Submit Search
Upload
Ceh v5 module 04 enumeration
•
1 like
•
2,551 views
Vi Tính Hoàng Nam
Follow
Ceh v5 module 04 enumeration
Read less
Read more
Technology
Report
Share
Report
Share
1 of 33
Download now
Download to read offline
Recommended
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
Module 5 Sniffers
Module 5 Sniffers
leminhvuong
MITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
Threat Intelligence
Threat Intelligence
Deepak Kumar (D3)
Footprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
Introduction To OWASP
Introduction To OWASP
Marco Morana
Recommended
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
Module 5 Sniffers
Module 5 Sniffers
leminhvuong
MITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
Threat Intelligence
Threat Intelligence
Deepak Kumar (D3)
Footprinting and reconnaissance
Footprinting and reconnaissance
NishaYadav177
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffers
Vi Tính Hoàng Nam
Introduction To OWASP
Introduction To OWASP
Marco Morana
Network Penetration Testing
Network Penetration Testing
Mohammed Adam
Metasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
NMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Web Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
Ross Wolf
Threat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
System hacking
System hacking
CAS
Intrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
Network scanning
Network scanning
MD SAQUIB KHAN
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
Osint presentation nov 2019
Osint presentation nov 2019
Priyanka Aash
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
Ch 5: Port Scanning
Ch 5: Port Scanning
Sam Bowne
Introduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
Wi-fi Hacking
Wi-fi Hacking
Paul Gillingwater, MBA
Cyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
Intrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
More Related Content
What's hot
Network Penetration Testing
Network Penetration Testing
Mohammed Adam
Metasploit framwork
Metasploit framwork
Deepanshu Gajbhiye
NMAP - The Network Scanner
NMAP - The Network Scanner
n|u - The Open Security Community
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Web Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
Ross Wolf
Threat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
System hacking
System hacking
CAS
Intrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
Network scanning
Network scanning
MD SAQUIB KHAN
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
Osint presentation nov 2019
Osint presentation nov 2019
Priyanka Aash
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
Ch 5: Port Scanning
Ch 5: Port Scanning
Sam Bowne
Introduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
Wi-fi Hacking
Wi-fi Hacking
Paul Gillingwater, MBA
Cyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
Intrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
What's hot
(20)
Network Penetration Testing
Network Penetration Testing
Metasploit framwork
Metasploit framwork
NMAP - The Network Scanner
NMAP - The Network Scanner
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Web Application Security and Awareness
Web Application Security and Awareness
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
Threat hunting for Beginners
Threat hunting for Beginners
System hacking
System hacking
Intrusion detection and prevention system
Intrusion detection and prevention system
Network scanning
Network scanning
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Osint presentation nov 2019
Osint presentation nov 2019
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
Ch 5: Port Scanning
Ch 5: Port Scanning
Introduction to penetration testing
Introduction to penetration testing
Wi-fi Hacking
Wi-fi Hacking
Cyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Intrusion Prevention System
Intrusion Prevention System
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Viewers also liked
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hacking
Vi Tính Hoàng Nam
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
Vi Tính Hoàng Nam
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
Vi Tính Hoàng Nam
CEH - Module4 : Enumeration
CEH - Module4 : Enumeration
Avirot Mitamura
Enumerated data types in C
Enumerated data types in C
Arpana shree
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasures
tharindunew
Snmp mib oid тухай
Snmp mib oid тухай
Khunbish Nyamsuren
Anatomy Of Hack
Anatomy Of Hack
Agnel Chittilappilly
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineering
Vi Tính Hoàng Nam
Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.
Vuz Dở Hơi
Penetration Testing Boot CAMP
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
Viewers also liked
(15)
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hacking
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
CEH - Module4 : Enumeration
CEH - Module4 : Enumeration
Enumerated data types in C
Enumerated data types in C
Presentation buffer overflow attacks and theircountermeasures
Presentation buffer overflow attacks and theircountermeasures
Snmp mib oid тухай
Snmp mib oid тухай
Anatomy Of Hack
Anatomy Of Hack
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineering
Ceh v8 Labs - Module18: Buffer Overflow.
Ceh v8 Labs - Module18: Buffer Overflow.
Penetration Testing Boot CAMP
Penetration Testing Boot CAMP
Similar to Ceh v5 module 04 enumeration
Module 4 Enumeration
Module 4 Enumeration
leminhvuong
File000125
File000125
Desmond Devendran
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
ClubHack
Workshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
ClubHack
How to measure your security response readiness?
How to measure your security response readiness?
Tomasz Jakubowski
Ch06.ppt
Ch06.ppt
RobinRohit2
RemoteAdmin.pptx
RemoteAdmin.pptx
hoangdinhhanh88
File000126
File000126
Desmond Devendran
Module 4 (enumeration)
Module 4 (enumeration)
Wail Hassan
Ce hv6 module 63 botnets
Ce hv6 module 63 botnets
Vi Tính Hoàng Nam
Network security
Network security
Fekadu Abera
Web Server(Apache),
Web Server(Apache),
webhostingguy
Web Server(Apache),
Web Server(Apache),
webhostingguy
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Eric Vanderburg
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
NETWAYS
Class Presentation
Class Presentation
webhostingguy
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
Amazon Web Services
Module 8 System Hacking
Module 8 System Hacking
leminhvuong
Hacking tutorial
Hacking tutorial
MSA Technosoft
Similar to Ceh v5 module 04 enumeration
(20)
Module 4 Enumeration
Module 4 Enumeration
File000125
File000125
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
Workshop on BackTrack live CD
Workshop on BackTrack live CD
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
How to measure your security response readiness?
How to measure your security response readiness?
Ch06.ppt
Ch06.ppt
RemoteAdmin.pptx
RemoteAdmin.pptx
File000126
File000126
Module 4 (enumeration)
Module 4 (enumeration)
Ce hv6 module 63 botnets
Ce hv6 module 63 botnets
Network security
Network security
Web Server(Apache),
Web Server(Apache),
Web Server(Apache),
Web Server(Apache),
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
Class Presentation
Class Presentation
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
Module 8 System Hacking
Module 8 System Hacking
Hacking tutorial
Hacking tutorial
More from Vi Tính Hoàng Nam
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Vi Tính Hoàng Nam
Catalogue 2015
Catalogue 2015
Vi Tính Hoàng Nam
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
Vi Tính Hoàng Nam
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
Vi Tính Hoàng Nam
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Vi Tính Hoàng Nam
Các loại cáp mạng
Các loại cáp mạng
Vi Tính Hoàng Nam
Catalogue 10-2014-new
Catalogue 10-2014-new
Vi Tính Hoàng Nam
Qtx 6404
Qtx 6404
Vi Tính Hoàng Nam
Camera QTX-1210
Camera QTX-1210
Vi Tính Hoàng Nam
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
Vi Tính Hoàng Nam
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
Vi Tính Hoàng Nam
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
Vi Tính Hoàng Nam
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
Vi Tính Hoàng Nam
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
Vi Tính Hoàng Nam
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
Vi Tính Hoàng Nam
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Vi Tính Hoàng Nam
I phone v1.2_e
I phone v1.2_e
Vi Tính Hoàng Nam
More from Vi Tính Hoàng Nam
(20)
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Catalogue 2015
Catalogue 2015
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Các loại cáp mạng
Các loại cáp mạng
Catalogue 10-2014-new
Catalogue 10-2014-new
Qtx 6404
Qtx 6404
Camera QTX-1210
Camera QTX-1210
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
I phone v1.2_e
I phone v1.2_e
Recently uploaded
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Recently uploaded
(20)
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Ceh v5 module 04 enumeration
1.
Module IV Enumeration Ethical Hacking Version
5
2.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: Overview of System Hacking Cycle Enumeration Techniques for Enumeration Establishing Null Session Enumerating User Accounts Null User Countermeasures SNMP Scan SNMP Enumeration MIB SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration AD Enumeration Countermeasures
3.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Overview of SHC Enumeration Establishing Null Session Enumerating User Accounts MIB Null User Countermeasures SNMP Scan AD Enumeration Countermeasures SNMP Util Example SNMP Enumeration Countermeasures Active Directory Enumeration SNMP Enumeration Techniques for Enumeration
4.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Overview of System Hacking Cycle Step 1: Enumerate users • Extract user names using Win 2K enumeration, SNMP probing Step 2: Crack the password • Crack the password of the user and gain access to the system Step 3: Escalate privileges • Escalate to the level of administrator Step 4: Execute applications • Plant keyloggers, spywares, and rootkits on the machine Step 5: Hide files • Use steganography to hide hacking tools, and source code Step 6: Cover your tracks • Erase tracks so that you will not be caught Enumerate Crack Escalate Execute Hide Tracks
5.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited What is Enumeration? Enumeration is defined as extraction of user names, machine names, network resources, shares, and services Enumeration techniques are conducted in an intranet environment Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders: • Network resources and shares • Users and groups • Applications and banners • Auditing settings
6.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Techniques for Enumeration Some of the techniques for enumeration are: • Extract user names using Win2k enumeration • Extract user names using SNMP • Extract user names using email IDs • Extract information using default passwords • Brute force Active Directory
7.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Netbios Null Sessions The null session is often refereed to as the Holy Grail of Windows hacking. Null sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) You can establish a null session with a Windows (NT/2000/XP) host by logging on with a null user name and password Using these null connections allows you to gather the following information from the host: • List of users and groups • List of machines • List of shares • Users and host SIDs (Security Identifiers)
8.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited So What's the Big Deal? Anyone with a NetBIOS connection to your computer can easily get a full dump of all your user names, groups, shares, permissions, policies, services, and more using the null user. The following syntax connects to the hidden Inter Process Communication 'share' (IPC$) at IP address 192.34.34.2 with the built-in anonymous user (/u:'''') with a ('''') null password The attacker now has a channel over which to attempt various techniques. The CIFS/SMB and NetBIOS standards in Windows 2000 include APIs that return rich information about a machine via TCP port 139— even to unauthenticated users. This works on Windows 2000/XP systems, but not on Win 2003 Windows: C:>net use 192.34.34.2IPC$ “” /u:”” Linux: $ smbclient targetipc$ "" –U ""
9.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: DumpSec DumpSec reveals shares over a null session with the target computer
10.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited NetBIOS Enumeration Using Netview The Netview tool allows you to gather two essential bits of information: 1. List of computers that belong to a domain 2. List of shares on individual hosts on the network The first thing a remote attacker will try on a Windows 2000 network is to get a list of hosts attached to the wire net view /domain Net view <some-computer> nbstat -A <some IP>
11.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Nbtstat Enumeration Tool Nbtstat is a Windows command-line tool that can be used to display information about a computer’s NetBIOS connections and name tables Run: nbtstat –A <some ip address> C:nbtstat Displays protocol statistics and current TCP/IP connections using NBT(NetBIOS over TCP/IP). NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-s] [S] [interval] ]
12.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: SuperScan4 A powerful connect-based TCP port scanner, pinger, and hostname resolver Performs ping scans and port scans by using any IP range or by specifying a text file to extract addresses Scans any port range from a built-in list or specified range Resolves and reverse-lookup any IP address or range Modifies the port list and port descriptions using the built-in editor Connects to any discovered open port using user-specified "helper" applications (e.g., Telnet, web browser, FTP), and assigns a custom helper application to any port
13.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Snapshot for Windows Enumeration
14.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: enum Available for download from http://razor.bindview.com enum is a console-based Win32 information enumeration utility Using null sessions, enum can retrieve user lists, machine lists, share lists, name lists, group and membership lists, and password and LSA policy information enum is also capable of rudimentary brute-force dictionary attacks on individual accounts
15.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Enumerating User Accounts Two powerful NT/2000 enumeration tools are: • 1.sid2user • 2.user2sid They can be downloaded at www.chem.msu.su/^rudnyi/NT/ These are command-line tools that look up NT SIDs from user name input and vice versa
16.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: GetAcct GetAcct sidesteps "Restrict Anonymous=1" and acquires account information on Windows NT/2000 machines Downloadable from www.securityfriday.com
17.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Null Session Countermeasures Null sessions require access to TCP 139 and/or TCP 445 ports Null sessions do not work with Windows 2003 You could also disable SMB services entirely on individual hosts by unbinding the WINS Client TCP/IP from the interface Edit the registry to restrict the anonymous user: 1. Open regedt32 and navigate to HKLMSYSTEMCurrentControlSetLSA 2. Choose edit | add value • value name: Restrict Anonymous • Data Type: REG_WORD • Value: 2
18.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited PS Tools PS Tools was developed by Mark Russinovich of SysInternals, and contains a collection of enumeration tools. Some of the tools require user authentication to the system: • PsExec - Executes processes remotely • PsFile - Shows files opened remotely • PsGetSid - Displays the SID of a computer or a user • PsKill - Kills processes by name or process ID • PsInfo - Lists information about a system • PsList - Lists detailed information about processes • PsLoggedOn - Shows who's logged on locally and via resource sharing • PsLogList - Dumps event log records • PsPasswd - Changes account passwords • PsService - Views and controls services • PsShutdown - Shuts down and optionally reboots a computer • PsSuspend - Suspends processes • PsUptime - Shows how long a system has been running since its last reboot
19.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP Enumeration SNMP stands for Simple Network Management Protocol Managers send requests to agents, and the agents send back replies The requests and replies refer to variables accessible to agent software Managers can also send requests to set values for certain variables Traps let the manager know that something significant has happened at the agent's end of things: • A reboot • An interface failure • Or, that something else that is potentially bad has happened Enumerating NT users via SNMP protocol is easy using snmputil GET/SET TRAP Agent Mgmt
20.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Management Information Base MIB provides a standard representation of the SNMP agent’s available information and where it is stored MIB is the most basic element of network management MIB-II is the updated version of the standard MIB MIB-II adds new SYNTAX types and adds more manageable objects to the MIB tree Look for SNMP systems with the community string “public,” which is the default for most systems.
21.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited SNMPutil Example
22.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: Solarwinds It is a set of network management tools The tool set consists of the following: • Discovery • Cisco Tools • Ping Tools • Address Management • Monitoring • MIB Browser • Security • Miscellaneous
23.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: SNScan V1.05 It is a Windows-based SNMP scanner that can effectively detect SNMP- enabled devices on the network It scans specific SNMP ports and uses public and user-defined SNMP community names It is a handy tool for information gathering
24.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Getif SNMP MIB Browser
25.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited UNIX Enumeration Commands used to enumerate Unix network resources are as follows: • showmount: – Finds the shared directories on the machine – [root $] showmount –e 19x.16x. xxx.xx • Finger: – Enumerates the user and host – Enables you to view the user’s home directory, login time, idle times, office location, and the last time they both received or read mail – [root$] finger –1 @target.hackme.com • rpcinfo: – Helps to enumerate Remote Procedure Call protocol – RPC protocol allows applications to talk to one another over the network – [root] rpcinfo –p 19x.16x.xxx.xx
26.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP UNIX Enumeration An SNMP agent in the Unix platform can be enumerated using the snmpwalk tool SNMP running on UDP port 161 can be enumerated using the command: • [root] # nmap –sU –p161 19x.16x.1.60 • Query is passed to any MIB agent with snmpget: – [root] # snmpwalk 19x.16x.x.xx public system. Sysname.x Countermeasures: • Ensure proper configuration with required names “PUBLIC” and “PRIVATE.” • Implement SNMP v3 version, which is a more secure version
27.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited SNMP Enumeration Countermeasures Simplest way to prevent such activity is to remove the SNMP agent or turn off the SNMP service If shutting off SNMP is not an option, then change the default “public” community name Implement the Group Policy security option called “Additional restrictions for anonymous connections.” Access to null session pipes, null session shares, and IPSec filtering should also be restricted
28.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Tool: Winfingerprint Winfingerprint is GUI- based It has the option of scanning a single host or a continuous network block Has two main windows: • IP address range • Windows options Source: http://winfingerprint.sourceforge.net
29.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Windows Active Directory Attack Tool w2kdad.pl is a perl script that attacks Windows 2000/2003 against Active Directory Enumerates users and passwords in a native W2k AD There is an option to use SNMP to gather user data, as well as a DoS option to lock out every user found A successful DoS attack will depend on whether or not the domain has account lockout enabled
30.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited IP Tools Scanner IP Tools is a complete suite of 19 essential TCP/IP networking utilities that includes : • Local Info • Connections Monitor • NetBIOS Scanner • Shared resources • Scanner, SNMP • Scanner, HostName • Scanner, Ports • Scanner, UDP Scanner • Ping Scanner • Trace, LookUp • Finger • WhoIs • Time Synchronizer • Telnet client • HTTP client • IP-Monitor • Hosts Monitor and SNMP Trap Watcher
31.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Enumerate Systems Using Default Passwords Many devices like switches/hubs/routers might still be enabled with “default password” Try to gain access using default passwords www.phenoelit.de/dpl/dpl.html contains interesting list of passwords
32.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Steps to Perform Enumeration 1. Extract user names using win 2k enumeration 2. Gather information from the host using null sessions 3. Perform Windows enumeration using the tool Super Scan4 4. Get the users’ accounts using the tool GetAcct 5. Perform an SNMP port scan using the tool SNScan V1.05
33.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Summary Enumeration involves active connections to systems and directed queries The type of information enumerated by intruders includes network resources and shares, users and groups, and applications and banners Crackers often use Null sessions to connect to target systems NetBIOS and SNMP enumerations can be disguised using tools such as snmputil, and nat Tools such as user2sid, sid2user, and userinfo can be used to identify vulnerable user accounts
Download now