SlideShare a Scribd company logo

Scanning and Enumeration in Cyber Security.pptx

Download as PPTX, PDF
M
MahdiHasanSowrav

Cyber Security

Engineering
1 of 35
CEH – Chapter 3 Scanning and Enumeration NUSRAT JAHAN ID: M190305002 1
2  Introduction  What is Scanning? • Types of Scanning  Port scanning  Network scanning  Vulnerability scanning • CEH Scanning Methodology  Ping Sweep Techniques  Flags of TCP Protocol  Scan Types  War-Dialing Techniques  Banner Grabbing and OS Fingerprinting Techniques  Scanning Anonymously  Bypassing Through Tunnel  What is Enumeration? • SNMP Enumeration Content
 Scanning is the first phase of active hacking and is used to locate target systems or networks for later attack.  Enumeration is the follow-on step once scanning is complete and is used to identify computer names, usernames, and shares. 3
What is Scanning? • Scanning is a set of procedures for identifying live hosts, ports, and services, discovering Operating system and architecture of target system, Identifying vulnerabilities and threats in the network. • After the reconnaissance and information-gathering stages have been completed, scanning is performed. • Ethical hackers use scanning to identify target systems’ IP addresses, to determine whether a system is on the network and available. 4
Types of Scanning 5 Scanning Type Purpose Port scanning Determines open ports and services Network scanning Identifies IP addresses on a given network or subnet Vulnerability scanning Discovers presence of known weaknesses on target systems
Port Scanning  Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. 6 Well-Known Ports: 0-1023 Registered Ports: 1024-49151 Dynamic Ports: 49152-65535 Port Numbers are divided into three ranges: On Windows, well-known port numbers are located in the • C:windowssystem32driversetcservices • Then open it with Notepad
Network Scanning  Network scanning is a procedure for identifying active hosts on a network, either to attack them or as a network security assessment. 7 Objective Network Scanning • To discover live hosts/computer, IP address, and open ports of the victim. • To discover services that are running on a host computer. • To discover the Operating System and system architecture of the target. • To discover and deal with vulnerabilities in Live hosts.
Vulnerability Scanning • Vulnerability scanning is the process of proactively identifying the vulnerabilities of computer systems on a network. • A vulnerability scanner first identifies the operating system and version number, including service packs that may be installed. • Then, the scanner identifies weaknesses or vulnerabilities in the operating system. 8
9 Check for Live Systems: This gives you a list of what’s actually alive on your network subnet by ping scanning. • Ping scan checks for the live system by sending ICMP echo request packets. • If a system is alive, the system responds with ICMP echo reply packet containing details of TTL, packet size etc. Check for Open Ports: Once you know which IP addresses are active, find what ports they’re listening on. • Nmap is the powerful tool used mainly for this purpose Scan beyond IDS: Sometimes your scanning efforts need to be altered to avoid those pesky intrusion detection systems. CEH Scanning Methodology
10 Perform banner grabbing: Banner grabbing and OS fingerprinting will tell you what operating system is on the machines and which services they are running. Scan for vulnerabilities: Perform a more focused look at the vulnerabilities these machines haven’t been patched for yet. Draw network diagrams: A good network diagram will display all the logical and physical pathways to targets you might like. Prepare proxies: This obscures your efforts to keep you hidden. CEH Scanning Methodology
Ping Sweep Techniques • A ping sweep is also known as Internet Control Message Protocol (ICMP) scanning, used to determine whether systems are live or not. • ICMP is the protocol used by the ping command. • By sending an ICMP Echo Request or ping to all hosts on the network Echo Reply as a connectivity test to determine which ones are up and responding to pings. 11 Hacking Tools Pinger, Friendly Pinger, and WS_Ping_Pro
Ping Sweep Techniques 12 Drawback Personal firewall software and network-based firewalls can block a system from responding to ping sweeps. Block the ping attempt and notify the user that a scanning program is running on the network. Another problem is that the computer must be on to be scanned. Solution Port Scanning Just because a ping sweep doesn’t return any active hosts on the network doesn’t mean they aren’t available Remember, hackingtakestime, patience, andpersistence
13 nmap Command Switches Free and Open Source Tool Ping Sweeps, Port Scanning, Service Identification, IP Address Detection, Operating System Detection Performance Supported OS Unix, Linux, Windows,
14 nmap Command Switches • nmap scan can determined open, filtered, or unfiltered port. • Types of Satate of the Port – • Open – The target machine accepts incoming request on that port • Filtered – Firewall or network filter is screening the port and preventing nmap from discovering whether it’s open • Unfiltered – The port is determined to be closed, and no firewall or filter is interfering with the nmap requests
15 nmap Command Switches
16 SYN Synchronize. Initiates a connection between hosts. ACK Acknowledge. Established connection between hosts. PUSH Push. System is forwarding buffered data. URG Urgent. Data in packets must be processed quickly. FIN RST Finish. No more transmissions. Reset. Resets the connection Flags of TCP Protocol
 SYN: A SYN or stealth scan is also called a half-open scan because it doesn’t complete the TCP three-way handshake.  A hacker sends a SYN packet to the target; if a SYN/ACK frame is received back, then it’s assumed the target would complete the connect and the port is listening.  If an RST is received back from the target, then it’s assumed the port isn’t active or is closed.  The advantage of the SYN stealth scan is that fewer IDS systems log this as an attack or connection attempt. 17 Scan Types
 XMAS: XMAS scans send a packet with the FIN, URG, and PSH flags set.  If the port is open – there is no response;  If the port is closed – the target responds with a RST/ACK packet.  XMAS scans work only on target systems that follow the RFC 793 implementation of TCP/IP and don’t work against any version of Windows. 18 Scan Types
 FIN:  sends a packet with just the FIN flag set.  FIN scans receive the same response and have the same limitations as XMAS scans  NULL:  It just sends a packet with no flags set.  Similar to XMAS and FIN in its limitations and response,  IDLE  Uses a spoofed IP address to send a SYN packet to a target.  Depending on the response, the port can be determined to be open or closed.  IDLE scans determine port scan response by monitoring IP header sequence numbers 19 Scan Types
 FIN:  sends a packet with just the FIN flag set.  FIN scans receive the same response and have the same limitations as XMAS scans  NULL:  It just sends a packet with no flags set.  Similar to XMAS and FIN in its limitations and response,  IDLE  Uses a spoofed IP address to send a SYN packet to a target.  Depending on the response, the port can be determined to be open or closed.  IDLE scans determine port scan response by monitoring IP header sequence numbers 20 TCP Scanning Hacking Tools
21 Scanning Hacking Tools- Wireshark TCP Scanning FIN Scanning
22 Hacking Tools • IPEye is a TCP port scanner that can do SYN, FIN, Null, and XMAS scans. • It’s a command line tool IPSecScan is a tool that can scan either a single IP address or a range of addresses looking for systems that are IPSec enabled It contains a host of other features besides OS finger printing such as TCP, UDP, ICMP, and raw-IP ping protocols, traceroute mode, and the ability to send files between the source and target system. SNMP Scanner allows to scan a range or list of hosts performing ping, DNS, and SNMP queries
War dialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. • It finds another network connection that may have weaker security than the main Internet connection. • Many organizations set up remote-access modems that are now antiquated but have failed to remove those remote-access servers.  This gives hackers an easy way into the network with much weaker security mechanisms.  Many remote-access systems use the Password Authentication Protocol (PAP), rather than VPN technology that encrypts passwords. 23 War-Dialing Techniques THC-Scan, PhoneSweep, and TeleSweep are tools that identify phone numbers and can dial a target to make a connection with a computer modem.
Banner grabbing or OS Fingerprinting is the process to determine the OS running on a remote target system – opening a connection and reading the banner or response sent by the application. • Many email, FTP, and web servers will respond to a telnet connection with the name and version of the OS 24 Banner Grabbing and OS Fingerprinting Techniques Hacking Tools 1. SolarWinds Toolset, Queso, Harris Stat, and Cheops – network management tools 2. Netcraft and HTTrack
25 Banner Grabbing and OS Fingerprinting Techniques • Specially crafted packets are sent to remote OS and the responses are noted • The responses are then compared to a database to determine the operating system. • Various operating system vendors implement the TCP stack differently, and responses will differ. • Easily detected by an IDS or other security system • Banner Grabbing from Error messages Error messages provide information such as type of server, type of OS and SSL tool used by the remote system • Sniffing the network traffic Capturing and analyzing pkts from the target, attacker can determine OS • Banner Grabbing from page extension Looking for an extension in the URL may assist in determining the application version • Usually undetected by an IDS or other security system but less accurate then Active fingerprinting Active Fingerprinting Passive Fingerprinting
• A proxy server is a computer that acts as an intermediary between the hacker and the target computer. Using a proxy server can allow a hacker to become anonymous on the network. • The hacker first makes a connection to the proxy server and then requests a connection to the target computer via the existing connection to the proxy. • The proxy requests access to the target computer, not the hacker’s computer. This lets a hacker surf the Web anonymously or otherwise hide their attack. 26 Scanning Anonymously Preparing proxy servers Hacking Tools SocksChain
• A popular method of bypassing a firewall or IDS is to tunnel a blocked protocol (such as SMTP) through an allowed protocol (such as HTTP). • Almost all IDS and firewalls act as a proxy between a client’s PC and the Internet and pass only the traffic defined as being allowed. 27 Bypassing Through Tunnel Hacking Tools HTTPort, Tunneld, and BackStealth are tools to tunnel traffic through HTTP. These tools allow the following potentially to be used from behind an HTTP proxy: Email, IRC, ICQ, News, AIM,FTP
What is Enumeration? • Enumeration occurs after scanning extracting user names, machine names, network resources, shares, and other services from a system. • All the gathered information is used to identify the vulnerabilities or weak points in system security and then tries to exploit it. • Some steps of performing hacking operation 1. Extract usernames using enumeration. 2. Gather information about the host using null sessions. 3. Perform Windows enumeration using the SuperScan tool. 4. Acquire the user accounts using the tool GetAcct. 5. Perform SNMP port scanning. 28
Hacking Tool • DumpSec is a NetBIOS enumeration tool. It connects to the target system as a null user with the net use command. It then enumerates users, groups, NTFS permissions, and file ownership information. • Hyena is a tool that enumerates NetBIOS shares and additionally can exploit the null session vulnerability to connect to the target system and change the share path or edit the Registry. • SMB Auditing Tool is a password-auditing tool for the Windows and Server Message Block (SMB) platforms. Windows uses SMB to communicate between the client and server. The SMB Auditing Tool is able to identify usernames and crack passwords on Windows systems. • NetBIOS Auditing Tool is another NetBIOS enumeration tool. It’s used to perform various security checks on remote servers running NetBIOS file sharing services 29
SNMP Enumeration • SNMP (Simple Network Management Protocol) is an application layer protocol which uses UDP protocol to maintain and manage routers, hubs and switches other network devices on an IP network. • SNMP enumeration is used to enumerate user accounts, passwords, groups, system names, devices on a target system. • It consists of three major components: 1. Managed Device 2. Agent 3. Network Management System (NMS) 30
SNMP Enumeration • Managed Device: A managed device is a device or a host (technically known as a node) which has the SNMP service enabled. These devices could be routers, switches, hubs, bridges, computers etc. • Agent: An agent can be thought of as a piece of software that runs on a managed device. Its primary job is to convert the information into SNMP compatible format for the smooth management of the network using SNMP protocol. It is located on the networking device • Network Management System (NMS): These are the software systems that are used for monitoring of the network devices and communicates with the agent. 31
SNMP Enumeration • The SNMP management station sends requests to agents, and the agents send back replies. • The requests and replies refer to configuration variables accessible by agent software. • Management stations can also send requests to set values for certain variables. Traps let the management station know that something significant has happened in the agent software, such as a reboot or an interface failure. • Management Information Base (MIB) is the database of configuration variables that resides on the networking device. • MIB is organized hierarchically and is a virtual database containing a formal description of all the network objects. 32
SNMP Enumeration • Community strings: • Community strings is a text string used to authenticate communications between the management stations and network devices on which SNMP agents are hosted. • Community Strings travel in clear text over the network, hence are subject to network sniffing attacks. • Community Strings are sent with every network packet exchanged between the node and management station. 1. read community string - this password lets you view the configuration of the device or system. This mode permits querying the device and reading the information, but does not permit any kind of changes to the configuration. The default community string for this mode is “public.” 2. read/write community string – it’s for changing or editing the configuration on the device. In this mode, changes to the device are permitted; hence if one connects with this community string, we can even modify the remote device ’s configurations. The default community string for this mode is “private.” 33
SNMP Enumeration • SNMPUtil gathers Windows user account information via SNMP in Windows systems. • Some information—such as routing tables, ARP tables, IP addresses, MAC addresses, • TCP and UDP open ports, user accounts, and shares—can be read from a Windows system that has SNMP enabled using the SNMPUtil tools. 34 Hacking Tools SNMPUtill IP Network Browser from the SolarWinds Toolset also uses SNMP to gather more information about a device that has an SNMP agent. IP Network Browser
35 Thank You

Recommended

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attackmarada0033
 
What is a Rainbow Table?
What is a Rainbow Table?What is a Rainbow Table?
What is a Rainbow Table?Vahid Saffarian
 

Recommended

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attackmarada0033
 
What is a Rainbow Table?
What is a Rainbow Table?What is a Rainbow Table?
What is a Rainbow Table?Vahid Saffarian
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)sayyed azam
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocolKirti Ahirrao
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Windows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseWindows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseTakahiro Haruyama
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffersVi Tính Hoàng Nam
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-Baljit Saini
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Email Analysis
Email AnalysisEmail Analysis
Email Analysisprimeteacher32
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Create a software key logger
Create a software key logger Create a software key logger
Create a software key logger GiralFaurel
 
Tor Presentation
Tor PresentationTor Presentation
Tor PresentationHassan Faraz
 
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Boston Institute of Analytics
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 

More Related Content

What's hot

Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)sayyed azam
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocolKirti Ahirrao
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherNiloy Biswas
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Windows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseWindows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseTakahiro Haruyama
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)KHNOG
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-Baljit Saini
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentationBokangMalunga
 
Create a software key logger
Create a software key logger Create a software key logger
Create a software key logger GiralFaurel
 

What's hot (20)

Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)
 
Application layer security protocol
Application layer security protocolApplication layer security protocol
Application layer security protocol
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Windows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCaseWindows Memory Forensic Analysis using EnCase
Windows Memory Forensic Analysis using EnCase
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffers
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-
 
Pgp
PgpPgp
Pgp
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Email Analysis
Email AnalysisEmail Analysis
Email Analysis
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
Application Security
Application SecurityApplication Security
Application Security
 
Anti phishing presentation
Anti phishing presentationAnti phishing presentation
Anti phishing presentation
 
Create a software key logger
Create a software key logger Create a software key logger
Create a software key logger
 
Tor Presentation
Tor PresentationTor Presentation
Tor Presentation
 

Similar to Scanning and Enumeration in Cyber Security.pptx

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Boston Institute of Analytics
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptxJazzyB5
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.pptVarunBehere1
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 

Similar to Scanning and Enumeration in Cyber Security.pptx (20)

Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
Nmap project presentation : Unlocking Network Secrets: Mastering Port Scannin...
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 
Network scan
Network scanNetwork scan
Network scan
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptx
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptx
 
Scanning
ScanningScanning
Scanning
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.ppt
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Nmap
NmapNmap
Nmap
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 

Recently uploaded

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 

Recently uploaded (20)

★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 

Scanning and Enumeration in Cyber Security.pptx

  • 1. CEH – Chapter 3 Scanning and Enumeration NUSRAT JAHAN ID: M190305002 1
  • 2. 2  Introduction  What is Scanning? • Types of Scanning  Port scanning  Network scanning  Vulnerability scanning • CEH Scanning Methodology  Ping Sweep Techniques  Flags of TCP Protocol  Scan Types  War-Dialing Techniques  Banner Grabbing and OS Fingerprinting Techniques  Scanning Anonymously  Bypassing Through Tunnel  What is Enumeration? • SNMP Enumeration Content
  • 3.  Scanning is the first phase of active hacking and is used to locate target systems or networks for later attack.  Enumeration is the follow-on step once scanning is complete and is used to identify computer names, usernames, and shares. 3
  • 4. What is Scanning? • Scanning is a set of procedures for identifying live hosts, ports, and services, discovering Operating system and architecture of target system, Identifying vulnerabilities and threats in the network. • After the reconnaissance and information-gathering stages have been completed, scanning is performed. • Ethical hackers use scanning to identify target systems’ IP addresses, to determine whether a system is on the network and available. 4
  • 5. Types of Scanning 5 Scanning Type Purpose Port scanning Determines open ports and services Network scanning Identifies IP addresses on a given network or subnet Vulnerability scanning Discovers presence of known weaknesses on target systems
  • 6. Port Scanning  Port scanning is the process of identifying open and available TCP/IP ports on a system. Port-scanning tools enable a hacker to learn about the services available on a given system. 6 Well-Known Ports: 0-1023 Registered Ports: 1024-49151 Dynamic Ports: 49152-65535 Port Numbers are divided into three ranges: On Windows, well-known port numbers are located in the • C:windowssystem32driversetcservices • Then open it with Notepad
  • 7. Network Scanning  Network scanning is a procedure for identifying active hosts on a network, either to attack them or as a network security assessment. 7 Objective Network Scanning • To discover live hosts/computer, IP address, and open ports of the victim. • To discover services that are running on a host computer. • To discover the Operating System and system architecture of the target. • To discover and deal with vulnerabilities in Live hosts.
  • 8. Vulnerability Scanning • Vulnerability scanning is the process of proactively identifying the vulnerabilities of computer systems on a network. • A vulnerability scanner first identifies the operating system and version number, including service packs that may be installed. • Then, the scanner identifies weaknesses or vulnerabilities in the operating system. 8
  • 9. 9 Check for Live Systems: This gives you a list of what’s actually alive on your network subnet by ping scanning. • Ping scan checks for the live system by sending ICMP echo request packets. • If a system is alive, the system responds with ICMP echo reply packet containing details of TTL, packet size etc. Check for Open Ports: Once you know which IP addresses are active, find what ports they’re listening on. • Nmap is the powerful tool used mainly for this purpose Scan beyond IDS: Sometimes your scanning efforts need to be altered to avoid those pesky intrusion detection systems. CEH Scanning Methodology
  • 10. 10 Perform banner grabbing: Banner grabbing and OS fingerprinting will tell you what operating system is on the machines and which services they are running. Scan for vulnerabilities: Perform a more focused look at the vulnerabilities these machines haven’t been patched for yet. Draw network diagrams: A good network diagram will display all the logical and physical pathways to targets you might like. Prepare proxies: This obscures your efforts to keep you hidden. CEH Scanning Methodology
  • 11. Ping Sweep Techniques • A ping sweep is also known as Internet Control Message Protocol (ICMP) scanning, used to determine whether systems are live or not. • ICMP is the protocol used by the ping command. • By sending an ICMP Echo Request or ping to all hosts on the network Echo Reply as a connectivity test to determine which ones are up and responding to pings. 11 Hacking Tools Pinger, Friendly Pinger, and WS_Ping_Pro
  • 12. Ping Sweep Techniques 12 Drawback Personal firewall software and network-based firewalls can block a system from responding to ping sweeps. Block the ping attempt and notify the user that a scanning program is running on the network. Another problem is that the computer must be on to be scanned. Solution Port Scanning Just because a ping sweep doesn’t return any active hosts on the network doesn’t mean they aren’t available Remember, hackingtakestime, patience, andpersistence
  • 13. 13 nmap Command Switches Free and Open Source Tool Ping Sweeps, Port Scanning, Service Identification, IP Address Detection, Operating System Detection Performance Supported OS Unix, Linux, Windows,
  • 14. 14 nmap Command Switches • nmap scan can determined open, filtered, or unfiltered port. • Types of Satate of the Port – • Open – The target machine accepts incoming request on that port • Filtered – Firewall or network filter is screening the port and preventing nmap from discovering whether it’s open • Unfiltered – The port is determined to be closed, and no firewall or filter is interfering with the nmap requests
  • 16. 16 SYN Synchronize. Initiates a connection between hosts. ACK Acknowledge. Established connection between hosts. PUSH Push. System is forwarding buffered data. URG Urgent. Data in packets must be processed quickly. FIN RST Finish. No more transmissions. Reset. Resets the connection Flags of TCP Protocol
  • 17.  SYN: A SYN or stealth scan is also called a half-open scan because it doesn’t complete the TCP three-way handshake.  A hacker sends a SYN packet to the target; if a SYN/ACK frame is received back, then it’s assumed the target would complete the connect and the port is listening.  If an RST is received back from the target, then it’s assumed the port isn’t active or is closed.  The advantage of the SYN stealth scan is that fewer IDS systems log this as an attack or connection attempt. 17 Scan Types
  • 18.  XMAS: XMAS scans send a packet with the FIN, URG, and PSH flags set.  If the port is open – there is no response;  If the port is closed – the target responds with a RST/ACK packet.  XMAS scans work only on target systems that follow the RFC 793 implementation of TCP/IP and don’t work against any version of Windows. 18 Scan Types
  • 19.  FIN:  sends a packet with just the FIN flag set.  FIN scans receive the same response and have the same limitations as XMAS scans  NULL:  It just sends a packet with no flags set.  Similar to XMAS and FIN in its limitations and response,  IDLE  Uses a spoofed IP address to send a SYN packet to a target.  Depending on the response, the port can be determined to be open or closed.  IDLE scans determine port scan response by monitoring IP header sequence numbers 19 Scan Types
  • 20.  FIN:  sends a packet with just the FIN flag set.  FIN scans receive the same response and have the same limitations as XMAS scans  NULL:  It just sends a packet with no flags set.  Similar to XMAS and FIN in its limitations and response,  IDLE  Uses a spoofed IP address to send a SYN packet to a target.  Depending on the response, the port can be determined to be open or closed.  IDLE scans determine port scan response by monitoring IP header sequence numbers 20 TCP Scanning Hacking Tools
  • 21. 21 Scanning Hacking Tools- Wireshark TCP Scanning FIN Scanning
  • 22. 22 Hacking Tools • IPEye is a TCP port scanner that can do SYN, FIN, Null, and XMAS scans. • It’s a command line tool IPSecScan is a tool that can scan either a single IP address or a range of addresses looking for systems that are IPSec enabled It contains a host of other features besides OS finger printing such as TCP, UDP, ICMP, and raw-IP ping protocols, traceroute mode, and the ability to send files between the source and target system. SNMP Scanner allows to scan a range or list of hosts performing ping, DNS, and SNMP queries
  • 23. War dialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. • It finds another network connection that may have weaker security than the main Internet connection. • Many organizations set up remote-access modems that are now antiquated but have failed to remove those remote-access servers.  This gives hackers an easy way into the network with much weaker security mechanisms.  Many remote-access systems use the Password Authentication Protocol (PAP), rather than VPN technology that encrypts passwords. 23 War-Dialing Techniques THC-Scan, PhoneSweep, and TeleSweep are tools that identify phone numbers and can dial a target to make a connection with a computer modem.
  • 24. Banner grabbing or OS Fingerprinting is the process to determine the OS running on a remote target system – opening a connection and reading the banner or response sent by the application. • Many email, FTP, and web servers will respond to a telnet connection with the name and version of the OS 24 Banner Grabbing and OS Fingerprinting Techniques Hacking Tools 1. SolarWinds Toolset, Queso, Harris Stat, and Cheops – network management tools 2. Netcraft and HTTrack
  • 25. 25 Banner Grabbing and OS Fingerprinting Techniques • Specially crafted packets are sent to remote OS and the responses are noted • The responses are then compared to a database to determine the operating system. • Various operating system vendors implement the TCP stack differently, and responses will differ. • Easily detected by an IDS or other security system • Banner Grabbing from Error messages Error messages provide information such as type of server, type of OS and SSL tool used by the remote system • Sniffing the network traffic Capturing and analyzing pkts from the target, attacker can determine OS • Banner Grabbing from page extension Looking for an extension in the URL may assist in determining the application version • Usually undetected by an IDS or other security system but less accurate then Active fingerprinting Active Fingerprinting Passive Fingerprinting
  • 26. • A proxy server is a computer that acts as an intermediary between the hacker and the target computer. Using a proxy server can allow a hacker to become anonymous on the network. • The hacker first makes a connection to the proxy server and then requests a connection to the target computer via the existing connection to the proxy. • The proxy requests access to the target computer, not the hacker’s computer. This lets a hacker surf the Web anonymously or otherwise hide their attack. 26 Scanning Anonymously Preparing proxy servers Hacking Tools SocksChain
  • 27. • A popular method of bypassing a firewall or IDS is to tunnel a blocked protocol (such as SMTP) through an allowed protocol (such as HTTP). • Almost all IDS and firewalls act as a proxy between a client’s PC and the Internet and pass only the traffic defined as being allowed. 27 Bypassing Through Tunnel Hacking Tools HTTPort, Tunneld, and BackStealth are tools to tunnel traffic through HTTP. These tools allow the following potentially to be used from behind an HTTP proxy: Email, IRC, ICQ, News, AIM,FTP
  • 28. What is Enumeration? • Enumeration occurs after scanning extracting user names, machine names, network resources, shares, and other services from a system. • All the gathered information is used to identify the vulnerabilities or weak points in system security and then tries to exploit it. • Some steps of performing hacking operation 1. Extract usernames using enumeration. 2. Gather information about the host using null sessions. 3. Perform Windows enumeration using the SuperScan tool. 4. Acquire the user accounts using the tool GetAcct. 5. Perform SNMP port scanning. 28
  • 29. Hacking Tool • DumpSec is a NetBIOS enumeration tool. It connects to the target system as a null user with the net use command. It then enumerates users, groups, NTFS permissions, and file ownership information. • Hyena is a tool that enumerates NetBIOS shares and additionally can exploit the null session vulnerability to connect to the target system and change the share path or edit the Registry. • SMB Auditing Tool is a password-auditing tool for the Windows and Server Message Block (SMB) platforms. Windows uses SMB to communicate between the client and server. The SMB Auditing Tool is able to identify usernames and crack passwords on Windows systems. • NetBIOS Auditing Tool is another NetBIOS enumeration tool. It’s used to perform various security checks on remote servers running NetBIOS file sharing services 29
  • 30. SNMP Enumeration • SNMP (Simple Network Management Protocol) is an application layer protocol which uses UDP protocol to maintain and manage routers, hubs and switches other network devices on an IP network. • SNMP enumeration is used to enumerate user accounts, passwords, groups, system names, devices on a target system. • It consists of three major components: 1. Managed Device 2. Agent 3. Network Management System (NMS) 30
  • 31. SNMP Enumeration • Managed Device: A managed device is a device or a host (technically known as a node) which has the SNMP service enabled. These devices could be routers, switches, hubs, bridges, computers etc. • Agent: An agent can be thought of as a piece of software that runs on a managed device. Its primary job is to convert the information into SNMP compatible format for the smooth management of the network using SNMP protocol. It is located on the networking device • Network Management System (NMS): These are the software systems that are used for monitoring of the network devices and communicates with the agent. 31
  • 32. SNMP Enumeration • The SNMP management station sends requests to agents, and the agents send back replies. • The requests and replies refer to configuration variables accessible by agent software. • Management stations can also send requests to set values for certain variables. Traps let the management station know that something significant has happened in the agent software, such as a reboot or an interface failure. • Management Information Base (MIB) is the database of configuration variables that resides on the networking device. • MIB is organized hierarchically and is a virtual database containing a formal description of all the network objects. 32
  • 33. SNMP Enumeration • Community strings: • Community strings is a text string used to authenticate communications between the management stations and network devices on which SNMP agents are hosted. • Community Strings travel in clear text over the network, hence are subject to network sniffing attacks. • Community Strings are sent with every network packet exchanged between the node and management station. 1. read community string - this password lets you view the configuration of the device or system. This mode permits querying the device and reading the information, but does not permit any kind of changes to the configuration. The default community string for this mode is “public.” 2. read/write community string – it’s for changing or editing the configuration on the device. In this mode, changes to the device are permitted; hence if one connects with this community string, we can even modify the remote device ’s configurations. The default community string for this mode is “private.” 33
  • 34. SNMP Enumeration • SNMPUtil gathers Windows user account information via SNMP in Windows systems. • Some information—such as routing tables, ARP tables, IP addresses, MAC addresses, • TCP and UDP open ports, user accounts, and shares—can be read from a Windows system that has SNMP enabled using the SNMPUtil tools. 34 Hacking Tools SNMPUtill IP Network Browser from the SolarWinds Toolset also uses SNMP to gather more information about a device that has an SNMP agent. IP Network Browser