Understanding Enumeration in Windows Networks

Slide Note
Embed
Share

Enumeration in Windows networks involves obtaining information about accounts, network resources, shares, users, groups, applications, and banners. Techniques such as Telnet, netcat, Registry enumeration, Windows sources of information like protocols CIFS/SMB and NetBIOS, NetBIOS enumeration, SNMP enumeration, and user and group enumeration are discussed along with countermeasures to secure the network against unauthorized access.


Uploaded on Sep 30, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Enumeration

  2. Local IP addresses (review) Some special IP addresses localhost 127.0.0.1 (loopback address) Internal networks Class A 10.0.0.0 Class B 172.16.0.0 to 172.31.0.0 Class C 192.168.0.0 to 192.168.255.0 Machines behind a firewall can use these internal IP numbers to communicate among them. Only the firewall machine/device (host) needs to have an IP address valid in the Internet.

  3. What is enumeration? Obtain information about accounts, network resources and shares. Categories network resources and shares users and groups applications and banners Techniques (OS specific) Windows UNIX/Linux

  4. Windows applications and banner enumeration Telnet and netcat: same in Windows and UNIX. Telnet: Connect to a known port and see the software it is running, as in this example. Netcat: similar to telnet but provides more information. Countermeasures: log remotely in your applications and edit banners. FTP (TCP 21), SMTP (TCP 25) : close ftp, use ssh (we will see it later). Disable telnet in mail servers, use ssh. Registry enumeration: default in Windows. Server is Administrators only. Tools:regdmp.exe, DumpSec see an example and limitations (more later). Countermeasures: be sure the registry is set for Administrators only and no command prompt is accessible remotely (telnet, etc). .

  5. Windows sources of information Protocolsproviding information: CIFS/SMB and NetBIOS, through TCP port 139, and another SMB port, 445. Banner enumeration is not the main issue. (UDP 137), Null session command: net use \\19x.16x.11x.xx\IPC$ /u: countermeasures: filter out NetBIOS related TCP, UDP ports 135-139 (firewall). disable NetBIOS over TCP/IP see ShieldsUp! page on binding. restrict anonymous using the Local Security Policy applet. More here. GetAcct bypasses these actions (download the GetAcct tool). .

  6. Windows network resources NetBIOS enumeration (if port closed, none work) NetBIOS Domain hosts: net view NetBios Name Table: nbtstat use and example and nbtscan (download). NetBIOS shares: DumpSec, NetBIOS Auditing Tool (NAT), NBTdump (use, output). ShareEnum (download, example). Countermeasures: as discussed previously => close ports 135-139, disable NetBIOS over TCP/IP SNMP enumeration: SolarWinds IP Network Browser (commercial). Countermeasures: close port 445. Windows DNS Zone Transfers: Active Directory is based on DNS and create new vulnerability, but provides tool -- Computer Management Microsoft Management Console (MMC) -- to restrict zone transfers to certain IP numbers.

  7. Windows: user and group enumeration Enumerating Users via NetBIOS: usernames and (common) passwords. Enum(NBTEnum): use and output. DumpSec: output. Countermeasures: as before (close ports, no NetBIOS over TCP/IP) Usingsid2user and user2sid and download them here. Using Cain and Abel for both network resources and user and group enumeration. See manual and download. We will use it again in future classes for more involved uses. Enumerating Users using SNMP: SolarWinds IP Network Browser. See also snmputil. Windows Active Directory enumeration using ldp: Win 2k on added LDAP through the active directory -- you login once (the good) and have access to all resources (the security problem). close ports 389 and 3268. You will not practice this in the course.

Related


More Related Content