Friday 13 January 2017

Data Enumeration phase in ethical hacking


Reference: Ethical Hacking and Penetration with Kali Linux


What is data enumeration?

One of the first phases of Ethical Hacking is to now extrapolate data such as usernames, computer names, network share, and more. Some use-cases below:

  • Grabbing detailed system specific information about the systems, networks and hosts
  • Utilized various techniques that aren’t defined as exploits
  • Non-Intrusive way tgain valuable technical information
  • Information include:
    • SNMP communities, MIB specific information
    • Usernames and Groups
    • Advertising Services such as Master Browser

Some common methods of data enumeration are below:


SNMP Enumeration

  • Default community string for most of the devices is ‘public’
  • The public string could have various permissions tget the information
  • MIBs contain extensive system specific information which can be gained
  • Kali Linux can be used for number of SNMP tests



DNS Zone Transfers

  • DNS service is the core name resolution service for any organization
  • DNS servers use lookup and zone transfers synchronize the records between themselves
  • Linux BIND and Microsoft DNS are the most common DNS servers
  • Zones are owned by DNS servers and if they allow the zone transfer you can get a complete list of DNS records which can identify all hosts on the network
  • Nslookup provides simple name resolution testing interface
    • Can be used for on-the-fly zone transfers
    • Zone transfers can footprint an entire network with ease
    • Example: This below return all the DNS records (Need tbe allowed by primary DNS server)
      • nslookup
      • >set type=any
      • >set type=ALL
      • >ls -d “yourdomain.com”

Windows Null Sessions

  • Microsoft Windows uses SMB (Server Message Block) for data sharing and advertisement of services
  • Alternatively CIFS can be used as non-windows replacement
  • Null sessions are established by using a ‘null’ user account
  • Null sessions can be used tenumeration system information
  • Example of connecting ta Windows machine using null account:
  • NETBIOS Enumeration
    • Netbios operates with or without a WINS server
    • Its operation is primarily based on broadcast
    • It relies on advertisement
    • Advertisements include services, roles, drives
    • Netstat can be used tenumeration information
    • NBTScan is another command tool
    • Example: 
    • (On Kali Linux)
      • nbtscan 192.168.1.130
      • ./smbgetserverinf-I 192.168.1.130
      • ./smbdumpusers -I 192.168.1.130 -v
    • (On Windows)
      • nbtstat -a 192.168.1.130
      • Active Directory Extraction
      • Uses LDAP protocol
      • Ldp.exe is a simple LDAP client
      • Authenticate with Guest or npermissions at all

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)