CEH Module 4: Enumeration

Ace your homework & exams now with Quizwiz!

ntpq command

A command that can query the state of an NTP server or client. Monitors it's performance

SMTP (Simple Mail Transfer Protocol)

A communications protocol that enables sending email from a client to a server or between servers.

TCP (Transmission Control Protocol)

A connection-oriented, guaranteed-delivery. protocol used to send data packets between computers over a network like the Internet. Guaranteed packet delivery

FTP (File Transfer Protocol)

A protocol used to move files and folders over a network or the Internet.

SMB (Server Message Block)

Allows devices to communicate with remote computers or servers. let's you share files. Ex Laptop sending print request to company printer.

snmp-check

Allows hackers to enumerate the SNMP devices and place the output in a very human-readable and friendly format.

NTP (Network Time Protocol)

An Internet protocol that enables synchronization of computer clock times in a network of computers by exchanging time signals.

Simple Network management protocol (SNMP) Enumeration

Attacker enumerate SNMP to extract information about network resources, such as host, routers, devices, and shares, and network information such as ARP tables, routing tables, and traffic.

dig command

Can resolve a Fully Qualified Domain Name (FQDN) to an IP address on UNIX hosts.

DSA (LDAP) Discovery System Agent

Clients start an LDAP session by connecting to a directory system agent (DSA)

nbstat

Command used to display the name and status of local or remote computers.

SMTP RCPT TO

Defines/specifies the recipient of the message.

BGP Enumeration

Gain AS information to launch man in the middle, BGP hijacking DOS attacks

VoIP Enumeration

Gains sensitive information such as VoIP gateway/servers, IP-PBX systems, client software (softphones)/VoIP phones User-agent IP addresses and user extensions.

(Server message block) SMB Enumeration

Helps attackers grab OS banners Helps attackers find vulnerabilities that can be used to exploit the server.

NetBIOS Enumerater

Helps to find details such as NetBios names, Usernames, Domain names, and MAC address

Network Basic Input Output System (NetBIOS) Enumeration.

It allows computers to communication over a LAN and allows them to share files and printers. Attackers use the NetBIOS enumeration to obtain: List of computers that belong to a domain. List of shares on the individual hosts on the network Policies and passwords

LDAP enumeration tools

JXplorer- an open source Java application that allows you to browse and search any LDAP directory. LDAP Admin Tool LDAP Account manager LDAP Search Active Directory Explorer (AD Explorer)

MIB

Management Information Base virtual database listing all the network objects that can be managed using SNMP

ntpdc

Monitors operation of the NTP daemon, ntpd

NFS

Network File System Is a client/server application that lets a user view, store, and update files on a remote computer as though they were on the user's own computer.

rwho

Only on Unix/Linux Displays a list of users who are logged in to hosts on the local network

rusers

Only on Unix/Linux Provides a list of users who are logged on to remote machines or machines on local network.

Softerra LDAP Administrator

Provides profile information for users listed within AD

PsTools

PsTools is a suite of very powerful tools that allow you to manage local and remote Windows systems. The package includes tools that can change account passwords, suspend processes, measure network performance, dump event log records, kill processes, or view and control services.

NFS Enumeration Tools

RPCScan- Communicates with RPC services and checks errors on NFS shares. SuperEnum-does the basic enumeration of any open port along with screenshots.

SNMP passwords

Read Community String- public and allows for viewing of device/system configuration. Read/write community string- Private by default, allows for remote editing of configuration.

SoftPerfect Network Scanner

Retrieves practically any information about network devices via WMI, SNMP, HTTP, SSH, and Powershell.

BER (Basic Encoding Rules)

Rules that dictate how information between the client and server are transmitted.

SMTP EXPN

Shows actual delivery addresses of messages.

NetScanTools Pro

Test the process of sending an email message through SMTP server.

(Domain Name System) DNS Enumeration

The process of using easily accessible DNS records to find out the target network's internal hosts. Enumerating the number of domains and sub-domains can reveal how large or small the organization may be.

Why Enumerate LDAP?

This protocol has access to active directory services. Enumerating LDAP may return information about usernames, addresses, servers, and other sensitive information which can help the attacker perform an attack.

Why Enumerate NTP

To get list of Connected Host IP addresses System names Operating Systems Internal IP's

NetScanTools Pro

Tool that allows you to test the process of sending an email message through an SMTP server.

net view (command)

Used to obtain a list of all the shared resources of a remote host or workgroup. netview \\<computername>

SMTP vrfy command

Verify users

(Domain Name System Security Extensions) DNSSEC Zone Walking

a DNS enumeration technique where an attacker attempts to obtain internal records of the DNS server if the DNS zone is not properly configured.

smtp-user-enum

a tool for enumerating OS-level user accounts on Solaris via the SMTP service (Sendmail).

smtp-user-enum

a tool for enumerating OS-level user accounts on Solaris via the SMTP service (sendmail).

SNMP uses managers and:

agents

sudo (super user do)

allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. temporary elevates privileges

Why Enumerate NFS

allows attackers to Identify the exported directories. List of clients connected to the NFS server. IP addresses Shared data

SNMPcheck

allows you to enumerate the SNMP devices and places the output in a very human readable friendly format.

UDP (User Datagram Protocol)

connectionless protocol that does not require a connection to send a packet and does not guarantee that the packet arrives at its destination

(Remote procedure call) RPC Enumeration

discovers what services are running on what port numbers.

finger

displays information about users on a remote system, including things such as last log-in time and username. It is primarily used in Linux.

ntptrace

follows the chain of NTP servers back to their master time source.

IPsec Enumeration

is a technique where attackers enumerate sensitive information such as encryption and hashing algorithm, authentication type, key distribution algorithm, and Security associations Life Duration.

BGP (Border Gateway Protocol)

is the routing protocol for the Internet. Much like the post office processing mai

Command to receive a specific target's MAC address and NetBIOS name.

nbstat NSE script

Command for Netbios name of remote computer

nbstate -a <IP address>

Command to view the Netbios name of a (specific) remote computer

nbstate -a <IP address>

Command to view stored NetBIOS names on computer

nbtstat -c

(linPEAS) Linux local Privilege Escalation Awesome Script

script that searches for possible paths to escalate privileges on Linux/Unix

NTP (Network Time Protocol)

synchronization of computer clock times in a network of computers by exchanging time signals. UDP 123

Enumeration

the process of extracting usernames, machine names, and network information for malicious intent.

Why Enumerate SMTP

to collect list of users on the SMTP server. it's performed by inspecting the responses to VRFY, EXPN, and RCPT TO


Related study sets

Medical Terminology, Female reproductive system

View Set

Neuro/Psych 277 Inside the Disorderd Brain Duke Final

View Set

Section 3 - Psychology and Communication

View Set

Questions -- Image production (CT Bootcamp) -- Image Display

View Set

Khan Academy-Structure of Water and Hydrogen Bonding

View Set