Anti-Hacker Tool Kit, Second Edition - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Anti-Hacker Tool Kit, Second Edition

Description:

... on the Windows NT,2000 and XP ... Make user that your windows 2000 and XP server are using NTLMv2 to avoid ... www.sysinternals.com/ntw2k/freeware/pstools.shtml ... – PowerPoint PPT presentation

Number of Views:137
Avg rating:3.0/5.0
Slides: 22
Provided by: insaCom
Category:
Tags: anti | edition | for | freeware | hacker | kit | second | tool | windows | xp

less

Transcript and Presenter's Notes

Title: Anti-Hacker Tool Kit, Second Edition


1
Anti-Hacker Tool Kit,Second Edition
  • Chapter 7,
  • Windows Enumeration Tools

2
Outline
  • Winfingerprint
  • GetUseInfo
  • Enum
  • PsTools

3
object
  • To demonstrate how to collect knowledge about
    remote computers for your own, oblique uses.

4
principle
  • IPC share (InterProcess communications)
  • a default share on the Windows NT,2000 and XP
  • It handles communication between applications on
    a single system or among remote systems.

5
  • Winfinger print pulls the most information
    possible across and IPC share.
  • The development builds support. SNMP enumeration,
    accessing the event log and delving into the
    Active Directory structure.

This lists the NetBIOS name of other systems that
have connected to the target. Many times this
helps narrow down a target list to BDCs,
databases, or administrator sytems
A complete service list tell you what programs
are installed and potentially acitve
Deduce the physical location of the server. The
servers local time is also useful when youre
trying to schedule remote jobs with the AT command
Lists each users system ID (SID)
The installed Hotfix
neighborhood
The type of server and its operating system
6
  • GetUserInfo

Get the account information of administrator
Bad passwords might be an indicator of a
brute-force attack. The password age might be an
indicator of old, unchanged passwords. The
number of logons indicator of how trafficked the
system is in relation to the account.
Every user on the system can be enumerated with
the dot character
7
  • ENUM
  • a console-based Win32 information enumeration
    utility.
  • Using null sessions, enum can retrieve userlists,
    machine lists, sharelists, namelists, group and
    member lists, password and LSA policy
    information.
  • enum is also capable of a rudimentary brute force
    dictionary attack on individual accounts

To gather user-related information
To gather server-related information
To enumerate the Local Security Authority (LSA)
information
Return a list of users, but also reveal file
shares
An excellent target for password guessing. We
also infer from the user list that Internet
Information Server (IIS) (IUSR_ALPHA,IWAM_ALPHA)
and Terminal Service (TsInternetUser) are
installed on the system.
The options return information about the target,
provided the IPC share is available over port
139 or port 445. It established connections over
a NULL share (anonymous user)
8
The administrator account has no password
  • ENUM

Note Many organizations rename the Administrator
account, and then rename the Guest account to
Administrator. the impatient hacker who doesnt
find the true administrator will be wasting her
time
9
  • What sets these tools apart is that they all
    allow you to manage remote systems as well as the
    local one.
  • The pre-requisites for using these tools
  • Proper user credentials
  • The Server service must be started on the
    target system. The NetLogon service helps pass
    credentials across the domain.
  • The RemoteRegistry service is used for certain
    function such as PsInfos hotfix enumeration.
  • The IPC share must be available.
  • Make user that your windows 2000 and XP server
    are using NTLMv2 to avoid sniffing attacks

10
PsFile shows files opened remotely
see the opening connection on remote server
service
Close a connection based on the ID
11
PsLoggedOn see who's logged on locally and via
resource sharing
Users Logged on locally
Users Logged on via resource shares
12
PsGetSid display the SID of a computer or a user
Get the account SID from remote host
Get another account SID from remote host
13
PsInfo list information about a system
List system information include hotfix
A batch file makes this system enumeration easy
14
PsService view and control services
Useage of PsService
15
PsList list detailed information about processes
Filter string start with iexplore
Displays each process and its threads in a tree
format
16
PsKill kill processes by name or process ID
17
PsSuspend suspends processes
To Resume a process
18
PsLogList dump event log records
Any of the three event logs, application,
security, or system can be viewed
Filter events based on one of five types Warning
(w), Information (i), Errors (e), Audit Success,
and Audit Failure.
Retrieve event After and Before the supplied data
in the mm/dd/yy format
Clear the logfile after it has been dumped
19
PsExec execute processes remotely
By default, PsExec works from the
SYSTEMROOT\system32 directory.
Display remote host network configuration
You must have access to the ADMIN share and
proper credentials for this tool to work
20
PsShutdown shuts down and optionally reboots a
computer
Usage of Psshutdown
21
Reference
  • Winfingerprint
  • http//winfingerprint.sourceforge.net/
  • GetUserInfo
  • http//www.joeware.net/win32/index.html
  • enum
  • http//razor.bindview.com/tools/desc/enum_readme.h
    tml
  • PsTools
  • http//www.sysinternals.com/ntw2k/freeware/pstools
    .shtml
Write a Comment
User Comments (0)
About PowerShow.com