Ethical Hacking Module 6: Enumeration and Network Discovery

Ethical Hacking Module 6: Enumeration and Network Discovery
Slide Note
Embed
Share

Enumeration plays a crucial role in ethical hacking by establishing connections to target hosts to uncover vulnerabilities for potential attacks. This process involves identifying usernames, group names, hostnames, network shares and services, IP and routing tables, audit configurations, application details, SNMP and DNS information. Various methods like NetBios, SNMP, LDAP, NTP, SMTP, DNS, Windows, and UNIX/Linux enumeration are utilized to gather vital data for penetration testing and security assessments.

  • Ethical Hacking
  • Enumeration
  • Network Discovery
  • Cybersecurity
bren_714
bren_714 Follow

Uploaded on Mar 17, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. ETHICAL HACKING MODULE 6

  2. ENUMERATION

  3. ENUMERATION Enumeration is establishing a connection to the target hosts to discover how best to attack them

  4. ENUMERATION VS MAPPING Network Enumeration Network Mapping Username Groups Shares Services Specific servers Operating systems

  5. NETWORK ENUMERATION What we re looking for: Usernames, Group names Hostnames Network shares and services IP tables and routing tables Service settings and Audit configurations Application and banners SNMP and DNS Details

  6. THERE ARE LOTS OF THINGS TO ENUMERATE NetBios Enumeration SNMP Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration Windows Enumeration UNIX /Linux Enumeration

  7. NETBIOS Network Basic Input Output System Developed by IBM as an API layer to facilitate LAN communications Used by Windows for file and printer sharing Runs on port 139

  8. NETBIOS An attacker can: Choose to read or write to a remote machine depending on the availability of shares Launch a Denial of Service attack on the remote machine Enumerate password policies on the remote machine

  9. SNMP Simple Network Management Protocol Used for managing network devices running on the IP layer Routers, access points, et. Al. SNMP has two passwords One to enable reading the device configuration Another to enable changing the device configuration SNMP uses a hierarchical database called Management Information Base (MIB) MIB contains a tree like structure

  10. SNMP From the SNMP configuration you can get: Information about network resources such as routers, shares, devices, etc. ARP and routing tables Device specific information Traffic statistics etc.

  11. LDAP Light Weight Directory Access Protocol Internet Protocol for accessing distributed directory services Active Directory OpenLDAP

  12. LDAP LDAP supports anonymous remote query on the Server The query will disclose sensitive information such as usernames, address, contact details, Department details, etc.

  13. NTP Network Time Protocol Designed to synchronize clocks of networked computers Works on UDP and port 123.

  14. NTP List of hosts connected to the NTP server Internal Client IP addresses, Hostnames and Operating system used.

  15. SMTP Simple Mail Transfer Protocol E-Mail protocol TCP port 25 SMTP uses Mail Exchange servers to send the mail via the Domain Name Service

  16. SMTP SMTP provides three built-in commands VRFY validate users on the SMTP servers EXPN Delivery addresses of aliases and mailing lists RCPT TO Defines the recipients of the message

  17. DNS Domain Name Service Hierarchical decentralized distributed naming systems for computers, services, or any resource connected to the network DNS resolves hostnames to its respective IP addresses and vice versa Common record types in DNS Start of Authority (SOA), IP addresses (A and AAAA), SMTP mail exchangers (MX), Nameservers (NS), Pointers for reverse DNS lookups (PTR), and Domain name aliases (CNAME)

  18. DNS DNS enumeration is possible by sending zone transfer request Reveals sensitive domain records in response to the request Zone transfer is how DNS replicates/synchronizes its database across multiple servers.

  19. OS LEVEL Windows RDP Remote-Powershell FTP/SFTP Linux/Unix SSH TELNET

  20. WINDOWS- RDP Remote Desktop Protocol Every version of Microsoft Windows from Windows XP onwardsincludes an installed Remote Desktop Connection Even the server versions Does Requires configuration

  21. WINDOWS- RDP Issues: In March 2012, patched a vulnerability allowing a Windows computer to be compromised by unauthenticated clients In March 2018, patched a remote code execution vulnerability in a Security Support Provider for Microsoft Remote Desktop and Windows Remote Management May 2019 patched a vulnerability which allows for the possibility of remote code execution Unusually, patches were also made available for several versions of Windows that had reached their end-of-life, such as Windows XP

  22. WINDOWS REMOTE-POWERSHELL Windows PowerShell supports remote computing work on all Windows operating systems without any special configuration: Restart-Computer Test-Connection Clear-EventLog Get-EventLog Get-HotFix Get-Process Get-Service Set-Service Get-WinEvent Get-WmiObject

  23. WINDOWS FTP/SFTP FTP is a well known File Transfer Protocol Windows has no built in FTP client/server This requires windows users to rely on third-part applications of various quality

  24. FTP VS SFTP Just a quick note: FTP File Transfer Protocol SFTP Secure File Transfer Protocol FTP- Everything is transmitted in plain text And I mean EVERYTHING Usernames Password Data SFTP Encrypts everything with an algorithm But which one?

  25. UNIX/LINUX -SSH SSH: Secure Shell Encrypts all traffic Requires configuration Requires ssh server on receiving end Uses OS user accounts for authentication So if Admins leave a guest account open

  26. UNIX/LINUX -SSH Uses For login to a shell on a remote host For executing a single command on a remote host For setting up automatic (passwordless) login to a remote server In combination with rsync to back up, copy and mirror files efficiently and securely For forwarding or tunneling For using as a full-fledged encrypted VPN For browsing the web through an encrypted proxy connection For securely mounting a directory on a remote server For automated remote monitoring and management of servers For development on a mobile or embedded device For securing file transfer protocols

  27. UNIX/LINUX -TELNET Telnet was created and launched in 1969 Used for hosting remote shell sessions Servers Routers Firewalls

  28. UNIX/LINUX -TELNET Telnet, by default, does not encrypt any data sent over the connection (including passwords) Telnet has no authentication that would ensure communication is carried out between the two desired hosts and not intercepted in the middle

Related


Man-in-the-Middle Attacks and Network Security Threats

Man-in-the-Middle Attacks and Network Security Threats

crash
Strategies for Personal Income Tax Enumeration Processes in Lagos State

Strategies for Personal Income Tax Enumeration Processes in Lagos State

rebeca
Effective Management Systems for Field Enumeration in Population and Housing Censuses

Effective Management Systems for Field Enumeration in Population and Housing Censuses

nancie
Applying Behavioural Ethics in Education for Justice (E4J)

Applying Behavioural Ethics in Education for Justice (E4J)

cassius
Considerations on 6 GHz Discovery for IEEE 802.11-18/1922r0

Considerations on 6 GHz Discovery for IEEE 802.11-18/1922r0

eesa
Ethical Hacking Essential Knowledge

Ethical Hacking Essential Knowledge

Ranjitha1
Ethical Decision Making in Clinical Practice: Understanding Dilemmas and Solutions

Ethical Decision Making in Clinical Practice: Understanding Dilemmas and Solutions

ajay
Service Discovery for Local Services in IEEE 11-14/0124r0 Document

Service Discovery for Local Services in IEEE 11-14/0124r0 Document

mousseau_h
Unveiling Google Hacking Techniques

Unveiling Google Hacking Techniques

aren_ra
Ethical Hacking_ Principles, Practices, and Significance

Ethical Hacking_ Principles, Practices, and Significance

Hammad
Unix/Linux Hacking Techniques

Unix/Linux Hacking Techniques

christio
Ethical Hacking: Understanding the Different Types of Hackers

Ethical Hacking: Understanding the Different Types of Hackers

jarn504
Comprehensive Guide to Hacking Techniques & Intrusion Detection

Comprehensive Guide to Hacking Techniques & Intrusion Detection

ssumm
Evolution of Census Mapping in Belize

Evolution of Census Mapping in Belize

beow212
Enumeration in Windows Networks

Enumeration in Windows Networks

zcout
Hacking: Types, Hackers, and Ethics

Hacking: Types, Hackers, and Ethics

barakat_m
Discrete Optimization Methods Overview

Discrete Optimization Methods Overview

azly417
Operational Guidelines for WCA 2020 Census Enumeration Webinar

Operational Guidelines for WCA 2020 Census Enumeration Webinar

king_ma
Ethical Traps in Psychotherapy

Ethical Traps in Psychotherapy

kaytonk
Innovative Security Solutions: Gaetano Perrone Tutor Simon Pietro Romano

Innovative Security Solutions: Gaetano Perrone Tutor Simon Pietro Romano

kald_4
Cross-Site Scripting (XSS) Attacks and Prevention Measures

Cross-Site Scripting (XSS) Attacks and Prevention Measures

miry_318
Examining Ethical Hacking Frameworks

Examining Ethical Hacking Frameworks

pre_l

More Related Content