• Choose a category
• All
• Classic-Fiction

Group Policy is implemented on a Windows domain controller. Network administrators should be familiar with how to do this. It's outside the scope of this book, because many steps are involved in performing this task.

Hacking Tools

User2SID and SID2User are command-line tools that look up Windows service identifiers (SIDs from username input and vice versa.)

Enum is a command-line enumeration utility. It uses null sessions and can retrieve usernames, machine names, shares, group and membership lists, passwords, and Local Security policy information. Enum is also capable of brute-force dictionary attacks on individual accounts.

Userlnfo is a command-line tools that's used to gather usernames and that can also be used to create new user accounts.

GetAcct is a GUI-based tool that enumerates user accounts on a system.

SMBBF is a SMB brute-force tool that tries to determine user accounts and accounts with blank passwords.

What Are the Steps Involved in Performing Enumeration?

Hackers need to be methodical in their approach to hacking. The following steps are an example of those a hacker might perform in preparation for hacking a target system:

1. Extract usernames using enumeration.

2. Gather information about the host using null sessions.

3. Perform Windows enumeration using the Superscan tool.

4. Acquire the user accounts using the tool GetAcct.

5. Perform SNMP port scanning.

Exam Essentials

Understand how to enumerate user accounts. Enumeration involves making active connections to systems through either SMB/CIFS or NetBIOS vulnerabilities and querying the system for information.

Be aware of the type of information that can be enumerated on a system. The type of information enumerated by hackers includes network resources and shares, users and groups, and applications and banners.

Understand null sessions. Connecting to a system using a blank password is known as a Null Session. Null sessions are often used by hackers to connect to target systems and then run enumeration tools against the system.

Know the types of enumeration tools. NetBIOS and SNMP enumerations can be performed using tools such as SNMPUtil, and Enum.

Know how to perform a DNS zone transfer on Windows 2000 computers. Nslookup can be used to perform a DNS zone transfer.

Understand null session enumeration countermeasures. Use a firewall to block ports 135 and 139, or patch the registry to prevent null sessions.

Understand SNMP enumeration countermeasures. Turn off the SNMP services, or change the default read and read/write community names.

Know how to identify vulnerable accounts. Tools such as User2SID, SID2User, and Userlnfo can be used to identify vulnerable user accounts.

Review Questions

1. What port number does FTP use?

A. 21

B. 25

C. 23

D. 80

2. What port number does HTTPS use?

A. 443

B. 80

C. 53

D. 21

3. What is war dialing used for?

A. Testing firewall security

B. Testing remote access system security

C. Configuring a proxy filtering gateway

D. Configuring a firewall

4. Banner grabbing is an example of what?

A. Passive operating system fingerprinting

B. Active operating system fingerprinting

C. Footprinting

D. Application analysis

5. What are the three types of scanning?

A. Port, network, and vulnerability

B. Port, network, and services

C. Grey, black, and white hat

D. Server, client, and network

6. What is the main problem with using only ICMP queries for scanning?

A. The port is not always available.

B. The protocol is unreliable.

C. Systems may not respond because of a firewall.

D. Systems may not have the service running.

7. What does the TCP RST command do?

A. Starts a TCP connection

B. Restores the connection to a previous state

C. Finishes a TCP connections

D. Resets the TCP connection

8. What is the proper sequence of a TCP connection?

A. SYN-SYN ACK-ACK

B. SYN-ACK-FIN

C. SYN-SYNACK-ACK

D. SYN-PSH-ACK

9. A packet with all flags set is which type of scan?

A. Full Open

B. Syn