hoàng Nam
 
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnTl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnVi Tính Hoàng Nam
 
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108Vi Tính Hoàng Nam
 
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesBrochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesVi Tính Hoàng Nam
 
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoNSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoVi Tính Hoàng Nam
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangVi Tính Hoàng Nam
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangVi Tính Hoàng Nam
 
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQPEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQVi Tính Hoàng Nam
 
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EHRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EVi Tính Hoàng Nam
 
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhRPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhVi Tính Hoàng Nam
 
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhRPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhVi Tính Hoàng Nam
 
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhHCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhVi Tính Hoàng Nam
 
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhHCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhVi Tính Hoàng Nam
 

More from Vi Tính Hoàng Nam (20)

CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
 
Catalogue 2015
Catalogue 2015Catalogue 2015
Catalogue 2015
 
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vnTl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
 
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁTCATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
 
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
 
Các loại cáp mạng
Các loại cáp mạngCác loại cáp mạng
Các loại cáp mạng
 
Catalogue 10-2014-new
Catalogue 10-2014-newCatalogue 10-2014-new
Catalogue 10-2014-new
 
Qtx 6404
Qtx 6404Qtx 6404
Qtx 6404
 
Camera QTX-1210
Camera QTX-1210Camera QTX-1210
Camera QTX-1210
 
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 SeriesBrochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
 
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báoNSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quangSLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
 
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQPEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
 
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008EHRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
 
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênhRPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
 
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênhRPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
 
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênhHCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
 
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênhHCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
 
I phone v1.2_e
I phone v1.2_eI phone v1.2_e
I phone v1.2_e
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Ceh v5 module 04 enumeration

  • 2. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: Overview of System Hacking Cycle Enumeration Techniques for Enumeration Establishing Null Session Enumerating User Accounts Null User Countermeasures SNMP Scan SNMP Enumeration MIB SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration AD Enumeration Countermeasures
  • 3. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Overview of SHC Enumeration Establishing Null Session Enumerating User Accounts MIB Null User Countermeasures SNMP Scan AD Enumeration Countermeasures SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration SNMP Enumeration Techniques for Enumeration
  • 4. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Overview of System Hacking Cycle Step 1: Enumerate users • Extract user names using Win 2K enumeration, SNMP probing Step 2: Crack the password • Crack the password of the user and gain access to the system Step 3: Escalate privileges • Escalate to the level of administrator Step 4: Execute applications • Plant keyloggers, spywares, and rootkits on the machine Step 5: Hide files • Use steganography to hide hacking tools, and source code Step 6: Cover your tracks • Erase tracks so that you will not be caught Enumerate Crack Escalate Execute Hide Tracks
  • 5. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited What is Enumeration? Enumeration is defined as extraction of user names, machine names, network resources, shares, and services Enumeration techniques are conducted in an intranet environment Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders: • Network resources and shares • Users and groups • Applications and banners • Auditing settings
  • 6. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Techniques for Enumeration Some of the techniques for enumeration are: • Extract user names using Win2k enumeration • Extract user names using SNMP • Extract user names using email IDs • Extract information using default passwords • Brute force Active Directory
  • 7. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Netbios Null Sessions The null session is often refereed to as the Holy Grail of Windows hacking. Null sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) You can establish a null session with a Windows (NT/2000/XP) host by logging on with a null user name and password Using these null connections allows you to gather the following information from the host: • List of users and groups • List of machines • List of shares • Users and host SIDs (Security Identifiers)
  • 8. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited So What's the Big Deal? Anyone with a NetBIOS connection to your computer can easily get a full dump of all your user names, groups, shares, permissions, policies, services, and more using the null user. The following syntax connects to the hidden Inter Process Communication 'share' (IPC$) at IP address 192.34.34.2 with the built-in anonymous user (/u:'''') with a ('''') null password The attacker now has a channel over which to attempt various techniques. The CIFS/SMB and NetBIOS standards in Windows 2000 include APIs that return rich information about a machine via TCP port 139— even to unauthenticated users. This works on Windows 2000/XP systems, but not on Win 2003 Windows: C:>net use 192.34.34.2IPC$ “” /u:”” Linux: $ smbclient targetipc$ "" –U ""
  • 9. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: DumpSec DumpSec reveals shares over a null session with the target computer
  • 10. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited NetBIOS Enumeration Using Netview The Netview tool allows you to gather two essential bits of information: 1. List of computers that belong to a domain 2. List of shares on individual hosts on the network The first thing a remote attacker will try on a Windows 2000 network is to get a list of hosts attached to the wire net view /domain Net view <some-computer> nbstat -A <some IP>
  • 11. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Nbtstat Enumeration Tool Nbtstat is a Windows command-line tool that can be used to display information about a computer’s NetBIOS connections and name tables Run: nbtstat –A <some ip address> C:nbtstat Displays protocol statistics and current TCP/IP connections using NBT(NetBIOS over TCP/IP). NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-s] [S] [interval] ]
  • 12. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: SuperScan4 A powerful connect-based TCP port scanner, pinger, and hostname resolver Performs ping scans and port scans by using any IP range or by specifying a text file to extract addresses Scans any port range from a built-in list or specified range Resolves and reverse-lookup any IP address or range Modifies the port list and port descriptions using the built-in editor Connects to any discovered open port using user-specified "helper" applications (e.g., Telnet, web browser, FTP), and assigns a custom helper application to any port
  • 13. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Snapshot for Windows Enumeration
  • 14. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: enum Available for download from http://razor.bindview.com enum is a console-based Win32 information enumeration utility Using null sessions, enum can retrieve user lists, machine lists, share lists, name lists, group and membership lists, and password and LSA policy information enum is also capable of rudimentary brute-force dictionary attacks on individual accounts
  • 15. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Enumerating User Accounts Two powerful NT/2000 enumeration tools are: • 1.sid2user • 2.user2sid They can be downloaded at www.chem.msu.su/^rudnyi/NT/ These are command-line tools that look up NT SIDs from user name input and vice versa
  • 16. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: GetAcct GetAcct sidesteps "Restrict Anonymous=1" and acquires account information on Windows NT/2000 machines Downloadable from www.securityfriday.com
  • 17. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Null Session Countermeasures Null sessions require access to TCP 139 and/or TCP 445 ports Null sessions do not work with Windows 2003 You could also disable SMB services entirely on individual hosts by unbinding the WINS Client TCP/IP from the interface Edit the registry to restrict the anonymous user: 1. Open regedt32 and navigate to HKLMSYSTEMCurrentControlSetLSA 2. Choose edit | add value • value name: Restrict Anonymous • Data Type: REG_WORD • Value: 2
  • 18. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited PS Tools PS Tools was developed by Mark Russinovich of SysInternals, and contains a collection of enumeration tools. Some of the tools require user authentication to the system: • PsExec - Executes processes remotely • PsFile - Shows files opened remotely • PsGetSid - Displays the SID of a computer or a user • PsKill - Kills processes by name or process ID • PsInfo - Lists information about a system • PsList - Lists detailed information about processes • PsLoggedOn - Shows who's logged on locally and via resource sharing • PsLogList - Dumps event log records • PsPasswd - Changes account passwords • PsService - Views and controls services • PsShutdown - Shuts down and optionally reboots a computer • PsSuspend - Suspends processes • PsUptime - Shows how long a system has been running since its last reboot
  • 19. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP Enumeration SNMP stands for Simple Network Management Protocol Managers send requests to agents, and the agents send back replies The requests and replies refer to variables accessible to agent software Managers can also send requests to set values for certain variables Traps let the manager know that something significant has happened at the agent's end of things: • A reboot • An interface failure • Or, that something else that is potentially bad has happened Enumerating NT users via SNMP protocol is easy using snmputil GET/SET TRAP Agent Mgmt
  • 20. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Management Information Base MIB provides a standard representation of the SNMP agent’s available information and where it is stored MIB is the most basic element of network management MIB-II is the updated version of the standard MIB MIB-II adds new SYNTAX types and adds more manageable objects to the MIB tree Look for SNMP systems with the community string “public,” which is the default for most systems.
  • 21. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMPutil Example
  • 22. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: Solarwinds It is a set of network management tools The tool set consists of the following: • Discovery • Cisco Tools • Ping Tools • Address Management • Monitoring • MIB Browser • Security • Miscellaneous
  • 23. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: SNScan V1.05 It is a Windows-based SNMP scanner that can effectively detect SNMP- enabled devices on the network It scans specific SNMP ports and uses public and user-defined SNMP community names It is a handy tool for information gathering
  • 24. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Getif SNMP MIB Browser
  • 25. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited UNIX Enumeration Commands used to enumerate Unix network resources are as follows: • showmount: – Finds the shared directories on the machine – [root $] showmount –e 19x.16x. xxx.xx • Finger: – Enumerates the user and host – Enables you to view the user’s home directory, login time, idle times, office location, and the last time they both received or read mail – [root$] finger –1 @target.hackme.com • rpcinfo: – Helps to enumerate Remote Procedure Call protocol – RPC protocol allows applications to talk to one another over the network – [root] rpcinfo –p 19x.16x.xxx.xx
  • 26. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP UNIX Enumeration An SNMP agent in the Unix platform can be enumerated using the snmpwalk tool SNMP running on UDP port 161 can be enumerated using the command: • [root] # nmap –sU –p161 19x.16x.1.60 • Query is passed to any MIB agent with snmpget: – [root] # snmpwalk 19x.16x.x.xx public system. Sysname.x Countermeasures: • Ensure proper configuration with required names “PUBLIC” and “PRIVATE.” • Implement SNMP v3 version, which is a more secure version
  • 27. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP Enumeration Countermeasures Simplest way to prevent such activity is to remove the SNMP agent or turn off the SNMP service If shutting off SNMP is not an option, then change the default “public” community name Implement the Group Policy security option called “Additional restrictions for anonymous connections.” Access to null session pipes, null session shares, and IPSec filtering should also be restricted
  • 28. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: Winfingerprint Winfingerprint is GUI- based It has the option of scanning a single host or a continuous network block Has two main windows: • IP address range • Windows options Source: http://winfingerprint.sourceforge.net
  • 29. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Windows Active Directory Attack Tool w2kdad.pl is a perl script that attacks Windows 2000/2003 against Active Directory Enumerates users and passwords in a native W2k AD There is an option to use SNMP to gather user data, as well as a DoS option to lock out every user found A successful DoS attack will depend on whether or not the domain has account lockout enabled
  • 30. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited IP Tools Scanner IP Tools is a complete suite of 19 essential TCP/IP networking utilities that includes : • Local Info • Connections Monitor • NetBIOS Scanner • Shared resources • Scanner, SNMP • Scanner, HostName • Scanner, Ports • Scanner, UDP Scanner • Ping Scanner • Trace, LookUp • Finger • WhoIs • Time Synchronizer • Telnet client • HTTP client • IP-Monitor • Hosts Monitor and SNMP Trap Watcher
  • 31. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Enumerate Systems Using Default Passwords Many devices like switches/hubs/routers might still be enabled with “default password” Try to gain access using default passwords www.phenoelit.de/dpl/dpl.html contains interesting list of passwords
  • 32. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Steps to Perform Enumeration 1. Extract user names using win 2k enumeration 2. Gather information from the host using null sessions 3. Perform Windows enumeration using the tool Super Scan4 4. Get the users’ accounts using the tool GetAcct 5. Perform an SNMP port scan using the tool SNScan V1.05
  • 33. EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Summary Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders includes network resources and shares, users and groups, and applications and banners Crackers often use Null sessions to connect to target systems NetBIOS and SNMP enumerations can be disguised using tools such as snmputil, and nat Tools such as user2sid, sid2user, and userinfo can be used to identify vulnerable user accounts