Scribd Logo
Upload

Welcome to Scribd!

  • Lecture 5 Enumeration-1

    Uploaded by

    Arwa Juma Al Busaidi
    18 views31 pages
    The document discusses enumeration, which involves active connections to a target system to gain information. Attackers use tools like Nmap, SNMP, LDAP, DNS utilities to discover network resources, shares, machine names, users and more. Countermeasures include disabling unnecessary services like SNMP, securing protocols, strong access controls and logging.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses enumeration, which involves active connections to a target system to gain information. Attackers use tools like Nmap, SNMP, LDAP, DNS utilities to discover network resources, shares, machine names, users and more. Countermeasures include disabling unnecessary services like SNMP, securing protocols, strong access controls and logging.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    18 views31 pages

    Lecture 5 Enumeration-1

    Uploaded by

    Arwa Juma Al Busaidi
    The document discusses enumeration, which involves active connections to a target system to gain information. Attackers use tools like Nmap, SNMP, LDAP, DNS utilities to discover network resources, shares, machine names, users and more. Countermeasures include disabling unnecessary services like SNMP, securing protocols, strong access controls and logging.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 31

    Lecture 5

    Enumeration
    Outline

     Enumeration
     Information obtained from the Enumeration
     Techniques of Enumeration
     Enumeration types :
    NETBIOS , SNMP , LDAP , NTP , NFS , DNS , UNIX , Telnet
     Countermeasure
    Enumeration
     Enumeration involves an attacker creating active connections with a
    target system and performing directed queries to gain more
    information about the target
     Attackers use the extracted information to identify points for a
    system attack and perform password attacks to gain unauthorized
    access to information system resources
     Enumeration techniques are conducted in an intranet environment
    Information obtained from Enumeration
     Network Resources
     Network Shares
     Routing Tables
     Machine Names
     Users and Groups
     Application and Banners
     SNMP and FQDN details
     Audit and Service Settings
    Enumeration Tools
     NetBIOS Enumerator
     NMAP
     nmap –sV -v --script nbtstat.nse <target _ IP @ >
     Advanced IP Scanner
     Hyena
     Global Network Inventory
    SNMP Enumeration Tools
     Snmpcheck (snmp_enum Module)
     Softperfect Network Scanner
     Network Performance Monitor ( www.solarwinds.com)
     Engineers ToolSet
    LDAP Enumeration Tools
     Softerra LDAP Administrator
     LDAP Admin Tool( https://ldapsoft.com)
     LDAP Account Manager(https://ldap-account-manager.org)
     LDAP Search (https://securityxploded.com)
    NTP Enumeration Tools
     PRTG Network Monitor
     NMAP
     Wireshark
     NTP Server Scanner
    DNS Enumeration using Zone Transfer

     DNS Zone transfer is the process of transferring a copy of the DNS


    Zone file from the primary DNS server to the secondary DNS server
     An attacker can perform DNS Zone transfer( if enabled in the target )
    and enumerate information such as DNS server names, hostnames,
    machine names, usernames, and IP addresses assigned within a target
    domain
     Tools such as : nslookup, dig command, DNS Recon can be used
    DNS Enumeration using Zone Transfer
    UNIX / LINUX Enumeration
     Unix / Linux user enumeration provides a list of users along with
    details such as username, host name, start date, and time of each
    session
     The following command–line utilities can be used to perform Unix /
    Linux enumeration
     rusers , rwho , finger
    UNIX / LINUX Enumeration ( contd)
    Telnet Enumeration
     If the Telnet port is found open, attackers can access shared
    information, including the hardware and software information of the
    target
     Telnet enumeration enables attackers to exploit identified
    vulnerabilities and perform brute-force attacks to gain unauthorized
    access to the target and launch further attacks
    • Nmap –p 23 <target domain>
    • Nmap –p 23 –script telnet-ntlm-info <Terget IP>
    • Nmap –p 23 –script telnet-brute.nse -script-args
    Telnet Enumeration (contd)
    Enumeration countermeasures : SNMP
     Remove the SNMP agent or turn off the SNMP service
     If the shutting of SNMP is not an option then change the default
    community string names
     Upgrade to SNMP3 which encrypts the passwords and messages
    Enumeration countermeasures : DNS
     Disable the DNS Zone transfer to the untrusted hosts
     Ensure the private hosts and their IP addresses are not published in
    DNS zone files of public DNS servers
    Enumeration countermeasures : LDAP
     By default LDAP traffic is transmitted unsecured; use SSL or
    StartTLS technology to encrypt the traffic file
     Select a username different from your email address and enable
    account lockout
    Enumeration countermeasures : NFS
     Implement proper permissions( read /write must be restricted to
    specific users) on exported file systems
     Implement firewall rules to block NFS port 2049
     Log requests to access system files on the NFS server
    Enumeration countermeasures : Telnet
     Implement Secure Telnet [ use Encryption]
     Implement strong passwords
     Configure filtering rules
    END

    You might also like