Ceh v8 labs module 04 enumeration

593 views
534 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
593
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
145
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ceh v8 labs module 04 enumeration

  1. 1. CEH Lab M anual E n u m e ra tio n M o d u le 0 4
  2. 2. E n u m e r a tio n E n u m e r a tio n is th e p ro ce ss o f e x tra c tin g u se r nam es, m a ch in e nam es, n e tiro rk resources, shares, a n d services fr o m a system . E n u m e r a tio n is co nd ucted in a n in tr a n e t en viro n m en t. I C ON KEY / Valuable information y ‫ ״‬Test your knowledge — Web exercise m Workbook review La b S cen ario Penetration testing is much more than just running exploits against vulnerable systems like we learned 111 the previous module. 111 fact a penetration test begins before penetration testers have even made contact with the victim systems. As an expert ethical hacker and penetration te s te r you must know how to enum erate target netw orks and extract lists o f computers, user names, user groups, ports, operating systems, machine names, network resources, and services using various enumeration techniques. La b O b jectives The objective o f tins lab is to provide expert knowledge 011 network enumeration and other responsibilities that include: ■ User name and user groups ■ Lists o f computers, their operating systems, and ports ■ Machine names, network resources, and services ■ Lists o f shares 011 individual hosts 011 the network ■ Policies and passwords & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration La b Environm ent To earn‫ ־‬out die lab, you need: ■ Windows Server 2012 as host machine ■ Windows Server 2008, Windows 8 and Windows 7 as virtual machine ■ A web browser with an Internet connection ■ Administrative privileges to nm tools La b Duration Time: 60 Minutes O verview of Enum eration Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted 111 an intranet environment. C E H Lab Manual Page 267 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  3. 3. M odule 04 - Enum eration TASK 1 Overview La b T a s k s Recommended labs to assist you 111 Enumeration: ■ Enumerating a Target Network Using Nm ap Tool ■ Enumerating NetBIOS Using the S uperScan Tool ■ Enumerating NetBIOS Using the N etB IO S E nu m erato r Tool ■ Enumerating a Network Using the S o ftP e rfe c t ■ Enumerating a Network Using SolarW inds N e tw o rk S canner T oo lset ■ Enumerating the System Using H yena La b A n a ly sis Analyze and document the results related to die lab exercise. Give your opinion on your target’s security posture and exposure. P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S LAB. C E H Lab Manual Page 268 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  4. 4. M odule 04 - Enum eration E n u m e r a tin g a T a r g e t N e t w o r k U s in g N m a p E n u m e ra tio n is th e p ro ce ss o f e x tra c tin g u se r nam es, m a ch in e nam es, ■nehvork resources, sha res, a n d services fr o m a system . I C ON KEY 1._ Valuable information s Test vour knowledge O Web exercise T c a Workbook review La b S cen ario 111 fact, a penetration test begins before penetration testers have even made contact with the victim systems. During enumeration, information is systematically collected and individual systems are identified. The pen testers examine the systems in their entirety, which allows evaluating security weaknesses. 11diis lab, we discus Nmap; it 1 uses raw IP packets 111 novel ways to determine what hosts are available on die network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet biters/firewalls are 111 use, it was designed to rapidly scan large networks. By using the open ports, an attacker can easily attack the target machine to overcome this type of attacks network filled with IP filters, firewalls and other obstacles. As an and penetration tester to enum erate a target and extract a list ot computers, user names, user groups, machine names, network resources, and services using various enumeration techniques. expert ethical hacker netw ork La b O b jectives The objective ot tins lab is to help students understand and perform enumeration on target network using various techniques to obtain: ■ User names and user groups ■ Lists of computers, their operating systems, and the ports on them ■ Machine names, network resources, and services ■ Lists of shares on the individual hosts on die network ■ Policies and passwords C E H Lab Manual Page 269 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  5. 5. M odule 04 - Enum eration & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration La b Environm ent To perform die kb, you need: ■ A computer running Windows Server 2 008 as a virtual machine ■ A computer running with Windows Server 2 0 1 2 as a host machine ■ Nmap is located at D:CEH-ToolsCEHv8 Module 04 EnumerationAdditional Enumeration Pen Testing ToolsNmap ■ Administrative privileges to install and mil tools La b Duration Time: 10 Minutes O verview of Enum eration Take asnapshot (a type of quick backup) of your virtual m achine before each lab, because if som ethinggoes wrong, you can go back to it. Enumeration is die process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted 111 an intranet environment La b T a s k s The basic idea 111 dns section is to: ■ Perform scans to find hosts with NetBIOS ports open (135,137-139, 445) ■ Do an nbtstat scan to find generic information (computer names, user names, ]M addresses) on the hosts AC ■ Create a Null Session to diese hosts to gain more information ■ Install and Launch Nmap 111 a Windows Server 2012 machine TASK 1 1. Launch the S ta rt menu by hovering the mouse cursor on the lower-left corner of the desktop. Nbstat and Null Sessions ■ 3 W in d o w s Se rv er 2012 winaowsbtrvw tt)‫׳>׳‬Ke*<$eurK!1 L»uc«mr aau Fvilutor cepj fejiri M T O / Zenmap file installs the following files: * Nmap Core Files * Nmap Path FIGURE 1 : W .1 indow S s erver 2012— Desktopview Click the N m ap-Zenm ap GUI app to open the Z en m ap window. ■W inPcap 4.1.1 ■ Network Interface Import ■ Zenmap (GUI frontend) C E H Lab Manual Page 270 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  6. 6. M odule 04 - Enum eration 5 t3 T t Adm inistrator Server Manager Windows PowerShell Google Chrome Hyper-V Manager r = m o f t Computer Central Panel Hyper-V Virtual Machine... SQL Server Installation Center... Nmap Zenmap GUI O‫־‬ Q *J Command Prompt Global Network Inventory HTTPorl 3.SNFM sS « liflgnr Mozilla Firefox MegaPing £ !* ‫־מ‬ 0c*3Of 1! FIGURE 1 :W .2 indow S s erver 2012— pps A 3. Start your virtual machine running WMcwsSetver2008 4. Now launch die nmap tool 111 die Windows Server 2012 host machine. 5. Perform nmap -O scan for die Windows Server 2008 virtual machine (10.0.0.6) network. Tins takes a few minutes. HU Use the — ossscangu option for best ess resultsin nm ap. Note: IP addresses may vary 111 your lab environment. Zenmap S c jn Target: Tools Profile Help [v ] 10.0.0.6 C om m and: P ro file [S ca n ] | Cancel | nm ap 10.0.0.6 0 ‫־‬ N m ap Output Ports / Hosts [ Topology | Host Details | Scans FIGURE 1 : Hie Zenm Mainw .3 ap indow Nmap performs a scan for die provided target results on die Nmap Output tab. m Nmap.org is die official source for downloadingNmap source code and binaries for Nmap and Zenm ap. C E H Lab Manual Page 271 IP address and outputs die Your tirst target is die computer widi a Windows operating system on which you can see ports 139 and 4 4 5 open. Remember tins usually works only ag a in s t W indow s but may partially succeed 1 other OSes have diese 1 ports open. There may be more dian one system diat has N etB IO S open. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  7. 7. M odule 04 - Enum eration Zenmap TASK 2 Scan T ools £ rofile Help 1 0 V .0.0.6 Find hosts w ith NetBIOS ports open C o m m an d : V P ro file |[Scan] n m a p -0 10.0.0.6 Services N m ap O utput Ports / Hosts | T op olog y | H ost Details | Scans | n m ap -0 10.0.0.6 O S < Host - 1 .0 .6 ‫0. 0 ׳‬ S t a r tin g Nmap 6 .0 1 ( h ttp :/ / n m a p .o r g ) at 2 0 1 2 -0 9 -0 4 1 0 :5 5 Nmap s c a n r e p o r t f o r 1 0 . 0 . 0 . 6 H o s t i s up (0 .0 0 0 1 1 s l a t e n c y ) . N o t s h o w n : 993 f i l t e r e d p o r t s PORT ST AT E S E R V IC E 1 3 5 /tcp op en m srp c 1 3 9 /tcp op en n e t b io s - s s n op en 4 4 5 / tcp r o ic r o s o f t - d s op en 5 5 4 / tc p rts p op en 2 8 6 9 / tc p ic s la p 5 3 5 7 / tc p op en w sdapi 1 0 2 4 3 / tc p op en unknown (M ic r o s o ft) MAC A d d r e s s : W a r n in g : O SS ca n r e s u l t s may b n o t f i n d a t l e a s t 1 op en and 1 c l o s e d p o r t D e v ic e t y p e : g e n e r a l p u rp o s e R u n n in g : M i c r o s o f t W in d o w s 7 |V i s t a | 2008 OS C P E : c p e : / o : m i c r o s o f t : w i n d o w s _ 7 : : p r o f e s s i o n a l o :m ic r o s o f t :w in d o w s _ v is t a : : ‫ ־‬c p e :/ n • ‫ ויזו‬r r n c n ^ t • u i n H n w c Filter Hosts % c‫ • • ־‬c n l /‫ ו‬t‫־‬s» c p e :/ rn s • / FIGURE 1 The Zenm outputw .4: ap indow 8. Now you see that ports 139 and 445 are open and port 139 is using NetBIOS. 9. Now launch die com m and prom pt 111 W indow s S erver 2 0 0 8 virtual machine and perform n b ts ta t on port 139 ot die target machine. 10. Run die command n b ts ta t -A 1 0 .0 .0 .7 . Ha c ‫ י‬A d m in is tr a to r C om m and P ro m p t C : U s e r s A d n in is tr a t o r > n b ts t a t m Nmap has traditionally been a com and-line tool run m from aUNIX shell or (m recendy) aW ore indows com and prom m pt. L o c a l A re a C o n n e c tio n 2 : Node I p A d d r e s s : [ 1 0 . 0 . 0 . 3 ] N e tB IO S R e m o te Nane 1 0 .0 .0 .? = D . J l. A * — S cope Id : M a c h in e [I Name T a b l e Type W IN - D 3 9 M R S H L9E 4<0 0 > WORKGROUP <00> W IN -D 3 9 M R 5 H L 9 E 4 < 2 0 > MAC A d d r e s s -A _x S ta tu s U N IQ U E GROUP U N IQ U E R e g is te re d R e g is te re d R e g is te re d M J1_-2D C :U s e r s A d n in is tr a to r > zl FIGURE 1 : Com andProm w dienbtstat com and .5 m pt ith m 11. We have not even created a null session (an unaudienticated session) yet, and we can still pull tins info down. 3 task3 12. Now c re a te a null session. C reate a Null Session C E H Lab Manual Page 272 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  8. 8. M odule 04 - Enum eration 13. 11the command prompt, type n e t use X .X .X .X IP C $ /u:”” (where 1 X .X .X .X is die address of die host machine, and there are no spaces between die double quotes). cs Administrator: C o m m a n d Prompt . H C:'net use 10.0.0.7IPC$ ""/u:"" L ocal name Renote name W10.0.0.7IPC$ Resource type IPC Status OK # Opens 0 t Connections t 1 The comnand completed successfully. & Net Com and m Syntax: NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] C:> FIGURE 1.6 The com andprom w thenet u com and : m pt ith se m it by issuing a genenc n et sessions from your host. 14. Confirm 15. To confirm, type n et session. use, use command to see connected null which should list your new ly c re a te d null FIGURE 1 : The com andprom , iththenet u com and .7 m pt w se m La b A n a ly sis Analyze and document die results related to die lab exercise. Give your opinion on your target’s security posture and exposure. C E H Lab Manual Page 273 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  9. 9. M odule 04 - Enum eration T o o l/U tility In fo rm atio n C o lle c te d /O b je c tiv e s A chieved T a rg e t M achine: 10.0.0.6 135/tcp, 139/tcp, 445/tcp, 554/tcp, 2869/tcp, 5357/tcp, 10243/tcp L ist o f O p e n P orts: N m ap N e tB IO S R em ote m ach in e IP address: 10.0.0.7 Successful connection of Null session O u tp u t: P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B . Q uestio ns 1. Evaluate what nbtstat -A shows us for each of the Windows hosts. 2. Determine the other options ot nbtstat and what each option outputs. 3. Analyze the net use command used to establish a null session on the target machine. In te rn e t C o n n ectio n R equired □ Yes 0 No P latform S upported 0 C lassroom C E H Lab Manual Page 274 0 !Labs Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  10. 10. M odule 04 - Enum eration Lab E n u m e r a tin g N e tB I O S U s in g t h e S u p erS ca n T ool S /tp e rS c a n is a T C P p o / t scanner, p in g e r, a n d resolver. T h e to o l's fe a tu r e s includ e e x te n siv e W in d o w s h o s t en u m era tio n ca p a b ility, T C P S Y N sca n n in g , a n d U D P scan ning . I C ON KEY [£Z7 Valuable information s — m Test your knowledge Web exercise Workbook review La b S cen ario During enumeration, information is systematically collected and individual systems are identified. The pen testers examine the systems 111 their entirety; tins allows evaluating security weaknesses. 11 this lab we extract die information of NetBIOS 1 information, user and group accounts, network shares, misted domains, and services, which are either running or stopped. SuperScan detects open TCP and UDP ports on a target machine and determines which services are running on those ports; bv using this, an attacker can exploit the open port and hack your machine. As an expert ethical hacker and penetration tester, you need to enumerate target networks and extract lists of computers, user names, user groups, machine names, network resources, and services using various enumeration techniques. La b O b jectives The objective of tins lab is to help students learn and perform NetBIOS enumeration. NetBIOS enumeration is carried out to obtain: ■ List of computers that belong to a domain ■ List of shares on the individual hosts on the network ■ Policies and passwords C E H Lab Manual Page 275 Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  11. 11. M odule 04 - Enum eration La b Environm ent & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration To earn* out die k b, von need: ■ SuperScan tool is located at D:CEH-ToolsCEHv8 Module 04 EnumerationNetBIOS Enumeration ToolsSuperScan ■ You can also download the latest version of SuperScan from tins link http://www.mcatee.com/us/downloads/tree-tools/superscan.aspx ■ A computer running Windows Server 2012 as host machine ■ Windows 8 running on a virtual macliine as target machine ■ Administrative privileges to install and run tools ■ A web browser with an Internet connection m You can also download SuperScan from http:/ / www.foundstone.co La b Duration Time: 10 Minutes O verview of N etB IO S Enum eration 1. The purpose ot NetBIOS enumeration is to gather information, such as: a. Account lockout threshold b. Local groups and user accounts SuperScanis not supported byW indows 95/98/ME. c. Global groups and user accounts 2. Restnct anonymous a. bypass routine and also password checking: Checks for user accounts with blank passwords b. Checks for user accounts with passwords diat are same as die usernames 111 lower case La b T a s k s m. T A S K 1 1. Double-click the S uperS can4 file. The SuperScan window appears. Perform Enumeration C E H Lab Manual Page 276 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  12. 12. M odule 04 - Enum eration m W indows XP Service Pack 2 has rem oved raw sockets support, which nowlim S its uperScan and m other network any scanningtools. Som e functionality can be restored byrunning the net stop SharedA ccess at the W indows com and m prompt before starting SuperScan. is SuperScan features: J Superior scanning speed Support for unlim IP ited ranges Improved host detection usingm ultiple ICMP m ediods TCP SYN scanning UDP scanning (tw o m ediods) 2. Click the Windows Enumeration tab located on the top menu. 3. Enter the Hostname/IP/URL 111 the text box. 111 this lab, we have a W indows 8 virtual machine IP address. These IP addresses may van 111 ‫׳‬ lab environments. 4. Check the types o f enum eration you want to perform. Now, click Enumerate. % >^Tx Sa | Hs a dSrv eDcvry| Sa Otios| To | WdwE mrao~Aot | cn ot n e ic isoe c n p n ols no s me hn| bu Hstn e/IP R 10008 o am /U L | Eu e te | Otios | nmra p n... Eu e tio Tp nm n ye ra IP add import ress supporting ranges and CIDR form ats Sim HTML report ple generation Source port scanning Fast hostnam resolving e Extensive banner grabbing M assive built-in port list description database IP and port scan order random ization SuperScan 4.0 o Ca ler 0 NtB SNmTb e IO a e ale 0 NL Ssio UL es n 0 MC dr se A Adess 0 W s tio tye o ta n p rk 0 Ues s» 0 Gus rp o 0 RCEdo tDm P npin u p 0 AcutPlic s con o ie 0 Sae hr s 0 Dm s oa in 0 RmteT eoDy eo m f a 0 LgnSsios oo es n 0De r s iv 0 T s dDm s r te o a u in 0 Sr ics ev e 0 Rg tr eis y A collection of useful tools (ping, traceroute, W hois etc.) Extensive W indows host enum eration capability Ready -J FIGURE 2.2: S uperScan m windowwith IP ad ress ain d C E H Lab Manual Page 277 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  13. 13. M odule 04 - Enum eration 6. SuperScan starts en um erating the provided hostnam e and displays the results 111 the right pane o f the window. %‫־‬ You canu se SuperScan to performport scan retrieve general s, network inform ation, such a nam lookups and s e traceroutes, and enum erate W indows host inform ation, such a users, groups, and s services. X Su p erScan 4.0 ' Sa | Hs adSrv eDcvr | Sa Otios| To Wd w Eu ea n|Aot | cn ot n e ic isoey cn p n ols n o s nm tio bu r Hstn e/IP R 1.0 .8 o am /UL 0 .0 Eu ea nmr te Otios p n... NtB S inform o 10.0.0.8 e IO ation n Eu ea nTp nm tio ye r 0 NtB SNmTb 4 nms in table e IO a e ale ae WNL Ssio UL es n 0 MC dr se A Adess AM DIN 00 UIQE W N U orkstation service nm ae WKRU O GOP 00 COP W R RU orkstation service nm ae 0 Wr s tio tye okta n p AM DIN 20 UIQE Server services nm NU ae 0 Ues sr WKRU O GOP R IE GOP G u nm RU ro p a e 0 Gus rp o 0 RCEdo tDm M address 0 P npin u p A C '£ 0 AcutPlic s con o ie A pting a NL session connection o 10.0.0.8 ttem UL n 0 Sae hr s s. j? 0 Dm s oa in 0 RmteTn oDy e o »e f a 0 LgnSsios oo es n 0De r s iv 0 Tute Dm s rs d oa in 0 Sr ics ev e 0 Rg tiy eis o 10.0.0.8 n W orkstation/server type o 10.0.0.8 n U o 10.0.0.8 sers n G u s o 10.0.0.8 ro p n RCendpoints o 10.0.0.8 P n E 0 ntry Ready FIGURE 2.3: S p canm w u erS ain indowwith re u s lts 7. Wait for a while to c o m p le te the enumeration process. 8. A lter the com pletion o f the enumeration process, an E num eration com pletion message displays. % Su p erScan 4.0 1 ^ 1 ° r X ‫י‬ Sa | HsadSrv eDcvr | Sa Otios| To Wd w Eu ea n[Aot | cn ot n e ic isoey cn p n ols n o s nm tio bu r Your scancan be configured in tire Host and Service Discovery and S can Options tabs. The S can Options tab lets you control such tilings a s nam resolution and e banner grabbing. Hstn e/IP R 1.0 .8 o am /UL 0 .0 Eu e te | Otios | nmra p n... Eu e tio Tp nm n ye ra 0 N IO NmTb S e S a e ale hares o 10.0.0.8 tB n 0 NL Ss n UL esio 0 M Ad sss A dre e C 0 W s tio tye o ta n p rk Dmin o 10.0.0.8 oas n 0 Urs s e 0 Gus rop n 0 RC npn D p Rmte tim of day o 10.0.0.8 P Edot u m eo e 0 AcutPfcie con o c s Lg n sessions o 10.0.0.8 oo n 0 Sa s hre 0 Dmis oa s 0 RmteT eoD D e o im f a y rives o 10.0.0.8 n 0 LgnSs n oo esios 0 De rivs T rusted Dmin o 10.0.0.8 oas n rute o a in on 0 T s dDm s e ics e a > 0 Srvtry 0 R is e g Rmte services o 10.0.0.8 eo n Ca ler M Rmte registry item o 10.0.0.8 eo s n E eration com 1 num plete 1 ‫✓י‬ Ready Erase Results FIGURE 2.4: S p canm w u erS ain indowwith re u s lts 9. N ow move the scrollbar up to see the results o f the enumeration. C E H Lab Manual Page 278 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  14. 14. M odule 04 - Enum eration 10. To perform a new enumeration on another host name, click the Clear button at the top right of the window. The option erases all the previous results. 'IT £Q SuperScan h four as different ICMP host discoverym ethods available. This isuseful, because w a firew hile all m block ICMP echo ay requests, it m not block ay other ICMP packets, such a tim s estam requests. p SuperScangives you die potential to discover m ore hosts. 03 Su p erScan 4.0 1 ^ ‫־ם‬ x ‫י‬ Sa | Hs a dSrv eDcvry| Sa Otios| To WdwEu e tio | Aot | cn ot n e ic isoe cn p n ols ino s nm n bu ra Hstn e/IP R 10008 o am /U L Eu e te | nmra j Oa | e, B inding: ‫״‬ncacn_ip_tcp:10.0.0.8[49154]‫״‬ Eu ea nTp nm tio ye r O Id: ‫״00000000 -0000 -0000״‬ bject 000000- 0000- 000000 0 NtB SNmTb e IO a e ale A nnotation: "X rv service" «ctS 0 NL Ssio UL es n E 2 ntry 5 Interface: ‫״‬Ia0d010f-lc33-432c-b0f5-8cf4e8053099" ver 0 MC dr se A Adess 1.0 0 Wr s tio tye okta n p B inding: "ncacn_np:10.0.0.8[PIPEat*vc]" 0 s» Ue s O Id: "0000- 0000- 00000000‫״‬ bject 000000- 0000- 000000 0 G us rp o A nnotation: ‫״‬IdS rv ■trvic•" egS 0 RC npinD p E 2 P Edo t u m ntry 6 Interface: ‫״‬Ia0d010f-lc3343 ‫־‬c‫־‬b0fS8‫־‬cf4a305 0 9 ver 2 39" 0 AcutPfcie con o c s 1.0 0 Sa s hre B inding: "ncacn_ip_tcp:10.0.0.8[49154]‫״‬ 0 Dm s oa n bject 000000- 0000- 000000 0 RmteT eoD eo mf a y O Id: ‫״00000000 -0000 -0000״‬ A nnotation: "IdS rv service" egS E 2 ntry 7 0 LgnSs n oo esios Interface: "880fd55e-43b9-lle0-bla8-cf4edfd72085" ver 0 De rivs 1.0 0 T ste Dm s ru d o a in B inding: "ncacn_np:10.0.0.8[WIP W " P S atsvc] 0 Srv e e ics O Id: "0000- 0000- 00000000‫״‬ bject 000000- 0000- 000000 0 Rg try eis A nnotation: " AI Service endpoint" KP E 2 ntry 8 Interface: "880fd55e-43b9-lle0-bla8-cf4edfd72085” ver 1 .0 B inding: "ncacn_ip_tcp:10.0.0.8[49154]‫״‬ O Id: ‫״00000000 -0000 -0000״‬ bject 000000- 0000- 000000 A nnotation: ‫״‬KP Service endpoint" AI E 2 ntry 9 Interface: "880fdS5e-43b9-lle0-bla8-cf4edfd72085" ver Ready FIGURE 2.5: S p canm w u erS ain indowwithre u s lts La b A n a ly sis Analyze and document die results related to die lab exercise. Give your opinion on your target’s security posture and exposure. Tool/Utility Information Collected/Objectives Achieved Enumerating Virtual Machine IP address: 10.0.0.8 SuperScan Tool Performing Enumeration Types: ■ Null Session ■ MAC Address ■ Work Station Type ■ Users ■ Groups ■ Domain ■ Account Policies ■ Registry Output: Interface, Binding, Objective ID, and Annotation C E H Lab Manual Page 279 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  15. 15. M odule 04 - Enum eration P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B . Q uestio ns 1. Analyze how remote registry enumeration is possible (assuming appropriate access nghts have been given) and is controlled by the provided registry.txt tile. 2. As far as stealth is concerned, tins program, too, leaves a rather large footprint in die logs, even 111 SYN scan mode. Determine how you can avoid tins footprint 111 the logs. Internet Connection Required □ Yes 0 No Platform Supported 0 C E H Lab Manual Page 280 Classroom 0 !Labs Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  16. 16. M odule 04 - Enum eration 3 E n u m e r a tin g N e tB I O S U s in g t h e N e tB I O S E n u m e r a to r T o o l E n u m e r a tio n is th e p ro cess o f p r o b in g id e n tifie d services f o r k n o w n w ea kn esses. I C ON KEY / Valuable information Test your knowledge g Web exercise m Workbook review La b S cen ario Enumeration is the first attack 011 a target network; enumeration is the process of gathering the information about a target machine by actively connecting to it. Discover NetBIOS name enumeration with NBTscan. Enumeration means to identify die user account, system account, and admin account. 111 tins lab, we enumerate a machine’s user name, MAC address, and domain group. You must have sound knowledge of enumeration, a process that requires an active connection to the machine being attacked. A hacker enumerates applications and banners ni addition to identifying user accounts and shared resources. La b O b jectives The objective of this lab is to help students learn and perform NetBIOS enumeration. The purpose of NetBIOS enumeration is to gather the following information: ■ Account lockout threshold ■ Local groups and user accounts ■ Global groups and user accounts ■ To restrict anonymous bypass routine and also password checking for user accounts with: & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration C E H Lab Manual Page 281 • Blank passwords • Passwords that are same as the username 111 lower case La b Environm ent To earn‫ ־‬out die lab, you need: Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  17. 17. M odule 04 - Enum eration ■ NETBIOS Enumerator tool is located at D:CEH-ToolsCEHv8 Module 04 E nu m eratio n N etB IO S E num eration T oo lsN etB IO S E num erator ■ You can also download the latest version of N etB IO S the link http:// nbtenum.sourceforge.11et/ E nu m erato r from ■ If you decide to download the latest version, then screenshots shown m the lab might differ ■ Run tins tool in W indow s S erver 2 0 1 2 ■ Administrative privileges are required to nan this tool La b Duration Time: 10 Minutes O verview of Enum eration Enumeration involves making active connections, so that they can be logged. Typical information attackers look for 111 enumeration includes user account names for future password guessing attacks. NetBIOS Enumerator is an enumeration tool that shows how to use rem ote network support and to deal with some other interesting web techniques, such as SMB. La b T a s k s NetBIOS Enumerator ! f k j I P range to scan from: | t o :|| Scan | Clear Settings X Performing Enumeration using NetBIOS Enumerator 1. To launch NetBIOS Enumerator go to D:CEH-ToolsCEHv8 Module 04 EnumerationNetBIOS Enumeration ToolsNetBIOS Enumerator, and double-click NetBIOS Enum erater.exe. ‫ם‬ 1 1 TASK 1 £ | Your local ip: 10.0.0.7 W [1 ...2 54 ] Debug window A m NetBIOS is designed to help troubleshoot NetBIOS nam resolution e problem When a network s. is functioning norm ally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS nam to IP ad resses. es d ‫לעב‬ FIGURE 3.1: NetBIOS Enum erator m w ain indow C E H Lab Manual Page 282 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  18. 18. M odule 04 - Enum eration 2. In the IP range to scan section at the top left of the window, enter an IP range in from and to text fields. 3. Click Scan. m Feature: Added port scan GUI - ports can b e added, deleted, edited Dynam m ory ic em m anagem ent NetBIOS Enumerator IP range to scan fron :| 10.0.0.1 to | 10.0.0.501 Scan Clear T ZL^ 1 * ' Settings Your local ip: 10.0.0.7 W [1 ...2 54 ] Debug window Threaded work (64 ports scanned at once) m Network function SMB scanningis also im plem ented and running. FIGURE 3.2: NetBIOS Enum eratorwithIP ran eto s a g cn 4. NetBIOS Enumerator starts scanning for die range of IP addresses provided. m The network function, NetServerGetlnfo, is also im plem ented in this tool. C E H Lab Manual Page 283 5. After the compledon of scanning, die results are displayed in die left pane of die window. 6. A Debug w indow section, located 111 the right pane, show’s the scanning of die inserted IP range and displays Ready! after completion of the scan. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  19. 19. M odule 04 - Enum eration NetBIOS Enumerator a f i ) IP rang e to scan Scan from :| 1 0 .0 .0 .1 ]1 0 .0 .0 .7 to : | 1 0 .0 .0 .5 0 P B ? 0 N etB IO S Names (3) ^ Q=* The protocol SNMP is im plem ented and running on all versions of W indows. [1 ...2 5 4 ] 10.0.0.3 [WIN-ULY858KHQIP] |U l~ 2 f ‫י‬ Settings Your local ip: W IN -U LY858KH Q IP - W orkstation Service Debog window Scanning from: to : 1 0 .0 .0 .5 0 R eady! WORKGROUP - Domain Name W IN -U LY858KH Q IP - R le Server Service U sername: (No one logged on) Domain: WORKGROUP Of Round Trip Tim e (RTT): 3 ms - Tim e To Live ( m i S ? 3 1 0 .0 .0 .6 [ADMIN-PC] H I N etB IO S Names (6) % A DMIN-PC - W orkstation Service ‫י‬ WORKGROUP - Domain Name A DMIN-PC - R le Server Service ^ §5 WORKGROUP - Potential M aster Browser % WORKGROUP - M aster Browser ^ □ □ _ M S B R O W S E _ □ □ - M a s t e r Browser Username: (No one logged on) I— ET Domain: WORKGROUP ,r ■— | 5 Of R o u n d T n p T im e (RTT): 0 ms -T im e T o U ve (TTl. — B ? 1 0 .0 .0 .7 [W IN -D 39M R 5H L9E4] 0 • E 3 N etB IO S Names (3) ! Q Username: (No one logged on) [ { Of Domain: WORKGROUP ■<‫״ ״‬ # ‫.- ע‬t. 5 • O f Round Trip Tim e (RTT): 0 ms -T im e To Lrve ( T H ^ - FIGURE 3.3: NetBIOS Enum erator re u s lts 7. To perform a new scan or rescan, click Clear. 8. If you are going to perform a new scan, die previous scan results are erased. La b A n a ly sis Analyze and document die results related to die lab exercise. Tool/Utility Information Collected/Objectives Achieved IP Address Range: 10.0.0.1 — 10.0.0.50 NetBIOS Enumerator Tool C E H Lab Manual Page 284 Result: ■ Machine Name ■ NetBIOS Names ■ User Name ■ Domain ■ MAC Address ■ Round Trip Time (RTT) Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  20. 20. M odule 04 - Enum eration P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L AB . Internet Connection Required □Y es Platform Supported 0 Classroom C E H Lab Manual Page 285 0 No 0 !Labs Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  21. 21. M odule 04 - Enum eration E n u m e r a tin g a N e t w o r k U s in g S o ftP e r fe c t N e tw o r k S c a n n e r JT ffP e fe c t N e t)) 01‫׳‬k S c a n n e r is a fr e e m u lti-th re a d e d IP , N e tB I O S , a n d S N M P o sca n n er n ith a m o d ern in terface a n d m a n y a d va n ced fe a t//re s. I C ON KEY [^7 Valuable information y Test your knowledge — Web exercise m Workbook review La b S cen ario To be an expert ethical hacker and penetration tester, you must have sound knowledge of enumeration, which requires an active connection to the machine being attacked. A hacker enumerates applications and banners 111 addition to identifying user accounts and shared resources, hi this lab we trv to resolve host names and auto-detect vour local and external IP range. La b O b jectives The objective of this lab is to help students learn and perform NetBIOS enumeration. NetBIOS enumeration is carried out to detect: ■ Hardware MAC addresses across routers & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration ■ Hidden shared folders and writable ones ■ Internal and external IP address La b Environm ent To carry out the lab, you need: ■ SoftPerfect Network Scanner is located at D :CEH-ToolsCEHv8 M odule 0 4 E num erationSN M P E num eration T o o lsS o ftP erfect N e tw o rk S cann er ■ You can also download the latest version of S o ftP e rfe c t N e tw o rk S cann er from the link http: / /www.sottpertect.com/products/networkscanner/ C E H Lab Manual Page 286 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  22. 22. M odule 04 - Enum eration ■ If you decide to download die latest version, then screenshots shown in the lab might differ ■ Run this tool 111 W indow s 2 0 1 2 server ■ Administrative privileges are required to run this tool m You can also download SoftPerfect Network Scanner from http://www.SoftPerfect. com . La b Duration Tune: 5 A luiutes O verview of Enum eration Enumeration involves an active connection so diat it can be logged. Typical information diat attackers are looking for uicludes user account names for future password-guessuig attacks. La b T a s k E TASK 1 Enumerate N etw ork 1. To launch SoftPerfect Network Seamier, navigate to D:CEH-ToolsCEHv8 Module 04 EnumerationSNMP Enumeration ToolsSoftPerfect N etw ork Scanner 2. Double-click netscan.exe SoftPerfect Network Scanner ■ 0 File View Actions Options Bookmarks fg 0 .0 □‫ ט‬y Range From IP Address . .0 Host Name | to L^J Help |~ 0 MAC Address . * ₪ A «r j* ■ * Q (0 Web-site ■ I ♦ 3► f>Start Scanning * £ 0 . 0 . 0 Response Time m SoftPerfect allow s you to m ount shared folders a network drives, s brow themusing se W indows Explorer, and filter the results list. Ready Threads Devices 0/0 Scan FIGURE 4.1: S erfect Network S n m w oftP can er ain indow 3. To start scamung your network, enter an IP range ui die Range From field and click S tart Scanning. C E H Lab Manual Page 287 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  23. 23. M odule 04 - Enum eration • 0 0 SoftPerfect Network Scanner File V iew Actions O ptions Bookm arks 0 . 1-1 Help □ L3 H Range From I B # E0 . . 0 1 to I 10 • 0 . 50 ‫ ♦ ן‬a W eb-site II Start Scanning Response Time & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration Ready_______________________Threads__________ Devices 0/0 FIGURE 4.2: S erfect settin anIP ran eto s a oftP g g cn 4. The status bar displays the status ot the scamied IP addresses at die bottom of die window. > * j File SoftPerfect Network Scanner View □ A ction s Options Bookm arks Range From El . F Address ? Help | X fc* V IP ₪ id y 0 . 0 1 | To | 10 . 0 0 50 10.0.0.1 MAC Address fa, & Q W W eb-site ~♦ a | IB Stop Scanning » jj Response Tme 0! Host Name 0 ms B 10.0.0.2 WIN-MSSELCK4... D ■ 1... ‫-י‬ ffl 10.0.0.3 WIN-ULY858KH... 0! 1-0... 1ms ,■« 10.0.0.5 WIN-LXQN3WR... 0! S-6... 4 ms ISA 10.0.0.6 ADMIN-PC 0' 1-0... 0 ms e■ 10.0.0.7 WIN-D39MR5H... D 5-C... 0 ms Igu 10.0.0.8 ADMIN 0! t-0... 0 ms 1«u 10.0.0.10 WINDOWS8 Ot .8-6... 2 ms a B £Q SoftPerfect Network Scanner can also check for auser-defined port and report if one is open. It can also resolve host nam es and auto-detect your local and external IP range. It supports rem shutdow ote n and Wake-On-LAN. . . 2ms FIGURE 4.3: S erfect s tu bar oftP ta s 5. To view die properties of an individual particular IP address. C E H Lab Manual Page 288 IP address, nght-click diat Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  24. 24. M odule 04 - Enum eration SoftPerfect Network Scanner File V iew Range From Actions O ptions Bookm arks B3 To IP Address e i Help 10 50 ♦ £%• MAC Address 0 ■ ^ ^-2... 10 .0 .0 .1 1 ». 1 .0 .2 1 0 .0 VVIN-MSSELCK4.. ‫ש‬ 0ms D j^> Start Scanning * Response Time 2ms WIN-UL'f ■j 10.0.0.3 ■ «- l... ADMIN-P Copy e b 10.0.0.7 WIN-D 39 Properties ADMIN > ► WIN-LXQ eu s eta 10.0.0.5 eu 1 .0 .6 0 .0 El Open Computer 10 .0 .0 .8 e 1 .0 .1 ta 0 .0 0 WINDOW Rescan Com puter i W ake-O n-LAN R em ote Shutdow n R em ote Suspend / Hibernate Send Message... Create Batch File... Devices 8/8 FIGURE 4.4: S erfect IP ad re sscan edd ta oftP ds n e ils La b A n a ly sis Analyze and document die results related to die lab exercise. Tool/Utility Information Collected/Objectives Achieved IP Address Range: 10.0.0.1 — 10.0.0.50 SoftPerfect Network Scanner Result: ■ IP Address ■ Host Names ■ MAC Address ■ Response Time P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B . Q uestio ns 1. Examine die detection of die IP addresses and MAC addresses across routers. 2. Evaluate die scans for listening ports and some UDP and SNMP services. C E H Lab Manual Page 289 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  25. 25. M odule 04 - Enum eration 3. H o w w o u ld y o u la u n c h e x te rn a l th ird - p a rty a p p lic a tio n s ? Internet Connection Required □ Yes Platform Supported 0 Classroom C E H Lab Manual Page 290 0 !Labs Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  26. 26. M odule 04 - Enum eration Lab E n u m e r a tin g a N e t w o r k U s in g S o la v W in d s T o o ls e t T h e S o la r W in d s T o o ls e t p r o v id e s th e to o ls y o n n e e d n s a n e tw o r k en g in ee r o r n e tn o r k c o n s u lta n t to g e t y o u r j o b d on e. T o o ls e t in c lu d e s b e st-o f-b re e d s o lu tio n s th a t w o r k s im p ly a n d p re c ise ly , p r o v id in g th e d ia g n o stic, p e t fo r m a nee, and b a n d w id th m e a su re m e n ts y o u w a n t, w ith o u t e x tr a n e o u s, n n n e c e s s a y fe a tu r e s . I C ON KEY / Valuable information Test your knowledge — Web exercise m Workbook review Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration La b S cen ario Penetration testing is much more than just running exploits against vulnerable systems like we learned 111 the previous module. 111 fact a penetration test begins before penetration testers have even made contact with die victim systems. Rather dian blindly dirowing out exploits and praying diat one of them returns a shell, penetration tester meticulously study the environment for potential weaknesses and their mitigating factors. Bv the time a penetration tester runs an exploit, he or she is nearly certain diat it will be successful. Since failed exploits can in some cases cause a crash or even damage to a victim system, or at die very least make the victim unexploitable 111 the future, penetration testers won't get the best results. 111 tins lab we enumerate target system services, accounts, hub ports, TCP/IP network, and routes. You must have sound knowledge of enumeration, which requires an active connection to the macliine being attacked. A hacker enumerates applications and banners 111 addition to identifying user accounts and shared resources. La b O b jectives The objective of tins lab is to help students learn and perform NetBIOS enumeration. NetBIOS enumeration is carried out to detect: ■ Hardware MAC addresses across routers ■ Hidden shared folders and writable ones ■ Internal and external IP addresses C E H Lab Manual Page 291 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  27. 27. M odule 04 - Enum eration La b Environm ent To earn’ out the lab, you need: ‫י‬ m You can also download SoftPerfect Network Scanner from http://www.solarwinds .com SolarW inds-Toolset-V10 located at D:CEH-ToolsCEHv8 M odule 04 E num erationSN M P E num eration ToolsS olarW ind’s IP N e tw o rk B row ser ■ You can also download the latest version of SolarW inds S cann er trom the link http:/ /www.solarw1nds.com/ ■ If you decide to download the la te s t 111 the lab might differ version, T oo lset then screenshots shown ■ Run tliis tool 111 W indow s S erver 2 0 1 2 Host machine and W indow s S erver 2 0 0 8 virtual machine ■ Administrative privileges are required to run tins tool ■ Follow the w izard -d riven installation instructions La b Duration Tune: 5 Minutes O verview of Enum eration Enumeration involves an active connection so that it can be logged. Typical information diat attackers are looking for includes user account names tor future password guessing attacks. La b T a s k W TASK 1 Enumerate N etw ork 1. Configure SNMP services and select Start _ File Acton ViM 4■‫. *־‬S j □ E3 Cut troubleshooting tim in half usingthe e W orkspace Studio, which puts the tools you need for com on situations at your m fingertips ‫^ ־‬Control Panel ‫־‬ ‫^־‬A dm inistrative Tools ‫ ^־‬Services. ‫־‬ □ X ‫־‬ Help £5 B 3 ► ■ « ‫►י‬ f t Stiver Sh«H Hardware Detect!:n S^Smir Card £4 Smart Card Removal Policy E SNMP Servke Descnptior: Lrvjfck: Smpk Network 4 SNMP Trap Management Protocol (SNMP) ^ Software Protection requests to be processed by this ^ Special Admimilitlicn Comcle Hdpct computer If this service 1 stopped, 5 the computer • ill be unable to w wfcSpot Verifier 5 proem SNMP irquetti. If this servic. & S G I Full-text Filter Daemon launcher -. k disabled, any services that eiplicitlj ‫*׳‬SQL Server (MSSQLSERVER) depend on it will fail to (tart. &SQL Server Agent (MSSQLSERVER) SQL Server Analyse Services (MSSQLS.. SQL Server Browser & SQL Server Distributed Replay CSert £6 SQL Server Dirtributed Replay Cortrcl £&SQL Server Integration Services 110 5* SQL Server Reporting Services (MSSQL Q SQL Server VSS Writer {fcSSDP Discovery Superfetch System Event Notification Sciyicc ‫, $׳‬Task Scheduler S i TCP/IP NetBIOS Helper Dcscnpton Supports Me, paProvide* notifica.. Manages access.. Allow* the cyst*... Enables Simple... trap m #_. FrvtLIrs th* (Scfjj.. A w * adrniktti. . llo ■ Verifies potential.. Service to launch.. Provides stcrcge... Executesjobs. m ... Supplies online a-. Provides SQL Ser.. One or more Dist.. Provides trace re... Provides manag.. Manages, execute. Provides the inle_. D«wen nehvorMaintains and i . Monitors system — Enables a user to.. Provides support.. Status Running Running Running Running Running Running Running Running Running Running Running Running Startup type Automatic Automatic DkabUd Manual Automatic Manual Automatic (D... Manual Manual (Trig... Manual Automatic Manual Automatic Disabled Manual Manual Automatic Automatic Automatic Oisabled Manual Automatic Automatic Automatic (T». Log On As Local Syste... Local Syste... Local Service Local Syste .. Local Syste .. 1 Local Service NrtrtorV S.. Local Syste... Local Syste.. NT Servke... NT Service... NT Scrvice... NT Service... Local Service NT Service... NT Service... NT Service... NT Servke... Local Syste.‫״‬ Local Service Local Syste.. Local Syste.. Local SysteLocal Service Extended >Standard/ v FIGURE 5.1: S gSNMP S ic s ettin erv e C E H Lab Manual Page 292 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  28. 28. M odule 04 - Enum eration 2. Double-click SNMP service. 3. Click die Security tab, and click Add... The SNMP Services Configuration window appears. Select READ ONLY from Community rights and Public 111 Community Name, and click Add. SNMP Service Properties (Local Computer) Se cu rity G e n e ra l ] Log O n [ R e c o v e r y [ A g e n t [ T ra p s @ D e p e n d e n c ie s S e n d a u th e n ticatio n trap A c c e p t e d com m unity n a m e s Com m unity Rig hts Ad d ... Edit Remove D A c c e p t S N M P p a c k e t s from a n y host IP Monitor and alert in real tim e on netw ork availability and health w ith tools including RealT im e Interface Monitor, SNMP R eal-Tim e Graph, and Advanced CPU Load SNMP Service Configuration Com m unity rights:_____________________________ !r ea d o n ly [“ “ ^1 Cn e acl C om m unity N am e : |public L e a m m ore ab o u t S N f f lP ‫־‬ O K Cn e acl Ap p ly FIGURE 5.2: C onfiguringSNMP S rv e e ic s 4. Select A ccept SNMP packets from any host, and click OK. SNMP Service Properties (Local Computer) G e n e ra l 0 Log O n R eco v ery Agent rap s | ‫־‬T l | Z- ep en aencies S e n d au th e n ticatio n trap A c c e p t e d com m unity n am es ® O c c e p t S N M P p a c k e t s from a n y host A c c e p t S N M P p a c k e t s from t h e s e h osts L e a m m ore ab o u t S N M P O K C E H Lab Manual Page 293 Cn e acl Ap p ly Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  29. 29. M odule 04 - Enum eration FIG U RE 5.3: setting SNMP Services 5. Install SolarWinds-Toolset-V10, located 111 D:CEH-ToolsCEHv8 Module 04 EnumerationSNMP Enumeration ToolsSolarWind’s IP N etw ork Browser. 6. Launch the S ta rt menu by hovering the mouse cursor on the lower-left corner of the desktop. FIGURE 5.4: W indow S s erver 2012— Desktopview & Perform robust network diagnostics for troubleshooting and quickly resolving complex netw ork issues w ith tools such as Ping Sweep, DNS Analyzer, and Trace Route 7. Click the W o rksp ace Studio window. S t a Studio app to open the SolarW inds A d m in is t r a t o r ^ r t Server Manager IL Computer Windows PowerShel Google Chrome IT Control Panel £ Hyper-V Manager Workspace Studio m * f t Hyper‫־‬V Virtual Machine... SQL Server Installation Center... Mozilla Firefox ProxySwiL. Standard ? Command Prompt InternetEx lo p rer W orkspace ‫ז ז‬ F3 <© 1ft Global Network Inventory Nmap Zenmap GUI I I O FIGURE 5 W .5: indow S s erver 2012— pps A 6. The main window of SolarWinds W orkspace Studio is shown in the following figure. C E H Lab Manual Page 294 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  30. 30. M odule 04 - Enum eration ’ ‫י * "!ם‬ SolarWinds Workspace Studio File Tabs Yiew Devices Add New De/ice.. Interfaces External Tocls * A Interface Chart ^ ^ I t G g Started * ettin * Compare Engineer s Toolset- I Help Manage SNMP Credentials © Manage Tehec/SSH Credentials !5 Switch Poit Mapper _ Telnet/SSH S Gadgets Settings... Q Page Setup... •‘^N ew Tab £5 ‫ ׳‬Save Selected Tabs VI xI I* ■ O SETTINGgSWORKSPACE STUDIO COESTT HAVETO EE SCARY GttinUPtarte e d Devices GrojpDy. Gftxp Kane ‫״‬ rSar«G aa TraceRoute Step 1 - Register the ne:wori devices you wcuH iieto montor. ^ ^ EM ] ‫ד‬ Add Device £ ‫ ב‬Cevices P 1 Recently ts e o Step 2 - Drag gadgets fromthe explorer at feft to this w 3rtspace and associate them with a device. Step 3 - Add tabs to create grojps cf gadgets 0* aganze then any way you wart. [ 0 ofC0t¥<*(s)seated _ Sfow Q U n*rr*s QO | E>t::re‫־‬ ¥ X O OTHreHlpRCC3TOOCTYOU : MERRE30U o e '• ‫ ׳‬Gadgets Mcn<o1 ‫־‬ng d Q 0 Memory Gauges M O ST T IC TO O EO TW H STS EM RY A IST C R N R O O ... ♦ CllCPUandMerroY ‫ ץ‬m m.et^ace Chart - I II < ln!ef*aee Gauge £ T > TFTP Service ___ Interface Table C lear Status‫ ־‬R n in un g [»L Tdt» If, Id New Tab & L Setrin as Gadgets Evert Viewer TFTP Service *>■ Dday: 2 C seconds FIGURE 5.6S larw w o inds orkspace stu iom w d ain indow 7. Click External Tools, and then select Classic tools -> N etw ork Discovery -> IP N etw ork Browser. T=TO SolarWinds Workspace Studio File Tabs View Devices g f? Add New Dcvicc... B Deploy an array of network discovery tools including Port Scanner, Sw Port Mapper, and itch Advanced Subnet C alculator. S Switch P a t Mapper S Interfaces Gadgets [‫ ״‬Extcma^ools Manage SNMP Credentials ^ , Telnet/SSH fj ul Interface Chart u j ‫׳‬etting Startedl O Groupb GnupNane * y: I Help Create New External Tod... Remote Dcsrtoo C gs /WORKSPACE STUDO OOESNT HAVE TO cttin L SETTING J P St6p 1 - Register the network devices you wouH l*e te n ‫כ‬of D ce(s) seecte: dev 1^NewTob . , Save Selected Tabs ________________ U E 2 IP Address Management 10311 | a LdunchPad Network Monitoring Step 2 - Drag gadgets frcm the explorer at lei tc this wort in Cisco Tools Network Discovery f^l Devices P 1Recently Jsed ngj.« Q Poge Setup... Recently Used ] :£ It*) Ping Diagnostic Star cro^raiies Security Etui Q ti d a ■J jt Monitoring IP Address Management IP Network Browser SWMP Tools Step 3 - A(M taos :0 create groups or gacgets or orgarize DNS Audit ^ | MAC Address Discovery Network Sonar Ping Ping Sweep Port Scanner SNMP Sweep f o f ^ i CPU and Wenory @ Subnet List a i Interface Chart "! Switch Port Moppet & interface Cauge ® ntefaceTaWe TFTP Service Statu*‫ ׳‬Rjnning gy Clear SHtma* ‫»*»י‬ | Step ] Gadgets Event Viewer TFTP Service FIGURE 5.7: MenuE scalationfor IP netw brow ork ser 8. IP N etw ork Browser will be shown. Enter die Windows 8 Virtual Machine and click Scan Device ( the IP address will be different 111 your network). IP address (10.0.0.7) C E H Lab Manual Page 295 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  31. 31. M odule 04 - Enum eration IP Network Brow ser 1ST P SolarWinds Toolset applications use several methods to co llect data about the health and perform ance of your network, including ICMP, SNMPv3, DNS and Syslog. Toolset does NOT require deployment of proprietary agents, appliances, or garden gnomes on the network. ‫פי‬ t□ Nevr Re :tart ‫ט‬ Export m % Prin‫־‬ Copy * • Copy Stop m Zoom Ping ♦ 0 1^ Settings 3 Trace Config 0 Telnet ‫ף‬ Surf Help IP Network Browser S c a n a S in g le D e v ic e ___________ ‫3־‬ 3 ' S c a n a Su b n et jd . ‫ן‬ Subnet Address 1 5 .2 5 5 .0 2 5 5 .2 5 Subnet Mask •Scan Suhnel Scan an IP Address Ranqe ‫פר‬ ‫פר‬ Dcgining IP Addicss tnding IP Addtess E n g i n e e r ’s T o o ls e t v 1 0 - E v a l u a t i o n FIGURE 5 IP NetworkB serw .8: row indow s 9. It will show die result 111 a line with die IP address and name ot die computer diat is being scanned. 10. Now click the Plus (+) sign before die IP address. ‫״ ז י‬ File Edit & NetFlow R ealtim e is intended for granular, real-tim e troubleshooting and analysis of N etFlow statistics on single interface and is lim ited to a 1 hour capture ® NeA‫׳‬ 1- IP Network Browser [ 10.0.0.7 J Nodes MBs Discovery y Restart m E>port Print Subnet 4 Copy View % Copy O X Help • Stop j * Zoom | ‫»י‬ Ping 1 Telnet Trace @ Confg A e Surf rf Setting: f Help A vo n A 0■ ,A/ o V < ^4 y ‫־‬ k ^ 4 y A >‫*> ■ ן‬ £ / / / A oV | o v<y J r J? j& 4 eV < & */ w V ‫-׳‬• V* Y ./‫־‬ (IS * A U & ,‫יי‬ 3 / ‫י‬ r r * J? S Jbre* Scan Ccmoteed FIGURE 5 IP NetworkB serw .9: row indow re u p e s s lts ag 11. It will list all die information ot die targeted IP address. C E H Lab Manual Page 296 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  32. 32. M odule 04 - Enum eration Edit Node* MlBs y Export &■ To start anewtab, go to ‘tabs’ on the m bar enu and choose ‘newtab.’ Right-click on a tab to bring up options (Import, Export, Renam S e, ave, Close). You can add tools to tabs from the G adgets bos in the lower left or directly from the gadgets m enu. A good way to approach it is to collect all the tools you need for a given task (troubleshooting Internet connectivity, for exam on one tab. Next ple) tim you face that situation e sim open that tab ply Discovery Subnet % m Print Copy View Copy Help • * Stop Zoom 0 } Ping s Telnet & Tra<« ‫' *־ ם‬ ‫-ן‬ IP Network Browser [ 100.0.7 J File Config Surf s f Setting! ST J j S*3ten Naxw: WDI-D39MP5HL9E4 D escription: Harcware: In tel64 Family 6 Hcdel 42 . J Ti a t !-‫:. ־ ״ ״ ־‬ -eppinc 7 AI/&T CCMPAIIBLI - Softwar! : W indow Version S.2 (Build 6 s 4^ qp ^ J J s y s O b ;c « rD : 1 . 3 . 6 . 1 . 4 . 1 . 3 1 1 . 1 . 1 . 3 . I . 2 0 Last Boot: 9/5/2012 9:13:49 AM Router (will forvard IF packets ?) : N o vO % Adirlnittritor C Cuh: A f i UM5*JAaC.ll USSR A tn a Shared D iln t t n ‫1- <!ל׳‬ ■ ‫ט‬ O' A oV V s i? A> .< ‫ז‬ TC9/ZF ^•cworks IPX hvcworic -E ^ 0.0.9.0 £ < :0 0o $ .0 > S 3> 10.0.0.7 ti: 10.0.0.26S S ^ 127.9.0.0 E ^ 127.9.0.1 ♦ <> 127.266■256.266 $ 1 ‫׳‬ Is ‫מי‬ * ^ 1 J? 25 a 5 255.255 255.255 K%°^ 4 C* a rV* 'S > SjtrelSc4r ComptetiC FIGURE 5.10: IP NetworkB serw row indow re u p e s s lts ag La b A n a ly sis Analyze and document die results related to die lab exercise. Tool/Utility Information Collected/Objectives Achieved Scan Device IP Address: 10.0.0.7 Output: ■ Interfaces ■ Services SolarWinds Tool ■ Accounts Set ■ Shares ■ Hub Ports ■ TCP/IP Network ■ IPX Network ■ Routes P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B . Q uestio ns 1. Analyze die details of die system such as user accounts, system MSI, hub ports, etc. C E H Lab Manual Page 297 Etliical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  33. 33. M odule 04 - Enum eration 2. Find the IP address and Mac address of the system. Internet Connection Required □ Yes Platform Supported 0 Classroom C E H Lab Manual Page 298 0 !Labs Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
  34. 34. M odule 04 - Enum eration E n u m e r a tin g t h e S y s t e m U s in g H yen a H y e n a u ses a n E x p lo r e r -s ty k in terfa ce f o r a ll operations, in clu d in g rig h t m o u se click p o p - ip c o n te x t m e n u s f o r a ll objects. M a n a g e m e n t o f users, g ro u p s (b o th lo ca l a n d g lo b a l), shares, d o m a in s, com puters, services, devices, events, file s , p r in te r s a n d p r in t jo b s , sessions, open file s , d is k space, u se r rights, m essaging, e x p o /tin g , j o b scheduling, processes, a n d p r in tin g a re a ll su p p o /ted . I C ON La b S cen ario KEY / Valuable information ' Test your ____ knowledge______ m Web exercise £Q Workbook review The hacker enumerates applications and banners 111 addition to identifying user accounts and shared resources. 11 tliis lab. Hyena uses an Explorer-style interface 1 for all operations, management of users, groups (both local and global), shares, domains, computers, services, devices, events, files, printers and print jobs, sessions, open tiles, disk space, user nghts, messaging, exporting, job scheduling, processes, and printing are all supported. To be an expert ethical hacker and penetration tester, you must have sound knowledge of enumeration, which requires an active connection to the maclune being attacked. La b O b jectives The objective of this lab is to help students learn and perform network enumeration: ■ Users information 111 the system ■ Services running 111 the system & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 04 Enumeration C E H Lab Manual Page 299 La b Environm ent To perform the lab, you need: ■ A computer running Windows Server 2012 ■ Administrative privileges to install and run tools ■ You can also download tins tool from following link http: / / www. svstemtools.com/hvena/download.htm Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  35. 35. M odule 04 - Enum eration ■ If you decided to download latest version of dns tool screenshots may differ La b Duration Time: 10 Minutes O verview of Enum eration Enumeration is die process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted 111 an intranet environment La b T a s k s The basic idea 111 diis section is to: 1. E t a s k Navigate to D:CEH-ToolsCEHv8 Module 04 EnumerationNetBIO Enumeration ToolsHyena 1 Double-click Hyena_English_x64.exe. You can see die following window. Click N ext Installation of Hyena H y e n a v 9 .0 - In s t a llS h ie ld W i z a r d ca You can download die Hyena from http://u vv.syste ools n1 mt .com /hyena/hyena_ne1v.htm FIGURE 6.1 InstallationofH : yena 3. 4. C E H Lab Manual Page 300 The S o ftw a re L icense A g re e m e n t window appears, you must accept the agreement to install Hyena. Select I a c c e p t click Next. th e term s o f th e licen se a g re e m e n t to continue and Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  36. 36. M odule 04 - Enum eration FIGURE 6.2: S dieA elect greem ent 5. Choose die destination 6. Click Next to continue the installation. location to install Hyena. x H y e n a v 9 .0 ‫ ־‬In s t a llS h ie ld W i z a r d Choose Destination Location Sle tfo e we stu w inta file. e c ldr hre e p ill s ll s m In addition to supporting standard W indows system m anagem functions, ent Hyena also includes extensive Active Directory integration In llHe av .0to sta yn 9 : C rora F y a :P g m iesHen Change... FIGURE 6 : S .3 electin folder for in g stallatio n 7. C E H Lab Manual Page 301 The Ready to install the Program window appears. Click Install Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  37. 37. M odule 04 - Enum eration r H y e n a v 9 .0 - I n s t a l l S h i e l d W i z a r d — ‫ן‬ Ready to Install the Program The wizard is ready to begin installatic C kInta tobg th inta tio lic s ll e in e s la n Ify uwn tore ie o c a g a ye y u re lia nsttins c kBc . C kCne toeitth o a t v w r h n e n r or ta tio e g, lic a k lic a c l x e f wa . iz rd ILU Hyena can be used on anyW indows client to m anage anyW indows NT, W indows 2000, W indows XP/Vista, W indows 7, or W indows Server 2003/2008/2012 installation FIGURE 6.4: sele tin installatio type c g n 8. The InstallShield Wizard complete window appears. Click Finish ro complete die installation. InstallShield Wizard Complete T eInta h ldWa hss c e s l inta dHe av .0 C kF is toeitth wa . h s llSie iz rd a u c s fu s le y n 9 . lic in h x e iz rd FIGURE 6.5: R toinstall w eady indow Enumerating system Information C E H Lab Manual Page 302 9. Launch the S tart menu by hovering the mouse cursor 011 the lowerleft corner of the desktop. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  38. 38. M odule 04 - Enum eration FIGURE 6.6: W indow Seiver 2012— s Desktopview & Hyena also includes full exporting capabilities and both Microsoft Access and Excel reporting and exporting options 10. Click the Hyena app to open the Hyena window. FIGURE 6.7: W indow S s erver 2012— pps A 11. The Registration window will appear. Click OK to continue. 12. The main window of Hyena is shown 111 following figure. C E H Lab Manual Page 303 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  39. 39. M odule 04 - Enum eration 13. Click + to expand Local workstation, and then click Users. J ’ ‫י ם ' ־‬ H y e n a v9 .0 x ‫ף־‬ H Eit W To H e d e ols e w lp c a Additional command-line options were added to allow starting Hyena and automatically inserting and selecting/expanding a domain, server, or computer. - Jfr W -D9 RH94(LclW sta n 1 3M5 LE oa o tio)! N rk j 5 £1 D e rivs j g £"LclCn e tio s oa o nc n - cygSU ♦ E Am istra r d in to 4 C Ge ust 4 C Ja n(Ja n so so) &CJu g b y(Jugby g y o gyo) &£ M (M ) a a rtin rtin ♦ CSie (Sie ) h la h la ♦J1 LclG us oa rop > ‫־‬P te ' rin rs ‫ ^♦׳‬Sa s hre 8‫־‬Sssios e n & Oe F s pn ile £ Srv e e ics gp Dv e eics £ 4‫ >נ‬vn Eets 9 DkSae is pc j ' £ U rR h ± se igts I ♦9 Prfo a c e rmne , a Shd le Jos ceu d b : ± £ Rg eistry j . WI M +^ Ete rise n rp aa 11 Hyen a v9.0 6u r(s)fo n o ,W -D9 RH94 se u d n 1 3M5 LE' N FIGURE 6.9: Expand the Systemu sers 14. To check the services running on the system, double-click S ervices H y e n a v9 .0 ‫ ־‬S e r v ic e s o n W W IN - D 3 9 M R 5 H L 9 E 4 R E« W To H e d e ots e w lp V *s & x » a :s [e ] o ^ v ■ - VIN 3M5 LE(LclW sta n 7 -D9 RH94 oa o tio) rk £ De rivs & LclCn e tio s oa o nc n I £ Urs se . c Am istra r d in to ♦ C Ge ust | 5 c Ja n(Ja n so so) ♦ CJu g b y(Jugby g y o gyo) ^ C M (M ) a a rtin rtin ♦ C Sie (Sie ) h la h la ♦ “ LclG us 5 oa rop g 4^ P te rin rs fiQ Sa s f hre S" Sssios e n iL Qen les J ph • Lj&EEZaU 2PDv e eics B Eets E vn O DkSae is pc S S U rR h se igts *9 Prfo a c e rmne I ♦ 0 Shd le Jos ceu d b Rg eistry i & WM I ♦^ Ete n n rpse K w .sy m o o //w w ste to ls.c m ■! ■1y b « 33 ! aa Services on W W IN - D 3 9 M R 5 H L 9 E 4 Name________________ Display Nam e_________ Status______ $ ‫ ־‬dbAMrv e Ao eAro a U... 5Aoe R se ic d b c bt p { ALouSc Ap a nEprie ‫ }נ‬e okp v plictio xe ... Ap a nLyrG plictio ae ... © ALG ©A se sta gn WdwA se I. IIU rin llAet ino s ll-U r .. Ap a nHstH plictio o ... ©Ap o v pHstSc Ap a nIdn plictio e tity ©Ap Sc plDv Ap a nIn rm plictio fo ... ©Ap fo pin Ap a nM a ... plictio a g n $ ‫־‬Ap g t 5 pMm ©Ad Edo tB WdwAd E... uio npm ... ino s uio n ©Ad srv uio WdwAd ino s uio ®E 6F BseF rin Eg e a ilte g nin 0 IT -B S Bc g udIn llig akron te ... ©B krln strut... Bc g udTsk I. roe fra c akron a s .. ©B w r ro se Cmu rB w r o p te ro se ©CrtP p v e roSc CrtificteP pg... e a roa a C MSste Ap O ♦ y m p... ©O SsAp C My p 0C vc ryptS C p g picSrv ry tora h e i... © co L n D mau ch DO SrvrP c... CMe e roe ©dfra sv e gc Otimed e p iz rivs ©Dv e ssoia ... Dv eA ciatio ... eicA c tio eic sso n Rnin un g S pe topd S pe topd S pe topd Rnin un g S pe topd S pe topd Rnin un g S pe to pd S pe topd Rnin un g Rnin un g Rnin un g S pe topd S pe topd S pe topd Rnin un g Rnin un g S pe topd S pe topd 16se icsfo n o ‫־‬WN 3 M5 LE1 5 ‫־‬o je ts 5 rv e u d n 1 -D9 RH9 4 /1 6 b c FIGURE 6.10: Sendees running in the system 15. To check the U ser Rights, click + to expand it. C E H Lab Manual Page 304 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  40. 40. M odule 04 - Enum eration ‫°' ־‬r * H y e n a v9 .0 - 3 D r iv e s o n A W IN - D 3 9 M R 5 H L 9 E 4 ' H Et VtcH To Hp e d ols d y *3 a X * 3 ::: 5 ] Q SI * = fl J »3ai fe E3 « ° * C Ju g b y(Jugby g y o gyo) ♦ C M (M ) a a rtin rtin ± CSiela(Sie ) h h la ♦ ^ LclG us oa rop Pn rs nte +^ Sa s hre S‫ ־‬e n Sssios j— ^ Oe F s pn ile Qb Srv e e ics Dv e eics fi& Eets f vn ^ DkSae is pc g tsI h ft Bc u Oe to akp pra rs Urs§ se Am istra rs§ d in to Ee oe§ vryn STb riv g (Ata prto th o e £ e c P ile e c s a f e pra SMc mAc utP ile e(Adwrk & e ah e con riv g d o S SBc uP ile e(Bc u file a dd-, t• e akp riv g ak p s n ii iL SCa gNtify riv g (Bpsstra e e hne o P ile e ya vr SUso ite lnu riv g (SUso ii ^ e n lic d ptP ile e e n lic SSste timP ile e(Ca g th sy £-|‫־‬ e y m e riv g hn e e s -SC a Pgfile riv g (C a apg21 e rete a e P ile e rete a SC a Tkn riv g (C a atoi ■ a e rete o e P ile e rete k = £ : 3 Drives on ‫־־‬W IN -D 3 9 M R 5 H L9 E 4 ‫־‬ ‫־‬ Srvr * e e ■ De riv © IN 3M... C W -D9 R © 1 -D9 R D WN 3M... © IN 3M... E W -D9 R 3D e o " W -D9 RH94 rivs n W1 3M5 LE1 N 7 w .sy fn o o w w ste tols.c m Frmt oa NF TS NF TS NF TS Tta ol 9.3 G 71 B 9.6 G 76 B 20 5G 7.4 B Ud se 8.1 G 75 B 2 0G .9 B 1 0G .7 B ^^^biects FIGURE 6.11: U sers R ights To check the Scheduled jobs, click + to expand it. 16. J H y e n a v 9 .0 - 77 t o t a l s c h e d u le d jo b s . F E« W To H ile d e ols e w lp y * < x ♦ 3 :: |e | o ^ y 3‫צ‬ ■ m H yenawill execu die te m current GroupPolicy ost editor, GPM sc, if it is E.m present onthe s ystem ft C Ju g b y(Jugby g y o gyo) ♦ c M (M ) a a rtin rtin 9 C Sie (Sie ) h la h la ♦$ LclG us oa rop & ^ P te rin rs £ £1 Sa s hre S' Sssios e n Oe F s pn ile 9 Srv e e ics 2PDv e eics ffi-AEets vn ^ DkSae is pc ffi-S U rR h se igts EB Prfo a c e rmne |—] Shdle Jos| fo c e u d b - C Mro ft 0 ic so Wdw ino s ♦C .NTF mwrk ; ® E ra e o ffi@Ativ D c ryR h Mngi c e ireto igts a a e ♦ Ap : pID ♦I®Ap a nEprie c plictio xe ne ■ Ap a n a plictioDta ♦j< Atoh L u ck 9 y A j .3;j r b « a a [H o 7 7 t o t a l s c h e d u le d jo b s . Srvr * e e ■ Nm ae S tu ta s Ray ed 0 IN 3 M... CIenrSip A W -D9 R C ae k UC 0 IN 3 M... Gole pa Tsk a... Ray W -D9 R og Udte a Mc ed 0 IN 3 M... Gole pa Tsk a... Ray W -D9 R og Udte a Mc ed 0 IN 3 M... Gole pa Tsk se ... Ray W -D9 R og Udte a U rS ed 0 IN 3 M... Gole pa Tsk se ... Ray W -D9 R og Udte a U rS ed 5 IN 3M... OtimeS rtMn C... Ray ]W -D9 R p iz ta e u a ed 0 IN 3 M... .NTF mwrkNE ... Ray W -D9 R E ra e o GN ed 0 IN 3 M... .NTF mwrkNE ... Ray W -D9 R E ra e o GN ed 0 IN 3 M... A R SR h Plic T D b d W -D9 R D M igts o y ... isa le 0 IN 3 M... A R SR h Plic T Ray W -D9 R D M igts o y ... ed D bd isale 0 IN 3 M... Plic Cne r W -D9 R o y ovrte ed 0 IN 3 M... S a c e Seific Ray W -D9 R mrtSren pc e d ulishrCrtS ... isa le n S]W IN -D 39 M R ... V fie Pb e e to D b d 0 IN 3 M... A gn W -D9 R itAe t Ray ed ed 0 IN 3 M... P g ma Udte Ray W -D9 R rora Dta pa r Ray ed 0 IN 3 M... S rtuAp a W -D9 R ta p pTsk 0 IN 3 M... C a uTmo ry ta Ray W -D9 R lenp e pra S te ed 0 IN 3 M... P x W -D9 R roy Ray ed ♦ -3 Certif icateServicesClient 0 IN 3 M... Sste Tsk W -D9 R y ma Ray ed EB U S Chkdsk Ray ed ffi^ Csto e Eprie c Imroe 0 IN 3 M... U rTsk u mr xe ne p vm W -D9 R se a h ://w w ste to ls.c m ttp w .sy m o o T grTp ^ rige ye Mltip T c u le rig Dily a Dily a Dily a O Id n le Mltip T c u le rig ALgo ton ALgo ton AS rtu t ta p AS rtu t ta p Mltip T c u le rig Mltip T c u le rig 6re istrye trie fo n o W1 -D9 RH 1/77o jets g n s u d n W 3M5 L b c N FIGURE 6.12: Scheduled jobs La b A n a ly sis Analyze and document the results related to die lab exercise. Give your opinion 011 your target’s security‫״‬posture and exposure. C E H Lab Manual Page 305 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  41. 41. M odule 04 - Enum eration Tool/Utility Information Collected/Objectives Achieved Intention : Enumerating the system Output: Hyena ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Local Connections Users Local Group Shares Shares Sessions Services Events User Rights Performance Registry ‫ י‬mn P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L AB . Internet Connection Required □Y es Platform Supported 0 Classroom C E H Lab Manual Page 306 0 No 0 !Labs Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

×