Weitere ähnliche Inhalte
Ähnlich wie Ceh v8 labs module 04 enumeration
Ähnlich wie Ceh v8 labs module 04 enumeration (20)
Kürzlich hochgeladen (20)
Ceh v8 labs module 04 enumeration
- 1. CEH Lab M anual
E n u m e ra tio n
M
o d u le
0 4
- 2. E n u m e r a tio n
E n u m e r a tio n is th e p ro ce ss o f e x tra c tin g u se r nam es, m a ch in e nam es, n e tiro rk
resources, shares, a n d services fr o m a system . E n u m e r a tio n is co nd ucted in a n
in tr a n e t en viro n m en t.
I C ON
KEY
/ Valuable
information
y ״Test your
knowledge
—
Web exercise
m
Workbook review
La b S cen ario
Penetration testing is much more than just running exploits against vulnerable
systems like we learned 111 the previous module. 111 fact a penetration test begins
before penetration testers have even made contact with the victim systems.
As an expert ethical hacker and penetration te s te r you must know how to
enum erate target netw orks and extract lists o f computers, user names, user
groups, ports, operating systems, machine names, network resources, and services
using various enumeration techniques.
La b O b jectives
The objective o f tins lab is to provide expert knowledge 011 network
enumeration and other responsibilities that include:
■ User name and user groups
■ Lists o f computers, their operating systems, and ports
■ Machine names, network resources, and services
■
Lists o f shares 011 individual hosts 011 the network
■ Policies and passwords
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
La b Environm ent
To earn ־out die lab, you need:
■ Windows Server 2012 as host machine
■ Windows Server 2008, Windows 8 and Windows 7 as virtual machine
■ A web browser with an Internet connection
■ Administrative privileges to nm tools
La b Duration
Time: 60 Minutes
O verview of Enum eration
Enumeration is the process of extracting user names, machine names, network
resources, shares, and services from a system. Enumeration techniques are
conducted 111 an intranet environment.
C E H Lab Manual Page 267
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 3. M odule 04 - Enum eration
TASK
1
Overview
La b T a s k s
Recommended labs to assist you 111 Enumeration:
■ Enumerating a Target Network Using Nm ap Tool
■ Enumerating NetBIOS Using the S uperScan Tool
■ Enumerating NetBIOS Using the N etB IO S
E nu m erato r Tool
■ Enumerating a Network Using the S o ftP e rfe c t
■ Enumerating a Network Using SolarW inds
N e tw o rk S canner
T oo lset
■ Enumerating the System Using H yena
La b A n a ly sis
Analyze and document the results related to die lab exercise. Give your opinion on
your target’s security posture and exposure.
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S
R E L A T E D TO T H I S LAB.
C E H Lab Manual Page 268
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 4. M odule 04 - Enum eration
E n u m e r a tin g a T a r g e t N e t w o r k
U s in g N m a p
E n u m e ra tio n is th e p ro ce ss o f e x tra c tin g u se r nam es, m a ch in e nam es, ■nehvork
resources, sha res, a n d services fr o m a system .
I C ON
KEY
1._ Valuable
information
s
Test vour
knowledge
O Web exercise
T
c a Workbook review
La b S cen ario
111 fact, a penetration test begins before penetration testers have even made contact
with the victim systems. During enumeration, information is systematically collected
and individual systems are identified. The pen testers examine the systems in their
entirety, which allows evaluating security weaknesses. 11diis lab, we discus Nmap; it
1
uses raw IP packets 111 novel ways to determine what hosts are available on die
network, what services (application name and version) those hosts are offering, what
operating systems (and OS versions) they are running, what type of packet
biters/firewalls are 111 use, it was designed to rapidly scan large networks. By using
the open ports, an attacker can easily attack the target machine to overcome this
type of attacks network filled with IP filters, firewalls and other obstacles.
As an
and penetration tester to enum erate a target
and extract a list ot computers, user names, user groups, machine names,
network resources, and services using various enumeration techniques.
expert ethical hacker
netw ork
La b O b jectives
The objective ot tins lab is to help students understand and perform enumeration
on target network using various techniques to obtain:
■ User names and user groups
■ Lists of computers, their operating systems, and the ports on them
■ Machine names, network resources, and services
■ Lists of shares on the individual hosts on die network
■ Policies and passwords
C E H Lab Manual Page 269
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 5. M odule 04 - Enum eration
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
La b Environm ent
To perform die kb, you need:
■ A computer running Windows Server 2 008 as a virtual machine
■ A computer running with Windows Server 2 0 1 2 as a host machine
■ Nmap is located at D:CEH-ToolsCEHv8
Module 04
EnumerationAdditional Enumeration Pen Testing ToolsNmap
■ Administrative privileges to install and mil tools
La b Duration
Time: 10 Minutes
O verview of Enum eration
Take asnapshot (a
type of quick backup) of
your virtual m
achine before
each lab, because if
som
ethinggoes wrong, you
can go back to it.
Enumeration is die process of extracting user names, machine names, network
resources, shares, and services from a system. Enumeration techniques are
conducted 111 an intranet environment
La b T a s k s
The basic idea 111 dns section is to:
■ Perform scans to find hosts with NetBIOS ports open (135,137-139, 445)
■ Do an nbtstat scan to find generic information (computer names, user
names, ]M addresses) on the hosts
AC
■ Create a Null Session to diese hosts to gain more information
■ Install and Launch Nmap 111 a Windows Server 2012 machine
TASK
1
1. Launch the S ta rt menu by hovering the mouse cursor on the lower-left
corner of the desktop.
Nbstat and Null
Sessions
■ 3 W in d o w s Se rv er 2012
winaowsbtrvw tt)׳>׳Ke*<$eurK!1 L»uc«mr
aau
Fvilutor cepj fejiri M T
O
/ Zenmap file installs
the following files:
* Nmap Core Files
* Nmap Path
FIGURE 1 : W
.1 indow S
s erver 2012—
Desktopview
Click the N m ap-Zenm ap
GUI
app to open the Z en m ap window.
■W
inPcap 4.1.1
■ Network Interface
Import
■ Zenmap (GUI frontend)
C E H Lab Manual Page 270
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 6. M odule 04 - Enum eration
5 t3 T t
Adm inistrator
Server
Manager
Windows
PowerShell
Google
Chrome
Hyper-V
Manager
r
=
m
o
f t
Computer
Central
Panel
Hyper-V
Virtual
Machine...
SQL Server
Installation
Center...
Nmap Zenmap
GUI
O־
Q
*J
Command
Prompt
Global
Network
Inventory
HTTPorl
3.SNFM
sS
«
liflgnr
Mozilla
Firefox
MegaPing
£
!*
־מ
0c*3Of
1!
FIGURE 1 :W
.2 indow S
s erver 2012— pps
A
3. Start your virtual machine running WMcwsSetver2008
4. Now launch die nmap tool 111 die Windows Server 2012 host machine.
5. Perform nmap -O scan for die Windows Server 2008 virtual machine
(10.0.0.6) network. Tins takes a few minutes.
HU Use the —
ossscangu option for best
ess
resultsin nm
ap.
Note:
IP addresses may vary 111 your lab environment.
Zenmap
S c jn
Target:
Tools
Profile
Help
[v ]
10.0.0.6
C om m and:
P ro file
[S ca n ]
| Cancel |
nm ap 10.0.0.6 0 ־
N m ap Output
Ports / Hosts [ Topology | Host Details | Scans
FIGURE 1 : Hie Zenm Mainw
.3
ap
indow
Nmap performs a scan for die provided target
results on die Nmap Output tab.
m Nmap.org is die
official source for
downloadingNmap source
code and binaries for
Nmap and Zenm
ap.
C E H Lab Manual Page 271
IP address
and outputs die
Your tirst target is die computer widi a Windows operating system on
which you can see ports 139 and 4 4 5 open. Remember tins usually works
only ag a in s t W indow s but may partially succeed 1 other OSes have diese
1
ports open. There may be more dian one system diat has N etB IO S open.
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 7. M odule 04 - Enum eration
Zenmap
TASK
2
Scan
T ools
£ rofile
Help
1
0
V
.0.0.6
Find hosts w ith
NetBIOS ports
open
C o m m an d :
V
P ro file
|[Scan]
n m a p -0 10.0.0.6
Services
N m ap O utput
Ports / Hosts | T op olog y | H ost Details | Scans |
n m ap -0 10.0.0.6
O S < Host
- 1 .0 .6
0. 0 ׳
S t a r tin g
Nmap 6 .0 1
(
h ttp :/ / n m a p .o r g
)
at
2 0 1 2 -0 9 -0 4 1 0 :5 5
Nmap s c a n r e p o r t f o r 1 0 . 0 . 0 . 6
H o s t i s up (0 .0 0 0 1 1 s l a t e n c y ) .
N o t s h o w n : 993 f i l t e r e d p o r t s
PORT
ST AT E S E R V IC E
1 3 5 /tcp
op en
m srp c
1 3 9 /tcp
op en
n e t b io s - s s n
op en
4 4 5 / tcp
r o ic r o s o f t - d s
op en
5 5 4 / tc p
rts p
op en
2 8 6 9 / tc p
ic s la p
5 3 5 7 / tc p
op en
w sdapi
1 0 2 4 3 / tc p op en
unknown
(M ic r o s o ft)
MAC A d d r e s s : W a r n in g : O SS ca n r e s u l t s may b
n o t f i n d a t l e a s t 1 op en and 1 c l o s e d p o r t
D e v ic e t y p e : g e n e r a l p u rp o s e
R u n n in g : M i c r o s o f t W in d o w s 7 |V i s t a | 2008
OS C P E : c p e : / o : m i c r o s o f t : w i n d o w s _ 7 : : p r o f e s s i o n a l
o :m ic r o s o f t :w in d o w s _ v is t a : : ־c p e :/
n • ויזוr r n c n ^ t • u i n H n w c
Filter Hosts
% c • • ־c n l
/ וt־s»
c p e :/
rn s • /
FIGURE 1 The Zenm outputw
.4:
ap
indow
8. Now you see that ports 139 and 445 are open and port 139 is using
NetBIOS.
9. Now launch die com m and prom pt 111 W indow s S erver 2 0 0 8 virtual
machine and perform n b ts ta t on port 139 ot die target machine.
10. Run die command n b ts ta t -A
1 0 .0 .0 .7 .
Ha
c יA d m in is tr a to r C om m and P ro m p t
C : U s e r s A d n in is tr a t o r > n b ts t a t
m Nmap has
traditionally been a
com and-line tool run
m
from aUNIX shell or
(m recendy) aW
ore
indows
com and prom
m
pt.
L o c a l A re a C o n n e c tio n 2 :
Node I p A d d r e s s : [ 1 0 . 0 . 0 . 3 ]
N e tB IO S
R e m o te
Nane
1 0 .0 .0 .?
= D . J l. A
*
—
S cope
Id :
M a c h in e
[I
Name T a b l e
Type
W IN - D 3 9 M R S H L9E 4<0 0 >
WORKGROUP
<00>
W IN -D 3 9 M R 5 H L 9 E 4 < 2 0 >
MAC A d d r e s s
-A
_x
S ta tu s
U N IQ U E
GROUP
U N IQ U E
R e g is te re d
R e g is te re d
R e g is te re d
M
J1_-2D
C :U s e r s A d n in is tr a to r >
zl
FIGURE 1 : Com andProm w dienbtstat com and
.5
m
pt ith
m
11. We have not even created a null session (an unaudienticated session) yet,
and we can still pull tins info down.
3
task3
12. Now c re a te a null session.
C reate a Null
Session
C E H Lab Manual Page 272
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 8. M odule 04 - Enum eration
13. 11the command prompt, type n e t use X .X .X .X IP C $ /u:”” (where
1
X .X .X .X is die address of die host machine, and there are no spaces
between die double quotes).
cs Administrator: C o m m a n d Prompt
.
H
C:'net use 10.0.0.7IPC$ ""/u:""
L ocal name
Renote name
W10.0.0.7IPC$
Resource type
IPC
Status
OK
# Opens
0
t Connections
t
1
The comnand completed successfully.
& Net Com and
m
Syntax: NET [
ACCOUNTS |
COMPUTER | CONFIG
| CONTINUE | FILE |
GROUP | HELP |
HELPMSG |
LOCALGROUP | NAME
| PAUSE | PRINT |
SEND | SESSION |
SHARE | START |
STATISTICS | STOP |
TIME | USE | USER |
VIEW ]
C:>
FIGURE 1.6 The com andprom w thenet u com and
:
m
pt ith
se m
it by issuing a genenc n et
sessions from your host.
14. Confirm
15. To confirm, type n et
session.
use,
use
command to see connected null
which should list your new ly
c re a te d
null
FIGURE 1 : The com andprom , iththenet u com and
.7
m
pt w
se m
La b A n a ly sis
Analyze and document die results related to die lab exercise. Give your opinion on
your target’s security posture and exposure.
C E H Lab Manual Page 273
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 9. M odule 04 - Enum eration
T o o l/U tility
In fo rm atio n C o lle c te d /O b je c tiv e s A chieved
T a rg e t M achine:
10.0.0.6
135/tcp, 139/tcp, 445/tcp,
554/tcp, 2869/tcp, 5357/tcp, 10243/tcp
L ist o f O p e n P orts:
N m ap
N e tB IO S R em ote m ach in e IP address:
10.0.0.7
Successful connection of Null session
O u tp u t:
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S
R E L A T E D TO T H I S L A B .
Q uestio ns
1. Evaluate what nbtstat -A shows us for each of the Windows hosts.
2. Determine the other options ot nbtstat and what each option outputs.
3. Analyze the net use command used to establish a null session on the target
machine.
In te rn e t C o n n ectio n R equired
□ Yes
0
No
P latform S upported
0 C lassroom
C E H Lab Manual Page 274
0
!Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 10. M odule 04 - Enum eration
Lab
E n u m e r a tin g N e tB I O S U s in g t h e
S u p erS ca n T ool
S /tp e rS c a n is a T C P p o / t scanner, p in g e r, a n d resolver. T h e to o l's fe a tu r e s includ e
e x te n siv e W in d o w s h o s t en u m era tio n ca p a b ility, T C P S Y N sca n n in g , a n d U D P
scan ning .
I C ON
KEY
[£Z7 Valuable
information
s
—
m
Test your
knowledge
Web exercise
Workbook review
La b S cen ario
During enumeration, information is systematically collected and individual systems
are identified. The pen testers examine the systems 111 their entirety; tins allows
evaluating security weaknesses. 11 this lab we extract die information of NetBIOS
1
information, user and group accounts, network shares, misted domains, and
services, which are either running or stopped. SuperScan detects open TCP and
UDP ports on a target machine and determines which services are running on those
ports; bv using this, an attacker can exploit the open port and hack your machine. As
an expert ethical hacker and penetration tester, you need to enumerate target
networks and extract lists of computers, user names, user groups, machine names,
network resources, and services using various enumeration techniques.
La b O b jectives
The objective of tins lab is to help students learn and perform NetBIOS
enumeration. NetBIOS enumeration is carried out to obtain:
■ List of computers that belong to a domain
■ List of shares on the individual hosts on the network
■ Policies and passwords
C E H Lab Manual Page 275
Ethical Hacking and Countermeasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 11. M odule 04 - Enum eration
La b Environm ent
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
To earn* out die k b, von need:
■
SuperScan tool is located at D:CEH-ToolsCEHv8 Module 04
EnumerationNetBIOS Enumeration ToolsSuperScan
■ You can also download the latest version of SuperScan from tins link
http://www.mcatee.com/us/downloads/tree-tools/superscan.aspx
■
A computer running Windows Server 2012 as host machine
■
Windows 8 running on a virtual macliine as target machine
■ Administrative privileges to install and run tools
■ A web browser with an Internet connection
m You can also
download SuperScan from
http:/ / www.foundstone.co
La b Duration
Time: 10 Minutes
O verview of N etB IO S Enum eration
1. The purpose ot NetBIOS enumeration is to gather information, such as:
a.
Account lockout threshold
b. Local groups and user accounts
SuperScanis not
supported byW
indows
95/98/ME.
c. Global groups and user accounts
2. Restnct anonymous
a.
bypass
routine and also password checking:
Checks for user accounts with blank passwords
b. Checks for user accounts with passwords diat are same as die
usernames 111 lower case
La b T a s k s
m. T A S K
1
1.
Double-click the S uperS can4 file. The SuperScan window appears.
Perform
Enumeration
C E H Lab Manual Page 276
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 12. M odule 04 - Enum eration
m W
indows XP Service
Pack 2 has rem
oved raw
sockets support, which
nowlim S
its uperScan and
m other network
any
scanningtools. Som
e
functionality can be
restored byrunning the net
stop SharedA
ccess at the
W
indows com and
m
prompt before starting
SuperScan.
is SuperScan features:
J
Superior scanning speed
Support for unlim IP
ited
ranges
Improved host detection
usingm
ultiple ICMP
m
ediods
TCP SYN scanning
UDP scanning (tw
o
m
ediods)
2.
Click the Windows Enumeration tab located on the top menu.
3.
Enter the Hostname/IP/URL 111 the text box. 111 this lab, we have a
W indows 8 virtual machine IP address. These IP addresses may van 111 ׳
lab environments.
4.
Check the types o f enum eration you want to perform.
Now, click Enumerate.
%
>^Tx
Sa | Hs a dSrv eDcvry| Sa Otios| To | WdwE mrao~Aot |
cn ot n e ic isoe c n p n ols no s me hn| bu
Hstn e/IP R 10008
o am /U L
| Eu e te | Otios |
nmra
p n...
Eu e tio Tp
nm n ye
ra
IP add import
ress
supporting ranges and
CIDR form
ats
Sim HTML report
ple
generation
Source port scanning
Fast hostnam resolving
e
Extensive banner
grabbing
M
assive built-in port list
description database
IP and port scan order
random
ization
SuperScan 4.0
o
Ca
ler
0 NtB SNmTb
e IO a e ale
0 NL Ssio
UL es n
0 MC dr se
A Adess
0 W s tio tye
o ta n p
rk
0 Ues
s»
0 Gus
rp
o
0 RCEdo tDm
P npin u p
0 AcutPlic s
con o ie
0 Sae
hr s
0 Dm s
oa
in
0 RmteT eoDy
eo m f a
0 LgnSsios
oo es n
0De
r s
iv
0 T s dDm s
r te o a
u
in
0 Sr ics
ev e
0 Rg tr
eis y
A collection of useful
tools (ping, traceroute,
W
hois etc.)
Extensive W
indows host
enum
eration capability
Ready
-J
FIGURE 2.2: S
uperScan m windowwith IP ad ress
ain
d
C E H Lab Manual Page 277
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 13. M odule 04 - Enum eration
6.
SuperScan starts en um erating the provided hostnam e and displays the
results 111 the right pane o f the window.
%־
You canu
se
SuperScan to performport
scan retrieve general
s,
network inform
ation, such
a nam lookups and
s
e
traceroutes, and enum
erate
W
indows host inform
ation,
such a users, groups, and
s
services.
X
Su p erScan 4.0
'
Sa | Hs adSrv eDcvr | Sa Otios| To Wd w Eu ea n|Aot |
cn ot n e ic isoey cn p n ols n o s nm tio bu
r
Hstn e/IP R 1.0 .8
o am /UL 0 .0
Eu ea
nmr te Otios
p n...
NtB S inform o 10.0.0.8
e IO
ation n
Eu ea nTp
nm tio ye
r
0 NtB SNmTb 4 nms in table
e IO a e ale
ae
WNL Ssio
UL es n
0 MC dr se
A Adess
AM
DIN
00 UIQE W
N U orkstation service nm
ae
WKRU
O GOP 00 COP W
R
RU orkstation service nm
ae
0 Wr s tio tye
okta n p
AM
DIN
20 UIQE Server services nm
NU
ae
0 Ues
sr
WKRU
O GOP
R
IE GOP G u nm
RU ro p a e
0 Gus
rp
o
0 RCEdo tDm M address 0
P npin u p A
C
'£
0 AcutPlic s
con o ie
A pting a NL session connection o 10.0.0.8
ttem
UL
n
0 Sae
hr s
s.
j?
0 Dm s
oa
in
0 RmteTn oDy
e o »e f a
0 LgnSsios
oo es n
0De
r s
iv
0 Tute Dm s
rs d oa
in
0 Sr ics
ev e
0 Rg tiy
eis
o 10.0.0.8
n
W
orkstation/server type o 10.0.0.8
n
U o 10.0.0.8
sers n
G u s o 10.0.0.8
ro p n
RCendpoints o 10.0.0.8
P
n
E 0
ntry
Ready
FIGURE 2.3: S p canm w
u erS
ain indowwith re u
s lts
7. Wait for a while to c o m p le te the enumeration process.
8. A lter the com pletion o f the enumeration process, an E num eration
com pletion message displays.
%
Su p erScan 4.0
1 ^ 1 ° r
X
י
Sa | HsadSrv eDcvr | Sa Otios| To Wd w Eu ea n[Aot |
cn ot n e ic isoey cn p n ols n o s nm tio bu
r
Your scancan be
configured in tire Host and
Service Discovery and S
can
Options tabs. The S
can
Options tab lets you
control such tilings a
s
nam resolution and
e
banner grabbing.
Hstn e/IP R 1.0 .8
o am /UL 0 .0
Eu e te | Otios |
nmra
p n...
Eu e tio Tp
nm n ye
ra
0 N IO NmTb S
e S a e ale hares o 10.0.0.8
tB
n
0 NL Ss n
UL esio
0 M Ad sss
A dre e
C
0 W s tio tye
o ta n p
rk
Dmin o 10.0.0.8
oas n
0 Urs
s
e
0 Gus
rop
n
0 RC npn D p Rmte tim of day o 10.0.0.8
P Edot u
m eo e
0 AcutPfcie
con o c s
Lg n sessions o 10.0.0.8
oo
n
0 Sa s
hre
0 Dmis
oa
s
0 RmteT eoD D
e o im f a
y rives o 10.0.0.8
n
0 LgnSs n
oo esios
0 De
rivs
T
rusted Dmin o 10.0.0.8
oas n
rute o a
in
on 0 T s dDm s
e ics
e
a
> 0 Srvtry
0 R is
e
g
Rmte services o 10.0.0.8
eo
n
Ca
ler
M
Rmte registry item o 10.0.0.8
eo
s n
E eration com 1
num
plete 1
✓י
Ready
Erase Results
FIGURE 2.4: S p canm w
u erS
ain indowwith re u
s lts
9. N ow move the scrollbar up to see the results o f the enumeration.
C E H Lab Manual Page 278
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 14. M odule 04 - Enum eration
10. To perform a new enumeration on another host name, click the Clear
button at the top right of the window. The option erases all the
previous results.
'IT
£Q SuperScan h four
as
different ICMP host
discoverym
ethods
available. This isuseful,
because w a firew
hile
all
m block ICMP echo
ay
requests, it m not block
ay
other ICMP packets, such
a tim
s estam requests.
p
SuperScangives you die
potential to discover m
ore
hosts.
03
Su p erScan 4.0
1 ^ ־ם
x י
Sa | Hs a dSrv eDcvry| Sa Otios| To WdwEu e tio | Aot |
cn ot n e ic isoe cn p n ols ino s nm n bu
ra
Hstn e/IP R 10008
o am /U L
Eu e te |
nmra
j
Oa |
e,
B
inding: ״ncacn_ip_tcp:10.0.0.8[49154]״
Eu ea nTp
nm tio ye
r
O Id: ״00000000 -0000 -0000״
bject
000000- 0000- 000000
0 NtB SNmTb
e IO a e ale
A
nnotation: "X rv service"
«ctS
0 NL Ssio
UL es n
E 2
ntry 5
Interface: ״Ia0d010f-lc33-432c-b0f5-8cf4e8053099" ver
0 MC dr se
A Adess
1.0
0 Wr s tio tye
okta n p
B
inding: "ncacn_np:10.0.0.8[PIPEat*vc]"
0 s»
Ue s
O Id: "0000- 0000- 00000000״
bject
000000- 0000- 000000
0 G us
rp
o
A
nnotation: ״IdS rv ■trvic•"
egS
0 RC npinD p E 2
P Edo t u
m ntry 6
Interface: ״Ia0d010f-lc3343 ־c־b0fS8־cf4a305 0 9 ver
2
39"
0 AcutPfcie
con o c s
1.0
0 Sa s
hre
B
inding: "ncacn_ip_tcp:10.0.0.8[49154]״
0 Dm s
oa
n
bject
000000- 0000- 000000
0 RmteT eoD
eo mf a
y O Id: ״00000000 -0000 -0000״
A
nnotation: "IdS rv service"
egS
E 2
ntry 7
0 LgnSs n
oo esios
Interface: "880fd55e-43b9-lle0-bla8-cf4edfd72085" ver
0 De
rivs
1.0
0 T ste Dm s
ru d o a
in
B
inding: "ncacn_np:10.0.0.8[WIP W "
P S atsvc]
0 Srv e
e ics
O Id: "0000- 0000- 00000000״
bject
000000- 0000- 000000
0 Rg try
eis
A
nnotation: " AI Service endpoint"
KP
E 2
ntry 8
Interface: "880fd55e-43b9-lle0-bla8-cf4edfd72085” ver
1
.0
B
inding: "ncacn_ip_tcp:10.0.0.8[49154]״
O Id: ״00000000 -0000 -0000״
bject
000000- 0000- 000000
A
nnotation: ״KP Service endpoint"
AI
E 2
ntry 9
Interface: "880fdS5e-43b9-lle0-bla8-cf4edfd72085" ver
Ready
FIGURE 2.5: S p canm w
u erS
ain indowwithre u
s lts
La b A n a ly sis
Analyze and document die results related to die lab exercise. Give your opinion on
your target’s security posture and exposure.
Tool/Utility
Information Collected/Objectives Achieved
Enumerating Virtual Machine IP address: 10.0.0.8
SuperScan Tool
Performing Enumeration Types:
■ Null Session
■ MAC Address
■ Work Station Type
■ Users
■ Groups
■ Domain
■ Account Policies
■ Registry
Output: Interface, Binding, Objective ID, and
Annotation
C E H Lab Manual Page 279
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 15. M odule 04 - Enum eration
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S
R E L A T E D TO T H I S L A B .
Q uestio ns
1. Analyze how remote registry enumeration is possible (assuming appropriate
access nghts have been given) and is controlled by the provided registry.txt
tile.
2. As far as stealth is concerned, tins program, too, leaves a rather large
footprint in die logs, even 111 SYN scan mode. Determine how you can
avoid tins footprint 111 the logs.
Internet Connection Required
□ Yes
0
No
Platform Supported
0
C E H Lab Manual Page 280
Classroom
0 !Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 16. M odule 04 - Enum eration
3
E n u m e r a tin g N e tB I O S U s in g t h e
N e tB I O S E n u m e r a to r T o o l
E n u m e r a tio n is th e p ro cess o f p r o b in g id e n tifie d services f o r k n o w n w ea kn esses.
I C ON
KEY
/ Valuable
information
Test your
knowledge
g
Web exercise
m Workbook review
La b S cen ario
Enumeration is the first attack 011 a target network; enumeration is the process of
gathering the information about a target machine by actively connecting to it.
Discover NetBIOS name enumeration with NBTscan. Enumeration means to
identify die user account, system account, and admin account. 111 tins lab, we
enumerate a machine’s user name, MAC address, and domain group. You must
have sound knowledge of enumeration, a process that requires an active connection
to the machine being attacked. A hacker enumerates applications and banners ni
addition to identifying user accounts and shared resources.
La b O b jectives
The objective of this lab is to help students learn and perform NetBIOS
enumeration.
The purpose of NetBIOS enumeration is to gather the following information:
■ Account lockout threshold
■ Local groups and user accounts
■ Global groups and user accounts
■ To restrict anonymous bypass routine and also password checking for
user accounts with:
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
C E H Lab Manual Page 281
•
Blank passwords
•
Passwords that are same as the username 111 lower case
La b Environm ent
To earn ־out die lab, you need:
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 17. M odule 04 - Enum eration
■ NETBIOS Enumerator tool is located at
D:CEH-ToolsCEHv8 Module
04 E nu m eratio n N etB IO S E num eration T oo lsN etB IO S E num erator
■ You can also download the latest version of N etB IO S
the link http:// nbtenum.sourceforge.11et/
E nu m erato r
from
■ If you decide to download the latest version, then screenshots shown m
the lab might differ
■ Run tins tool in W indow s
S erver 2 0 1 2
■ Administrative privileges are required to nan this tool
La b Duration
Time: 10 Minutes
O verview of Enum eration
Enumeration involves making active connections, so that they can be logged.
Typical information attackers look for 111 enumeration includes user account names
for future password guessing attacks. NetBIOS Enumerator is an enumeration tool
that shows how to use rem ote network support and to deal with some other
interesting web techniques, such as SMB.
La b T a s k s
NetBIOS Enumerator
!
f k j I P range to scan
from: |
t o :||
Scan
|
Clear
Settings
X
Performing
Enumeration
using NetBIOS
Enumerator
1. To launch NetBIOS Enumerator go to D:CEH-ToolsCEHv8 Module 04
EnumerationNetBIOS Enumeration ToolsNetBIOS Enumerator, and
double-click NetBIOS Enum erater.exe.
ם
1
1
TASK
1
£
|
Your local ip:
10.0.0.7
W
[1 ...2 54 ]
Debug window
A
m NetBIOS is designed
to help troubleshoot
NetBIOS nam resolution
e
problem When a network
s.
is functioning norm
ally,
NetBIOS over TCP/IP
(NetBT) resolves NetBIOS
nam to IP ad resses.
es
d
לעב
FIGURE 3.1: NetBIOS Enum
erator m w
ain indow
C E H Lab Manual Page 282
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 18. M odule 04 - Enum eration
2. In the IP range to scan section at the top left of the window, enter an IP
range in from and to text fields.
3.
Click Scan.
m Feature:
Added port scan
GUI - ports can b
e
added, deleted, edited
Dynam m ory
ic em
m
anagem
ent
NetBIOS Enumerator
IP range to scan
fron :| 10.0.0.1
to | 10.0.0.501
Scan
Clear
T ZL^ 1 *
'
Settings
Your local ip:
10.0.0.7
W
[1 ...2 54 ]
Debug window
Threaded work (64 ports
scanned at once)
m Network function
SMB scanningis also
im
plem
ented and running.
FIGURE 3.2: NetBIOS Enum
eratorwithIP ran eto s a
g
cn
4. NetBIOS Enumerator starts scanning for die range of IP addresses
provided.
m The network
function,
NetServerGetlnfo, is also
im
plem
ented in this tool.
C E H Lab Manual Page 283
5. After the compledon of scanning, die results are displayed in die left pane
of die window.
6. A Debug w indow section, located 111 the right pane, show’s the scanning of
die inserted IP range and displays Ready! after completion of the scan.
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 19. M odule 04 - Enum eration
NetBIOS Enumerator
a
f i ) IP rang e to scan
Scan
from :| 1 0 .0 .0 .1
]1 0 .0 .0 .7
to : | 1 0 .0 .0 .5 0
P
B ?
0
N etB IO S Names (3)
^
Q=* The protocol SNMP
is im
plem
ented and
running on all versions of
W
indows.
[1 ...2 5 4 ]
10.0.0.3 [WIN-ULY858KHQIP]
|U
l~ 2 f
י
Settings
Your local ip:
W IN -U LY858KH Q IP - W orkstation Service
Debog window
Scanning from:
to : 1 0 .0 .0 .5 0
R eady!
WORKGROUP - Domain Name
W IN -U LY858KH Q IP - R le Server Service
U sername: (No one logged on)
Domain: WORKGROUP
Of Round Trip Tim e (RTT): 3 ms - Tim e To Live ( m i
S
?
3
1 0 .0 .0 .6 [ADMIN-PC]
H I N etB IO S Names (6)
%
A DMIN-PC - W orkstation Service
י
WORKGROUP - Domain Name
A DMIN-PC - R le Server Service
^ §5 WORKGROUP - Potential M aster Browser
%
WORKGROUP - M aster Browser
^
□ □ _ M S B R O W S E _ □ □ - M a s t e r Browser
Username: (No one logged on)
I— ET Domain: WORKGROUP
,r
■— |
5 Of R o u n d T n p T im e (RTT): 0 ms -T im e T o U ve (TTl.
—
B
?
1 0 .0 .0 .7 [W IN -D 39M R 5H L9E4]
0 • E 3 N etB IO S Names (3)
! Q Username: (No one logged on)
[
{
Of Domain: WORKGROUP
■<״ ״
#
.- עt.
5 • O f Round Trip Tim e (RTT): 0 ms -T im e To Lrve ( T H ^
-
FIGURE 3.3: NetBIOS Enum
erator re u
s lts
7. To perform a new
scan
or rescan, click Clear.
8. If you are going to perform a new scan, die previous scan results are
erased.
La b A n a ly sis
Analyze and document die results related to die lab exercise.
Tool/Utility
Information Collected/Objectives Achieved
IP Address Range: 10.0.0.1 —
10.0.0.50
NetBIOS
Enumerator
Tool
C E H Lab Manual Page 284
Result:
■ Machine Name
■ NetBIOS Names
■ User Name
■ Domain
■ MAC Address
■ Round Trip Time (RTT)
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 20. M odule 04 - Enum eration
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S
R E L A T E D TO T H I S L AB .
Internet Connection Required
□Y
es
Platform Supported
0 Classroom
C E H Lab Manual Page 285
0 No
0
!Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 21. M odule 04 - Enum eration
E n u m e r a tin g a N e t w o r k U s in g
S o ftP e r fe c t N e tw o r k S c a n n e r
JT ffP e fe c t N e t)) 01׳k S c a n n e r is a fr e e m u lti-th re a d e d IP , N e tB I O S , a n d S N M P
o
sca n n er n ith a m o d ern in terface a n d m a n y a d va n ced fe a t//re s.
I C ON
KEY
[^7 Valuable
information
y
Test your
knowledge
—
Web exercise
m
Workbook review
La b S cen ario
To be an expert ethical hacker and penetration tester, you must have sound
knowledge of enumeration, which requires an active connection to the machine
being attacked. A hacker enumerates applications and banners 111 addition to
identifying user accounts and shared resources, hi this lab we trv to resolve host
names and auto-detect vour local and external IP range.
La b O b jectives
The objective of this lab is to help students learn and perform NetBIOS
enumeration. NetBIOS enumeration is carried out to detect:
■ Hardware MAC addresses across routers
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
■ Hidden shared folders and writable ones
■ Internal and external IP address
La b Environm ent
To carry out the lab, you need:
■ SoftPerfect Network Scanner is located at
D :CEH-ToolsCEHv8
M odule 0 4 E num erationSN M P E num eration T o o lsS o ftP erfect
N e tw o rk S cann er
■ You can also download the latest version of S o ftP e rfe c t N e tw o rk
S cann er from the link
http: / /www.sottpertect.com/products/networkscanner/
C E H Lab Manual Page 286
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 22. M odule 04 - Enum eration
■ If you decide to download die latest version, then screenshots shown in
the lab might differ
■ Run this tool 111 W indow s
2 0 1 2 server
■ Administrative privileges are required to run this tool
m You can also
download SoftPerfect
Network Scanner from
http://www.SoftPerfect.
com
.
La b Duration
Tune: 5 A
luiutes
O verview of Enum eration
Enumeration involves an active connection so diat it can be logged. Typical
information diat attackers are looking for uicludes user account names for future
password-guessuig attacks.
La b T a s k
E
TASK
1
Enumerate
N etw ork
1. To launch SoftPerfect Network Seamier, navigate to
D:CEH-ToolsCEHv8
Module 04 EnumerationSNMP Enumeration ToolsSoftPerfect N etw ork
Scanner
2. Double-click netscan.exe
SoftPerfect Network Scanner
■
0
File
View
Actions
Options
Bookmarks
fg
0
.0
□ טy
Range From
IP Address
.
.0
Host Name
| to
L^J
Help
|~ 0
MAC Address
.
* ₪ A «r j* ■ * Q (0 Web-site
■
I ♦ 3►
f>Start Scanning *
£
0 . 0 . 0
Response Time
m SoftPerfect allow
s
you to m
ount shared
folders a network drives,
s
brow themusing
se
W
indows Explorer, and
filter the results list.
Ready
Threads
Devices
0/0
Scan
FIGURE 4.1: S erfect Network S n m w
oftP
can er ain indow
3. To start scamung your network, enter an IP range ui die Range From field
and click S tart Scanning.
C E H Lab Manual Page 287
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 23. M odule 04 - Enum eration
•
0
0
SoftPerfect Network Scanner
File
V iew
Actions
O ptions
Bookm arks
0
.
1-1
Help
□ L3 H
Range From I
B #
E0
.
.
0
1
to
I
10
• 0
.
50
♦ ןa
W eb-site
II
Start Scanning
Response Time
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
Ready_______________________Threads__________ Devices
0/0
FIGURE 4.2: S erfect settin anIP ran eto s a
oftP
g
g
cn
4. The status bar displays the status ot the scamied IP addresses at die
bottom of die window.
>
*
j
File
SoftPerfect Network Scanner
View
□
A ction s
Options
Bookm arks
Range From
El .
F Address
?
Help
| X fc* V IP ₪ id
y
0
. 0
1
| To |
10
.
0
0
50
10.0.0.1
MAC Address
fa, & Q W W eb-site
~♦ a
|
IB Stop Scanning
»
jj
Response Tme
0!
Host Name
0 ms
B
10.0.0.2
WIN-MSSELCK4...
D
■ 1...
-י
ffl
10.0.0.3
WIN-ULY858KH...
0!
1-0...
1ms
,■« 10.0.0.5
WIN-LXQN3WR...
0!
S-6...
4 ms
ISA 10.0.0.6
ADMIN-PC
0'
1-0...
0 ms
e■ 10.0.0.7
WIN-D39MR5H...
D
5-C...
0 ms
Igu 10.0.0.8
ADMIN
0!
t-0...
0 ms
1«u 10.0.0.10
WINDOWS8
Ot
.8-6...
2 ms
a
B
£Q SoftPerfect Network
Scanner can also check for
auser-defined port and
report if one is open. It can
also resolve host nam
es
and auto-detect your local
and external IP range. It
supports rem shutdow
ote
n
and Wake-On-LAN.
.
.
2ms
FIGURE 4.3: S erfect s tu bar
oftP
ta s
5. To view die properties of an individual
particular IP address.
C E H Lab Manual Page 288
IP address,
nght-click diat
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 24. M odule 04 - Enum eration
SoftPerfect Network Scanner
File
V iew
Range From
Actions
O ptions
Bookm arks
B3
To
IP Address
e i
Help
10
50
♦ £%•
MAC Address
0 ■ ^ ^-2...
10 .0 .0 .1
1 ». 1 .0 .2
1
0 .0
VVIN-MSSELCK4..
ש
0ms
D
j^> Start Scanning *
Response Time
2ms
WIN-UL'f
■j 10.0.0.3
■ «- l...
ADMIN-P
Copy
e b 10.0.0.7
WIN-D 39
Properties
ADMIN
>
►
WIN-LXQ
eu
s
eta 10.0.0.5
eu 1 .0 .6
0 .0
El
Open Computer
10 .0 .0 .8
e 1 .0 .1
ta 0 .0 0
WINDOW
Rescan Com puter
i
W ake-O n-LAN
R em ote Shutdow n
R em ote Suspend / Hibernate
Send Message...
Create Batch File...
Devices
8/8
FIGURE 4.4: S erfect IP ad re sscan edd ta
oftP
ds
n e ils
La b A n a ly sis
Analyze and document die results related to die lab exercise.
Tool/Utility
Information Collected/Objectives Achieved
IP Address Range: 10.0.0.1 —
10.0.0.50
SoftPerfect
Network
Scanner
Result:
■ IP Address
■ Host Names
■ MAC Address
■ Response Time
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S
R E L A T E D TO T H I S L A B .
Q uestio ns
1. Examine die detection of die IP addresses and MAC addresses across
routers.
2. Evaluate die scans for listening ports and some UDP and SNMP services.
C E H Lab Manual Page 289
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 25. M odule 04 - Enum eration
3.
H o w w o u ld y o u la u n c h e x te rn a l th ird - p a rty a p p lic a tio n s ?
Internet Connection Required
□ Yes
Platform Supported
0 Classroom
C E H Lab Manual Page 290
0 !Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 26. M odule 04 - Enum eration
Lab
E n u m e r a tin g a N e t w o r k U s in g
S o la v W in d s T o o ls e t
T h e S o la r W in d s T o o ls e t p r o v id e s th e to o ls y o n n e e d n s a n e tw o r k en g in ee r
o r n e tn o r k
c o n s u lta n t to g e t y o u r j o b
d on e.
T o o ls e t in c lu d e s b e st-o f-b re e d
s o lu tio n s th a t w o r k s im p ly a n d p re c ise ly , p r o v id in g th e d ia g n o stic, p e t fo r m a nee,
and
b a n d w id th
m e a su re m e n ts y o u
w a n t,
w ith o u t e x tr a n e o u s, n n n e c e s s a y
fe a tu r e s .
I C ON
KEY
/ Valuable
information
Test your
knowledge
— Web exercise
m
Workbook review
Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
La b S cen ario
Penetration testing is much more than just running exploits against vulnerable
systems like we learned 111 the previous module. 111 fact a penetration test begins
before penetration testers have even made contact with die victim systems. Rather
dian blindly dirowing out exploits and praying diat one of them returns a shell,
penetration tester meticulously study the environment for potential weaknesses and
their mitigating factors. Bv the time a penetration tester runs an exploit, he or she is
nearly certain diat it will be successful. Since failed exploits can in some cases cause a
crash or even damage to a victim system, or at die very least make the victim unexploitable 111 the future, penetration testers won't get the best results. 111 tins lab we
enumerate target system services, accounts, hub ports, TCP/IP network, and routes.
You must have sound knowledge of enumeration, which requires an active
connection to the macliine being attacked. A hacker enumerates applications and
banners 111 addition to identifying user accounts and shared resources.
La b O b jectives
The objective of tins lab is to help students learn and perform NetBIOS
enumeration. NetBIOS enumeration is carried out to detect:
■ Hardware MAC addresses across routers
■ Hidden shared folders and writable ones
■ Internal and external IP addresses
C E H Lab Manual Page 291
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 27. M odule 04 - Enum eration
La b Environm ent
To earn’ out the lab, you need:
י
m You can also
download SoftPerfect
Network Scanner from
http://www.solarwinds
.com
SolarW inds-Toolset-V10 located at D:CEH-ToolsCEHv8 M odule 04
E num erationSN M P E num eration ToolsS olarW ind’s IP N e tw o rk
B row ser
■ You can also download the latest version of SolarW inds
S cann er trom the link http:/ /www.solarw1nds.com/
■ If you decide to download the la te s t
111 the lab might differ
version,
T oo lset
then screenshots shown
■ Run tliis tool 111 W indow s S erver 2 0 1 2 Host machine and W indow s
S erver 2 0 0 8 virtual machine
■ Administrative privileges are required to run tins tool
■ Follow the w izard -d riven installation instructions
La b Duration
Tune: 5 Minutes
O verview of Enum eration
Enumeration involves an active connection so that it can be logged. Typical
information diat attackers are looking for includes user account names tor future
password guessing attacks.
La b T a s k
W TASK
1
Enumerate
N etw ork
1. Configure SNMP services and select Start
_
File
Acton
ViM
4■. *־S j □
E3 Cut troubleshooting
tim in half usingthe
e
W
orkspace Studio, which
puts the tools you need for
com on situations at your
m
fingertips
^ ־Control Panel
־
^־A dm inistrative Tools ^־Services.
־
□ X
־
Help
£5
B
3
► ■ « ►י
f t Stiver
Sh«H Hardware Detect!:n
S^Smir Card
£4 Smart Card Removal Policy
E SNMP Servke
Descnptior:
Lrvjfck: Smpk Network
4 SNMP Trap
Management Protocol (SNMP)
^ Software Protection
requests to be processed by this
^ Special Admimilitlicn Comcle Hdpct
computer If this service 1 stopped,
5
the computer • ill be unable to
w
wfcSpot Verifier
5
proem SNMP irquetti. If this servic. & S G I Full-text Filter Daemon launcher -.
k disabled, any services that eiplicitlj
*׳SQL Server (MSSQLSERVER)
depend on it will fail to (tart.
&SQL Server Agent (MSSQLSERVER)
SQL Server Analyse Services (MSSQLS..
SQL Server Browser
& SQL Server Distributed Replay CSert
£6 SQL Server Dirtributed Replay Cortrcl £&SQL Server Integration Services 110
5* SQL Server Reporting Services (MSSQL Q SQL Server VSS Writer
{fcSSDP Discovery
Superfetch
System Event Notification Sciyicc
, $׳Task Scheduler
S i TCP/IP NetBIOS Helper
Dcscnpton
Supports Me, paProvide* notifica..
Manages access..
Allow* the cyst*...
Enables Simple...
trap m
#_.
FrvtLIrs th* (Scfjj..
A w * adrniktti. .
llo ■
Verifies potential..
Service to launch..
Provides stcrcge...
Executesjobs. m
...
Supplies online a-.
Provides SQL Ser..
One or more Dist..
Provides trace re...
Provides manag..
Manages, execute.
Provides the inle_.
D«wen nehvorMaintains and i .
Monitors system
—
Enables a user to..
Provides support..
Status
Running
Running
Running
Running
Running
Running
Running
Running
Running
Running
Running
Running
Startup type
Automatic
Automatic
DkabUd
Manual
Automatic
Manual
Automatic (D...
Manual
Manual (Trig...
Manual
Automatic
Manual
Automatic
Disabled
Manual
Manual
Automatic
Automatic
Automatic
Oisabled
Manual
Automatic
Automatic
Automatic (T».
Log On As
Local Syste...
Local Syste...
Local Service
Local Syste ..
Local Syste .. 1
Local Service
NrtrtorV S..
Local Syste...
Local Syste..
NT Servke...
NT Service...
NT Scrvice...
NT Service...
Local Service
NT Service...
NT Service...
NT Service...
NT Servke...
Local Syste.״
Local Service
Local Syste..
Local Syste..
Local SysteLocal Service
Extended >Standard/
v
FIGURE 5.1: S gSNMP S ic s
ettin
erv e
C E H Lab Manual Page 292
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 28. M odule 04 - Enum eration
2. Double-click SNMP service.
3. Click die Security tab, and click Add... The SNMP Services Configuration
window appears. Select READ ONLY from Community rights and Public 111
Community Name, and click Add.
SNMP Service Properties (Local Computer)
Se cu rity
G e n e ra l ] Log O n [ R e c o v e r y [ A g e n t [ T ra p s
@
D e p e n d e n c ie s
S e n d a u th e n ticatio n trap
A c c e p t e d com m unity n a m e s
Com m unity
Rig hts
Ad
d ...
Edit
Remove
D A c c e p t S N M P p a c k e t s from a n y host
IP Monitor and
alert in real tim e
on netw ork
availability and
health w ith tools
including RealT im e Interface
Monitor, SNMP
R eal-Tim e Graph,
and Advanced
CPU Load
SNMP Service Configuration
Com m unity rights:_____________________________
!r ea d o n ly
[“ “
^1
Cn e
acl
C om m unity N am e :
|public
L e a m m ore ab o u t S N f f lP ־
O
K
Cn e
acl
Ap
p ly
FIGURE 5.2: C
onfiguringSNMP S rv e
e ic s
4.
Select A ccept SNMP packets from any host, and click OK.
SNMP Service Properties (Local Computer)
G e n e ra l
0
Log O n
R eco v ery
Agent
rap s
|
־T l
| Z- ep en aencies
S e n d au th e n ticatio n trap
A c c e p t e d com m unity n am es
®
O
c c e p t S N M P p a c k e t s from a n y host
A c c e p t S N M P p a c k e t s from t h e s e h osts
L e a m m ore ab o u t S N M P
O
K
C E H Lab Manual Page 293
Cn e
acl
Ap
p ly
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 29. M odule 04 - Enum eration
FIG U RE 5.3: setting SNMP Services
5. Install SolarWinds-Toolset-V10, located 111 D:CEH-ToolsCEHv8 Module
04 EnumerationSNMP Enumeration ToolsSolarWind’s IP N etw ork
Browser.
6. Launch the S ta rt menu by hovering the mouse cursor on the lower-left
corner of the desktop.
FIGURE 5.4: W
indow S
s erver 2012—
Desktopview
& Perform robust
network
diagnostics for
troubleshooting
and quickly
resolving complex
netw ork issues
w ith tools such as
Ping Sweep, DNS
Analyzer, and
Trace Route
7. Click the W o rksp ace
Studio window.
S
t a
Studio
app to open the SolarW inds
A d m in is t r a t o r ^
r t
Server
Manager
IL
Computer
Windows
PowerShel
Google
Chrome
IT
Control
Panel
£
Hyper-V
Manager
Workspace
Studio
m
*
f t
Hyper־V
Virtual
Machine...
SQL Server
Installation
Center...
Mozilla
Firefox
ProxySwiL.
Standard
?
Command
Prompt
InternetEx lo
p rer
W orkspace
ז ז
F3
<©
1ft
Global
Network
Inventory
Nmap Zenmap
GUI
I I
O
FIGURE 5 W
.5: indow S
s erver 2012— pps
A
6.
The main window of SolarWinds W orkspace Studio
is shown in the
following figure.
C E H Lab Manual Page 294
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 30. M odule 04 - Enum eration
’ י * "!ם
SolarWinds Workspace Studio
File
Tabs
Yiew
Devices
Add New De/ice..
Interfaces
External Tocls
*
A
Interface Chart
^ ^ I
t
G g Started *
ettin
*
Compare Engineer s Toolset- I
Help
Manage SNMP Credentials © Manage Tehec/SSH Credentials
!5 Switch Poit Mapper _ Telnet/SSH
S
Gadgets
Settings... Q Page Setup...
•‘^N ew Tab £5 ׳Save Selected Tabs
VI
xI
I*
■
O SETTINGgSWORKSPACE STUDIO COESTT HAVETO EE SCARY
GttinUPtarte
e
d
Devices
GrojpDy. Gftxp Kane ״
rSar«G
aa
TraceRoute
Step 1 - Register the ne:wori devices you wcuH iieto montor.
^ ^
EM ] ד
Add Device
£ בCevices
P 1 Recently ts e o
Step 2 - Drag gadgets fromthe explorer at feft to this w 3rtspace and associate them with a device.
Step 3 - Add tabs to create grojps cf gadgets 0* aganze then any way you wart.
[ 0 ofC0t¥<*(s)seated
_ Sfow Q U n*rr*s
QO
| E>t::re־
¥ X
O OTHreHlpRCC3TOOCTYOU :
MERRE30U
o e
'• ׳Gadgets
Mcn<o1
־ng
d Q
0
Memory Gauges
M O ST T IC TO O EO TW H STS
EM RY A IST C R N R O O
...
♦ CllCPUandMerroY
ץm m.et^ace Chart
- I
II
<
ln!ef*aee Gauge
£
T
>
TFTP Service
___
Interface Table
C
lear
Status ־R n in
un g
[»L Tdt»
If,
Id
New Tab & L
Setrin
as
Gadgets
Evert Viewer TFTP Service
*>■ Dday: 2
C seconds
FIGURE 5.6S larw w
o inds orkspace stu iom w
d ain indow
7. Click External Tools, and then select Classic tools
-> N etw ork Discovery
-> IP N etw ork Browser.
T=TO
SolarWinds Workspace Studio
File
Tabs
View
Devices
g f? Add New Dcvicc...
B Deploy an array of
network discovery tools
including Port Scanner,
Sw Port Mapper, and
itch
Advanced Subnet
C
alculator.
S Switch P a t Mapper
S
Interfaces
Gadgets [ ״Extcma^ools
Manage SNMP Credentials
^ , Telnet/SSH
fj
ul Interface Chart
u
j
׳etting Startedl
O
Groupb GnupNane *
y:
I Help
Create New External Tod...
Remote Dcsrtoo
C gs /WORKSPACE STUDO OOESNT HAVE TO
cttin L
SETTING J P
St6p 1 - Register the network devices you wouH l*e te n
כof D ce(s) seecte:
dev
1^NewTob
.
,
Save Selected Tabs
________________
U E 2
IP Address Management
10311 |
a
LdunchPad
Network Monitoring
Step 2 - Drag gadgets frcm the explorer at lei tc this wort
in
Cisco Tools
Network Discovery
f^l Devices
P 1Recently Jsed
ngj.« Q Poge Setup...
Recently Used
] :£
It*)
Ping Diagnostic
Star cro^raiies
Security
Etui
Q
ti
d
a
■J
jt
Monitoring
IP Address Management
IP Network Browser
SWMP Tools
Step 3 - A(M taos :0 create groups or gacgets or orgarize
DNS Audit
^
|
MAC Address Discovery
Network Sonar
Ping
Ping Sweep
Port Scanner
SNMP Sweep
f o f ^ i CPU and Wenory
@
Subnet List
a i Interface Chart
"!
Switch Port Moppet
& interface Cauge
® ntefaceTaWe
TFTP Service
Statu* ׳Rjnning
gy
Clear
SHtma*
»*»י
| Step ]
Gadgets
Event Viewer TFTP Service
FIGURE 5.7: MenuE
scalationfor IP netw brow
ork
ser
8.
IP N etw ork Browser will be
shown. Enter die Windows 8 Virtual Machine
and click Scan Device ( the IP address will be
different 111 your network).
IP address (10.0.0.7)
C E H Lab Manual Page 295
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 31. M odule 04 - Enum eration
IP Network Brow
ser
1ST
P SolarWinds
Toolset
applications use
several methods
to co llect data
about the health
and perform ance
of your network,
including ICMP,
SNMPv3, DNS and
Syslog. Toolset
does NOT require
deployment of
proprietary
agents,
appliances, or
garden gnomes
on the network.
פי
t□
Nevr
Re :tart
ט
Export
m
%
Prin־
Copy
*
•
Copy
Stop
m
Zoom
Ping
♦
0 1^
Settings
3
Trace
Config
0
Telnet
ף
Surf
Help
IP Network Browser
S c a n a S in g le D e v ic e ___________
3־
3 '
S c a n a Su b n et
jd
. ן
Subnet Address
1 5 .2 5 5 .0
2 5 5 .2 5
Subnet Mask
•Scan Suhnel
Scan an IP Address Ranqe
פר
פר
Dcgining IP Addicss
tnding IP Addtess
E n g i n e e r ’s T o o ls e t v 1 0 - E v a l u a t i o n
FIGURE 5 IP NetworkB serw
.8:
row indow
s
9. It will show die result 111 a line with die IP address and name ot die
computer diat is being scanned.
10. Now click the Plus (+) sign before die IP address.
״ ז י
File Edit
& NetFlow
R ealtim e is
intended for
granular, real-tim e
troubleshooting
and analysis of
N etFlow statistics
on single
interface and is
lim ited to a 1 hour
capture
®
NeA׳
1-
IP Network Browser [ 10.0.0.7 J
Nodes
MBs
Discovery
y
Restart
m
E>port
Print
Subnet
4
Copy
View
%
Copy
O
X
Help
•
Stop
j
*
Zoom |
»י
Ping
1
Telnet
Trace
@
Confg
A
e
Surf
rf
Setting:
f
Help
A
vo
n
A
0■ ,A/
o
V
< ^4 y ־
k ^ 4 y
A
>*> ■ ן
£
/ / /
A oV
|
o
v<y
J
r J?
j&
4 eV
< & */
w
V -׳•
V*
Y
./־
(IS *
A U
&
,יי
3 / י
r r
*
J?
S Jbre* Scan Ccmoteed
FIGURE 5 IP NetworkB serw
.9:
row
indow re u p e
s s lts ag
11. It will list all die information ot die targeted IP address.
C E H Lab Manual Page 296
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 32. M odule 04 - Enum eration
Edit
Node*
MlBs
y
Export
&■ To start anewtab, go
to ‘tabs’ on the m bar
enu
and choose ‘newtab.’
Right-click on a tab to
bring up options (Import,
Export, Renam S
e, ave,
Close). You can add tools
to tabs from the G
adgets
bos in the lower left or
directly from the gadgets
m
enu. A good way to
approach it is to collect all
the tools you need for a
given task (troubleshooting
Internet connectivity, for
exam on one tab. Next
ple)
tim you face that situation
e
sim open that tab
ply
Discovery
Subnet
%
m
Print
Copy
View
Copy
Help
• *
Stop
Zoom
0
}
Ping
s
Telnet
&
Tra<«
' *־ ם
-ן
IP Network Browser [ 100.0.7 J
File
Config
Surf
s
f
Setting!
ST
J j S*3ten Naxw: WDI-D39MP5HL9E4
D escription: Harcware: In tel64 Family 6 Hcdel 42 .
J
Ti
a t !-:. ־ ״ ״ ־
-eppinc 7 AI/&T CCMPAIIBLI - Softwar! : W
indow Version S.2 (Build 6
s
4^
qp
^
J J s y s O b ;c « rD : 1 . 3 . 6 . 1 . 4 . 1 . 3 1 1 . 1 . 1 . 3 . I . 2
0 Last Boot: 9/5/2012 9:13:49 AM
Router (will forvard IF packets ?) : N
o
vO
%
Adirlnittritor
C Cuh:
A
f i UM5*JAaC.ll USSR
A tn a
Shared D iln t t n
1- <!ל׳
■
ט
O'
A oV
V
s i? A>
.<
ז
TC9/ZF ^•cworks
IPX hvcworic
-E ^ 0.0.9.0
£ < :0 0o
$ .0
>
S 3> 10.0.0.7
ti:
10.0.0.26S
S ^ 127.9.0.0
E ^ 127.9.0.1
♦ <> 127.266■256.266
$
1
׳
Is מי
*
^
1
J?
25 a
5
255.255
255.255
K%°^
4
C*
a rV*
'S >
SjtrelSc4r ComptetiC
FIGURE 5.10: IP NetworkB serw
row
indow re u p e
s s lts ag
La b A n a ly sis
Analyze and document die results related to die lab exercise.
Tool/Utility
Information Collected/Objectives Achieved
Scan Device IP Address: 10.0.0.7
Output:
■ Interfaces
■ Services
SolarWinds Tool
■ Accounts
Set
■ Shares
■ Hub Ports
■ TCP/IP Network
■ IPX Network
■ Routes
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S
R E L A T E D TO T H I S L A B .
Q uestio ns
1. Analyze die details of die system such as user accounts, system MSI,
hub ports, etc.
C E H Lab Manual Page 297
Etliical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 33. M odule 04 - Enum eration
2. Find the IP address and Mac address of the system.
Internet Connection Required
□ Yes
Platform Supported
0 Classroom
C E H Lab Manual Page 298
0 !Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited.
- 34. M odule 04 - Enum eration
E n u m e r a tin g t h e S y s t e m U s in g
H yen a
H y e n a u ses a n E x p lo r e r -s ty k in terfa ce f o r a ll operations, in clu d in g rig h t m o u se click
p o p - ip c o n te x t m e n u s f o r a ll objects. M a n a g e m e n t o f users, g ro u p s (b o th lo ca l a n d
g lo b a l), shares, d o m a in s, com puters, services, devices, events, file s , p r in te r s a n d p r in t
jo b s , sessions, open file s , d is k space, u se r rights, m essaging, e x p o /tin g , j o b scheduling,
processes, a n d p r in tin g a re a ll su p p o /ted .
I C ON
La b S cen ario
KEY
/ Valuable
information
' Test your
____ knowledge______
m Web exercise
£Q Workbook review
The hacker enumerates applications and banners 111 addition to identifying user
accounts and shared resources. 11 tliis lab. Hyena uses an Explorer-style interface
1
for all operations, management of users, groups (both local and global), shares,
domains, computers, services, devices, events, files, printers and print jobs, sessions,
open tiles, disk space, user nghts, messaging, exporting, job scheduling, processes,
and printing are all supported. To be an expert ethical hacker and penetration tester,
you must have sound knowledge of enumeration, which requires an active
connection to the maclune being attacked.
La b O b jectives
The objective of this lab is to help students learn and perform network
enumeration:
■ Users information 111 the system
■ Services running 111 the system
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 04
Enumeration
C E H Lab Manual Page 299
La b Environm ent
To perform the lab, you need:
■ A computer running Windows Server 2012
■ Administrative privileges to install and run tools
■ You can also download tins tool from following link
http: / / www. svstemtools.com/hvena/download.htm
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 35. M odule 04 - Enum eration
■ If you decided to download latest version of dns tool screenshots may differ
La b Duration
Time: 10 Minutes
O verview of Enum eration
Enumeration is die process of extracting user names, machine names, network
resources, shares, and services from a system. Enumeration techniques are
conducted 111 an intranet environment
La b T a s k s
The basic idea 111 diis section is to:
1.
E
t a s k
Navigate to D:CEH-ToolsCEHv8 Module 04
EnumerationNetBIO
Enumeration ToolsHyena
1
Double-click Hyena_English_x64.exe. You can see die following window.
Click N ext
Installation of
Hyena
H y e n a v 9 .0 - In s t a llS h ie ld W i z a r d
ca
You can download
die Hyena from
http://u vv.syste ools
n1
mt .com
/hyena/hyena_ne1v.htm
FIGURE 6.1 InstallationofH
:
yena
3.
4.
C E H Lab Manual Page 300
The S o ftw a re L icense A g re e m e n t window appears, you must accept
the agreement to install Hyena.
Select I a c c e p t
click Next.
th e term s o f th e licen se a g re e m e n t
to continue and
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 36. M odule 04 - Enum eration
FIGURE 6.2: S dieA
elect
greem
ent
5.
Choose die destination
6.
Click Next to continue the installation.
location
to install Hyena.
x
H y e n a v 9 .0 ־In s t a llS h ie ld W i z a r d
Choose Destination Location
Sle tfo e we stu w inta file.
e c ldr hre e p ill s ll s
m In addition to
supporting standard
W
indows system
m
anagem functions,
ent
Hyena also includes
extensive Active Directory
integration
In llHe av .0to
sta yn 9 :
C rora F y a
:P g m iesHen
Change...
FIGURE 6 : S
.3 electin folder for in
g
stallatio
n
7.
C E H Lab Manual Page 301
The Ready to
install the Program
window appears. Click Install
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 37. M odule 04 - Enum eration
r
H y e n a v 9 .0 - I n s t a l l S h i e l d W i z a r d
—
ן
Ready to Install the Program
The wizard is ready to begin installatic
C kInta tobg th inta tio
lic s ll e in e s la n
Ify uwn tore ie o c a g a ye y u re lia nsttins c kBc . C kCne toeitth
o a t v w r h n e n r or ta tio e g, lic a k lic a c l x e
f
wa .
iz rd
ILU Hyena can be used on
anyW
indows client to
m
anage anyW
indows NT,
W
indows 2000, W
indows
XP/Vista, W
indows 7, or
W
indows Server
2003/2008/2012
installation
FIGURE 6.4: sele tin installatio type
c g
n
8.
The InstallShield Wizard complete window appears. Click Finish ro
complete die installation.
InstallShield Wizard Complete
T eInta h ldWa hss c e s l inta dHe av .0 C kF is toeitth wa .
h s llSie iz rd a u c s fu s le y n 9 . lic in h x e iz rd
FIGURE 6.5: R toinstall w
eady
indow
Enumerating
system
Information
C E H Lab Manual Page 302
9.
Launch the S tart menu by hovering the mouse cursor 011 the lowerleft corner of the desktop.
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 38. M odule 04 - Enum eration
FIGURE 6.6: W
indow Seiver 2012—
s
Desktopview
& Hyena also
includes full
exporting
capabilities and
both Microsoft
Access and Excel
reporting and
exporting options
10.
Click the Hyena app to open the Hyena window.
FIGURE 6.7: W
indow S
s erver 2012— pps
A
11. The Registration window will appear. Click OK to continue.
12. The main window of Hyena is shown 111 following figure.
C E H Lab Manual Page 303
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 39. M odule 04 - Enum eration
13. Click + to expand Local workstation, and then click Users.
J
’ י ם ' ־
H y e n a v9 .0
x
ף־
H Eit W To H
e d e ols e
w
lp
c a Additional
command-line options
were added to allow
starting Hyena and
automatically inserting
and selecting/expanding
a domain, server, or
computer.
- Jfr W -D9 RH94(LclW sta n
1 3M5 LE oa o tio)!
N
rk
j 5 £1 D e
rivs
j g £"LclCn e tio s
oa o nc n
- cygSU
♦ E Am istra r
d in to
4 C Ge
ust
4 C Ja n(Ja n
so so)
&CJu g b y(Jugby
g y o gyo)
&£ M (M )
a a
rtin rtin
♦ CSie (Sie )
h la h la
♦J1 LclG us
oa rop
> ־P te
' rin rs
^♦׳Sa s
hre
8־Sssios
e n
& Oe F s
pn ile
£ Srv e
e ics
gp Dv e
eics
£ 4 >נvn
Eets
9 DkSae
is pc
j ' £ U rR h
±
se igts
I ♦9 Prfo a c
e rmne
, a Shd le Jos
ceu d b
: ± £ Rg
eistry
j .
WI
M
+^ Ete rise
n rp
aa 11
Hyen a v9.0
6u r(s)fo n o ,W -D9 RH94
se u d n 1 3M5 LE'
N
FIGURE 6.9: Expand the Systemu
sers
14. To check the services running on the system, double-click S ervices
H y e n a v9 .0 ־S e r v ic e s o n W W IN - D 3 9 M R 5 H L 9 E 4
R E« W To H
e d e ots e
w
lp
V *s & x » a :s [e ] o ^ v
■
- VIN 3M5 LE(LclW sta n
7 -D9 RH94 oa o tio)
rk
£ De
rivs
& LclCn e tio s
oa o nc n
I £ Urs
se
. c Am istra r
d in to
♦ C Ge
ust
| 5 c Ja n(Ja n
so so)
♦ CJu g b y(Jugby
g y o gyo)
^ C M (M )
a a
rtin rtin
♦ C Sie (Sie )
h la h la
♦ “ LclG us
5 oa rop
g 4^ P te
rin rs
fiQ Sa s
f hre
S" Sssios
e n
iL Qen les
J ph
•
Lj&EEZaU
2PDv e
eics
B Eets
E vn
O DkSae
is pc
S S U rR h
se igts
*9 Prfo a c
e rmne
I ♦ 0 Shd le Jos
ceu d b
Rg
eistry
i & WM
I
♦^ Ete n
n rpse
K w .sy m o o
//w w ste to ls.c m
■! ■1y b «
33
!
aa
Services on W W IN - D 3 9 M R 5 H L 9 E 4
Name________________ Display Nam e_________ Status______
$ ־dbAMrv e Ao eAro a U...
5Aoe R se ic d b c bt p
{ ALouSc Ap a nEprie
}נe okp v
plictio xe ...
Ap a nLyrG
plictio ae ...
© ALG
©A se sta gn WdwA se I.
IIU rin llAet ino s ll-U r ..
Ap a nHstH
plictio o ...
©Ap o v
pHstSc
Ap a nIdn
plictio e tity
©Ap Sc
plDv
Ap a nIn rm
plictio fo ...
©Ap fo
pin
Ap a nM a ...
plictio a g
n
$ ־Ap g t
5 pMm
©Ad Edo tB WdwAd E...
uio npm ... ino s uio n
©Ad srv
uio
WdwAd
ino s uio
®E
6F
BseF rin Eg e
a ilte g nin
0 IT
-B S
Bc g udIn llig
akron te ...
©B krln strut... Bc g udTsk I.
roe fra c akron a s ..
©B w r
ro se
Cmu rB w r
o p te ro se
©CrtP p v
e roSc
CrtificteP pg...
e a roa a
C MSste Ap
O ♦ y m p...
©O SsAp
C My p
0C vc
ryptS
C p g picSrv
ry tora h e i...
© co L n
D mau ch DO SrvrP c...
CMe e roe
©dfra sv
e gc
Otimed e
p iz rivs
©Dv e ssoia ... Dv eA ciatio ...
eicA c tio eic sso n
Rnin
un g
S pe
topd
S pe
topd
S pe
topd
Rnin
un g
S pe
topd
S pe
topd
Rnin
un g
S pe
to pd
S pe
topd
Rnin
un g
Rnin
un g
Rnin
un g
S pe
topd
S pe
topd
S pe
topd
Rnin
un g
Rnin
un g
S pe
topd
S pe
topd
16se icsfo n o ־WN 3 M5 LE1 5 ־o je ts
5 rv e u d n 1 -D9 RH9 4 /1 6 b c
FIGURE 6.10: Sendees running in the system
15. To check the U ser Rights, click + to expand it.
C E H Lab Manual Page 304
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 40. M odule 04 - Enum eration
°' ־r *
H y e n a v9 .0 - 3 D r iv e s o n A W IN - D 3 9 M R 5 H L 9 E 4 '
H Et VtcH To Hp
e d
ols d
y *3 a X * 3 ::: 5 ] Q SI
*
=
fl J »3ai fe E3 «
°
* C Ju g b y(Jugby
g y o gyo)
♦ C M (M )
a a
rtin rtin
± CSiela(Sie )
h h la
♦ ^ LclG us
oa rop
Pn rs
nte
+^ Sa s
hre
S ־e n
Sssios
j—
^ Oe F s
pn ile
Qb Srv e
e ics
Dv e
eics
fi& Eets
f vn
^ DkSae
is pc
g tsI
h
ft Bc u Oe to
akp pra rs
Urs§
se
Am istra rs§
d in to
Ee oe§
vryn
STb riv g (Ata prto th o e £
e c P ile e c s a f e pra
SMc mAc utP ile e(Adwrk &
e ah e con riv g d o
S SBc uP ile e(Bc u file a dd-,
t• e akp riv g ak p s n ii
iL SCa gNtify riv g (Bpsstra e
e hne o P ile e ya vr
SUso ite lnu riv g (SUso ii ^
e n lic d ptP ile e e n lic
SSste timP ile e(Ca g th sy £-|־
e y m e riv g hn e e s
-SC a Pgfile riv g (C a apg21
e rete a e P ile e rete a
SC a Tkn riv g (C a atoi ■ a
e rete o e P ile e rete k =
£
:
3 Drives on ־־W IN -D 3 9 M R 5 H L9 E 4 ־
־
Srvr *
e e ■ De
riv
© IN 3M... C
W -D9 R
© 1 -D9 R D
WN 3M...
© IN 3M... E
W -D9 R
3D e o " W -D9 RH94
rivs n W1 3M5 LE1
N
7 w .sy fn o o
w w ste tols.c m
Frmt
oa
NF
TS
NF
TS
NF
TS
Tta
ol
9.3 G
71 B
9.6 G
76 B
20 5G
7.4 B
Ud
se
8.1 G
75 B
2 0G
.9 B
1 0G
.7 B
^^^biects
FIGURE 6.11: U
sers R
ights
To check the Scheduled jobs, click + to expand it.
16.
J
H y e n a v 9 .0 - 77 t o t a l s c h e d u le d jo b s .
F E« W To H
ile d e ols e
w
lp
y * < x ♦ 3 :: |e | o ^ y
3צ
■
m
H
yenawill execu die
te
m current GroupPolicy
ost
editor, GPM sc, if it is
E.m
present onthe s
ystem
ft C Ju g b y(Jugby
g y o gyo)
♦ c M (M )
a a
rtin rtin
9 C Sie (Sie )
h la h la
♦$ LclG us
oa rop
& ^ P te
rin rs
£ £1 Sa s
hre
S' Sssios
e n
Oe F s
pn ile
9 Srv e
e ics
2PDv e
eics
ffi-AEets
vn
^ DkSae
is pc
ffi-S U rR h
se igts
EB Prfo a c
e rmne
|—] Shdle Jos|
fo c e u d b
- C Mro ft
0 ic so
Wdw
ino s
♦C .NTF mwrk
; ® E ra e o
ffi@Ativ D c ryR h Mngi
c e ireto igts a a e
♦ Ap
: pID
♦I®Ap a nEprie c
plictio xe ne
■ Ap a n a
plictioDta
♦j< Atoh
L u ck
9
y
A j .3;j r b «
a a [H o
7 7 t o t a l s c h e d u le d jo b s .
Srvr *
e e ■ Nm
ae
S tu
ta s
Ray
ed
0 IN 3 M... CIenrSip A
W -D9 R C ae k UC
0 IN 3 M... Gole pa Tsk a... Ray
W -D9 R og Udte a Mc ed
0 IN 3 M... Gole pa Tsk a... Ray
W -D9 R og Udte a Mc ed
0 IN 3 M... Gole pa Tsk se ... Ray
W -D9 R og Udte a U rS ed
0 IN 3 M... Gole pa Tsk se ... Ray
W -D9 R og Udte a U rS ed
5 IN 3M... OtimeS rtMn C... Ray
]W -D9 R p iz ta e u a ed
0 IN 3 M... .NTF mwrkNE ... Ray
W -D9 R E ra e o GN ed
0 IN 3 M... .NTF mwrkNE ... Ray
W -D9 R E ra e o GN ed
0 IN 3 M... A R SR h Plic T D b d
W -D9 R D M igts o y ... isa le
0 IN 3 M... A R SR h Plic T Ray
W -D9 R D M igts o y ... ed
D bd
isale
0 IN 3 M... Plic Cne r
W -D9 R o y ovrte
ed
0 IN 3 M... S a c e Seific Ray
W -D9 R mrtSren pc
e d ulishrCrtS ... isa le
n
S]W IN -D 39 M R ... V fie Pb e e to D b d
0 IN 3 M... A gn
W -D9 R itAe t
Ray
ed
ed
0 IN 3 M... P g ma Udte Ray
W -D9 R rora Dta pa r
Ray
ed
0 IN 3 M... S rtuAp a
W -D9 R ta p pTsk
0 IN 3 M... C a uTmo ry ta Ray
W -D9 R lenp e pra S te ed
0 IN 3 M... P x
W -D9 R roy
Ray
ed
♦ -3 Certif icateServicesClient
0 IN 3 M... Sste Tsk
W -D9 R y ma
Ray
ed
EB U S Chkdsk
Ray
ed
ffi^ Csto e Eprie c Imroe 0 IN 3 M... U rTsk
u mr xe ne p vm W -D9 R se a
h ://w w ste to ls.c m
ttp w .sy m o o
T grTp ^
rige ye
Mltip T c
u le rig
Dily
a
Dily
a
Dily
a
O Id
n le
Mltip T c
u le rig
ALgo
ton
ALgo
ton
AS rtu
t ta p
AS rtu
t ta p
Mltip T c
u le rig
Mltip T c
u le rig
6re istrye trie fo n o W1 -D9 RH 1/77o jets
g n s u d n W 3M5 L b c
N
FIGURE 6.12: Scheduled jobs
La b A n a ly sis
Analyze and document the results related to die lab exercise. Give your opinion 011
your target’s security״posture and exposure.
C E H Lab Manual Page 305
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 41. M odule 04 - Enum eration
Tool/Utility
Information Collected/Objectives Achieved
Intention : Enumerating the system
Output:
Hyena
■
■
■
■
■
■
■
■
■
■
■
Local Connections
Users
Local Group
Shares
Shares
Sessions
Services
Events
User Rights
Performance
Registry
יmn
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S
R E L A T E D TO T H I S L AB .
Internet Connection Required
□Y
es
Platform Supported
0 Classroom
C E H Lab Manual Page 306
0
No
0
!Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.