![CEH v8 Labs Module 04 Enumeration PDF [PDF]](https://pdfs.asia/img/200x200/ceh-v8-labs-module-04-enumeration-pdf.jpg)
5 0 1 MB
CEH Lab M anual
E n u m e ra tio n M
o d u le
0 4
E n u m e r a tio n E n u m e r a tio n is th e p ro ce ss o f e x tra c tin g u se r nam es, m a ch in e nam es, n e tiro rk resources, shares, a n d services fr o m a system . E n u m e r a tio n is co nd ucted in a n in tr a n e t en viro n m en t.
I C ON
KEY
/ Valuable information y ״Test your knowledge —
Web exercise
m
Workbook review
La b S cen ario Penetration testing is much more than just running exploits against vulnerable systems like we learned 111 the previous module. 111 fact a penetration test begins before penetration testers have even made contact with the victim systems. As an expert ethical hacker and penetration te s te r you must know how to enum erate target netw orks and extract lists o f computers, user names, user groups, ports, operating systems, machine names, network resources, and services using various enumeration techniques.
La b O b jectives The objective o f tins lab is to provide expert knowledge 011 network enumeration and other responsibilities that include: ■ User name and user groups ■ Lists o f computers, their operating systems, and ports ■ Machine names, network resources, and services ■
Lists o f shares 011 individual hosts 011 the network
■ Policies and passwords & Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 04 Enumeration
La b Environm ent To earn ־out die lab, you need: ■ Windows Server 2012 as host machine ■ Windows Server 2008, Windows 8 and Windows 7 as virtual machine
■ A web browser with an Internet connection ■ Administrative privileges to nm tools
La b Duration Time: 60 Minutes
O verview of Enum eration Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted 111 an intranet environment.
C E H Lab Manual Page 267
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
TASK
1
Overview
La b T a s k s Recommended labs to assist you 111 Enumeration: ■ Enumerating a Target Network Using Nm ap Tool ■ Enumerating NetBIOS Using the S uperScan Tool ■ Enumerating NetBIOS Using the N etB IO S
E nu m erato r Tool
■ Enumerating a Network Using the S o ftP e rfe c t ■ Enumerating a Network Using SolarW inds
N e tw o rk S canner
T oo lset
■ Enumerating the System Using H yena
La b A n a ly sis Analyze and document the results related to die lab exercise. Give your opinion on your target’s security posture and exposure.
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S LAB.
C E H Lab Manual Page 268
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
E n u m e r a tin g a T a r g e t N e t w o r k U s in g N m a p E n u m e ra tio n is th e p ro ce ss o f e x tra c tin g u se r nam es, m a ch in e nam es, ■nehvork resources, sha res, a n d services fr o m a system .
I C ON
KEY
1._ Valuable information s
Test vour knowledge
OT Web exercise c a Workbook review
La b S cen ario 111 fact, a penetration test begins before penetration testers have even made contact with the victim systems. During enumeration, information is systematically collected and individual systems are identified. The pen testers examine the systems in their entirety, which allows evaluating security weaknesses. 111diis lab, we discus Nmap; it uses raw IP packets 111 novel ways to determine what hosts are available on die network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet biters/firewalls are 111 use, it was designed to rapidly scan large networks. By using the open ports, an attacker can easily attack the target machine to overcome this type of attacks network filled with IP filters, firewalls and other obstacles.
As an
and penetration tester to enum erate a target and extract a list ot computers, user names, user groups, machine names, network resources, and services using various enumeration techniques. expert ethical hacker
netw ork
La b O b jectives The objective ot tins lab is to help students understand and perform enumeration on target network using various techniques to obtain: ■ User names and user groups ■ Lists of computers, their operating systems, and the ports on them ■ Machine names, network resources, and services ■ Lists of shares on the individual hosts on die network ■ Policies and passwords
C E H Lab Manual Page 269
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 04 Enumeration
La b Environm ent To perform die kb, you need: ■ A computer running Windows Server 2 008 as a virtual machine ■ A computer running with Windows Server 2 0 1 2 as a host machine ■ Nmap is located at D:\CEH-Tools\CEHv8
Module 04 Enumeration\Additional Enumeration Pen Testing Tools\Nmap
■ Administrative privileges to install and mil tools
La b Duration Time: 10 Minutes
O verview of Enum eration Take asnapshot (a type of quick backup) of your virtual machine before each lab, because if somethinggoes wrong, you can go back to it.
Enumeration is die process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted 111 an intranet environment
La b T a s k s The basic idea 111 dns section is to: ■ Perform scans to find hosts with NetBIOS ports open (135,137-139, 445) ■ Do an nbtstat scan to find generic information (computer names, user names, ]MAC addresses) on the hosts ■ Create a Null Session to diese hosts to gain more information ■ Install and Launch Nmap 111 a Windows Server 2012 machine TASK
1
1. Launch the S ta rt menu by hovering the mouse cursor on the lower-left corner of the desktop.
Nbstat and Null Sessions
■ 3 W in d o w s Se rv er 2012 winaowsbtrvw tt)׳>׳Ke* n b ts t a t
m Nmap has traditionally been a command-line tool run from aUNIX shell or (more recendy) aWindows command prompt.
L o c a l A re a C o n n e c tio n 2 : Node I p A d d r e s s : [ 1 0 . 0 . 0 . 3 ] N e tB IO S
R e m o te
Nane W IN - D 3 9 M R S H L9E 4 WORKGROUP
W IN -D 3 9 M R 5 H L 9 E 4 < 2 0 > MAC A d d r e s s
= D . J l. A
-A
1 0 .0 .0 .?
_x * —
S cope
Id :
M a c h in e
[I
Name T a b l e
Type
S ta tu s
U N IQ U E GROUP U N IQ U E
R e g is te re d R e g is te re d R e g is te re d
M
J1_-2D
C :\U s e r s \A d n in is tr a to r >
zl FIGURE 1.5: CommandPrompt withdienbtstat command
11. We have not even created a null session (an unaudienticated session) yet, and we can still pull tins info down. 3
task3
12. Now c re a te a null session.
C reate a Null Session
C E H Lab Manual Page 272
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
13. 111the command prompt, type n e t use \\X .X .X .X \IP C $ /u:”” (where X .X .X .X is die address of die host machine, and there are no spaces between die double quotes). cs.Administrator: C o m m a n d Prompt
H
C:\'net use \\10.0.0.7\IPC$ ""/u:"" L ocal name Renote name W10.0.0.7\IPC$ Resource type IPC Status OK # Opens 0 tt Connections 1 The comnand completed successfully.
& Net Command Syntax: NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]
C:\>
FIGURE 1.6: The commandprompt withthenet usecommand
it by issuing a genenc n et sessions from your host.
14. Confirm
15. To confirm, type n et session.
use,
use
command to see connected null
which should list your new ly
c re a te d
null
FIGURE 1.7: The commandprompt ,withthenet usecommand
La b A n a ly sis Analyze and document die results related to die lab exercise. Give your opinion on your target’s security posture and exposure.
C E H Lab Manual Page 273
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
T o o l/U tility
In fo rm atio n C o lle c te d /O b je c tiv e s A chieved T a rg e t M achine:
10.0.0.6
135/tcp, 139/tcp, 445/tcp, 554/tcp, 2869/tcp, 5357/tcp, 10243/tcp
L ist o f O p e n P orts: N m ap
N e tB IO S R em ote m ach in e IP address:
10.0.0.7
Successful connection of Null session
O u tp u t:
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B .
Q uestio ns 1. Evaluate what nbtstat -A shows us for each of the Windows hosts. 2. Determine the other options ot nbtstat and what each option outputs. 3. Analyze the net use command used to establish a null session on the target machine. In te rn e t C o n n ectio n R equired □ Yes
0
No
P latform S upported 0 C lassroom
C E H Lab Manual Page 274
0
!Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
Lab
E n u m e r a tin g N e tB I O S U s in g t h e S u p erS ca n T ool S /tp e rS c a n is a T C P p o / t scanner, p in g e r, a n d resolver. T h e to o l's fe a tu r e s includ e e x te n siv e W in d o w s h o s t en u m era tio n ca p a b ility, T C P S Y N sca n n in g , a n d U D P scan ning .
I C ON
KEY
[£Z7 Valuable information
s —
m
Test your knowledge Web exercise Workbook review
La b S cen ario During enumeration, information is systematically collected and individual systems are identified. The pen testers examine the systems 111 their entirety; tins allows evaluating security weaknesses. 111 this lab we extract die information of NetBIOS information, user and group accounts, network shares, misted domains, and services, which are either running or stopped. SuperScan detects open TCP and UDP ports on a target machine and determines which services are running on those ports; bv using this, an attacker can exploit the open port and hack your machine. As an expert ethical hacker and penetration tester, you need to enumerate target networks and extract lists of computers, user names, user groups, machine names, network resources, and services using various enumeration techniques.
La b O b jectives The objective of tins lab is to help students learn and perform NetBIOS enumeration. NetBIOS enumeration is carried out to obtain: ■ List of computers that belong to a domain ■ List of shares on the individual hosts on the network ■ Policies and passwords
C E H Lab Manual Page 275
Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
La b Environm ent & Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 04 Enumeration
To earn* out die k b, von need: ■
SuperScan tool is located at D:\CEH-Tools\CEHv8 Module 04 Enumeration\NetBIOS Enumeration Tools\SuperScan
■ You can also download the latest version of SuperScan from tins link http://www.mcatee.com/us/downloads/tree-tools/superscan.aspx ■
A computer running Windows Server 2012 as host machine
■
Windows 8 running on a virtual macliine as target machine
■ Administrative privileges to install and run tools ■ A web browser with an Internet connection m You can also download SuperScan from http:/ / www.foundstone.co
La b Duration Time: 10 Minutes
O verview of N etB IO S Enum eration 1. The purpose ot NetBIOS enumeration is to gather information, such as: a.
Account lockout threshold
b. Local groups and user accounts SuperScanis not supported byWindows 95/98/ME.
c. Global groups and user accounts 2. Restnct anonymous a.
bypass
routine and also password checking:
Checks for user accounts with blank passwords
b. Checks for user accounts with passwords diat are same as die usernames 111 lower case
La b T a s k s m. T A S K
1
1.
Double-click the S uperS can4 file. The SuperScan window appears.
Perform Enumeration
C E H Lab Manual Page 276
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
m Windows XP Service Pack 2 has removed raw sockets support, which nowlimits SuperScan and many other network scanningtools. Some functionality can be restored byrunning the net stop SharedAccess at the Windows command prompt before starting SuperScan.
isJ SuperScan features: Superior scanning speed Support for unlimited IP ranges Improved host detection usingmultiple ICMP mediods TCP SYN scanning UDP scanning (two mediods)
2.
Click the Windows Enumeration tab located on the top menu.
3.
Enter the Hostname/IP/URL 111 the text box. 111 this lab, we have a W indows 8 virtual machine IP address. These IP addresses may van 111 ׳ lab environments.
4.
Check the types o f enum eration you want to perform. Now, click Enumerate. %
>^Tx
Scan | HostandServiceDiscovery| ScanOptions| Tools | WndowsEmmerahon~|About | Hostname/IP/URL 10008 | Enumerate | Options... | EnumerationType
IP address import supporting ranges and CIDR formats Simple HTML report generation Source port scanning Fast hostname resolving Extensive banner grabbing Massive built-in port list description database IP and port scan order randomization
SuperScan 4.0
o
Clear
0 NetBIOSNameTable 0 NULLSession 0 MACAddresses 0W orkstationtype 0 Use»s 0 Groups 0 RPCEndpointDump 0 AccountPolicies 0 Shares 0 Domains 0 RemoteTmeofDay 0 LogonSessions 0 Drives 0 TrustedDomains 0 Services 0 Registry
A collection of useful tools (ping, traceroute, Whois etc.) Extensive Windows host enumeration capability Ready
-J
FIGURE 2.2: SuperScan main windowwith IP address
C E H Lab Manual Page 277
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
6.
SuperScan starts en um erating the provided hostnam e and displays the results 111 the right pane o f the window. %־
You canuse SuperScan to performport scans, retrieve general network information, such asname lookups and traceroutes, and enumerate Windows host information, such asusers, groups, and services.
X
Su p erScan 4.0
'
Scan | HostandServiceDiscovery| ScanOptions| Tools WndowsEnumeration|About |
Hostname/IP/URL 10.0.0.8 Enumerate Options... NetBIOS information on 10.0.0.8 EnumerationType 0 NetBIOSNameTable 4 names in table W\NULLSession 0 MACAddresses ADM IN 00 U NIQUE Workstation service name W ORKGROUP 00 CROUP Workstation service name 0 Workstationtype A D M IN 20 U NIQUE Server services name 0 Users W ORKGROUP IE GROUP Group name 0 Groups 0 RPCEndpointDump M ACaddress 0 '£ 0 AccountPolicies Attempting a NULLsession connection on 10.0.0.8 0 Shares
s.
j?
0 Domains 0 RemoteT»neofDay 0 LogonSessions 0 Drives 0 TrustedDomains 0 Services 0 Registiy
on 10.0.0.8 Workstation/server type on 10.0.0.8 Users on 10.0.0.8 Groups on 10.0.0.8 RPCendpoints on 10.0.0.8 Entry 0
Ready
FIGURE 2.3: SuperScanmainwindowwith results
7. Wait for a while to c o m p le te the enumeration process. 8. A lter the com pletion o f the enumeration process, an E num eration com pletion message displays. %
Su p erScan 4.0
1 ^ 1 ° r
X
י
Scan | HostandServiceDiscovery| ScanOptions| Tools WndowsEnumeration[About |
Your scancan be configured in tire Host and Service Discovery and Scan Options tabs. The Scan Options tab lets you control such tilings as name resolution and banner grabbing.
Hostname/IP/URL 10.0.0.8 Enumerate | Options... | EnumerationType 0 NetBIOSNameTable Shares on 10.0.0.8 0 NULLSession 0M ACAddresses 0W orkstationtype Domains on 10.0.0.8 0 Users 0 Groups 0 RPCEndpontDum p Remote time of day on 10.0.0.8 0 AccountPofccies Logon sessions on 10.0.0.8 0 Shares 0 Domasis 0 RemoteTim eofDay Drives on 10.0.0.8 0 LogonSessions 0 Drives Trusted Domains on 10.0.0.8 on 0 TrustedDomains Services a> 0 0 Registry Remote services on 10.0.0.8
Clear M
Remote registry items on 10.0.0.8 Enumeration complete 11
✓י
Ready
Erase Results
FIGURE 2.4: SuperScanmainwindowwith results
9. N ow move the scrollbar up to see the results o f the enumeration.
C E H Lab Manual Page 278
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
10. To perform a new enumeration on another host name, click the Clear button at the top right of the window. The option erases all the previous results. 'IT
£Q SuperScan has four different ICMP host discoverymethods available. This isuseful, because while a firewall may block ICMP echo requests, it may not block other ICMP packets, such as timestamp requests. SuperScangives you die potential to discover more hosts.
03
Su p erScan 4.0
1 ^ ־ם
x י
Scan | HostandServiceDiscovery| ScanOptions| Tools WindowsEnumeration| About | Hostname/IP/URL 10008 Enumerate | j Oea, | Binding: ״ncacn_ip_tcp:10.0.0.8[49154]״ EnumerationType Object Id: ״00000000-0000-0000-0000-000000000000״ 0 NetBIOSNameTable Annotation: "X«ctSrv service" 0 NULLSession Entry 25 Interface: ״Ia0d010f-lc33-432c-b0f5-8cf4e8053099" ver 0 MACAddresses 1.0 0 Workstationtype B inding: "ncacn_np:10.0.0.8[\\PIPE\\at*vc]" 0Use»s Object Id: "00000000-0000-0000-0000-000000000000״ 0 Groups Annotation: ״IdSegSrv ■trvic•" 0 RPCEndpointDum p Entry 26 Interface: ״Ia0d010f-lc33432־c־b0fS8־cf4a3053099" ver 0 AccountPofccies 1.0 0 Shares B inding: "ncacn_ip_tcp:10.0.0.8[49154]״ 0 Domans Object Id: ״00000000-0000-0000-0000-000000000000״ 0 RemoteTmeofDay Annotation: "IdSegSrv service" Entry 27 0 LogonSessions Interface: "880fd55e-43b9-lle0-bla8-cf4edfd72085" ver 0 Drives 1.0 0 TrustedDomains Binding: "ncacn_np:10.0.0.8[WPIPSWatsvc]" 0 Services Object Id: "00000000-0000-0000-0000-000000000000״ 0 Registry Annotation: "KAPI Service endpoint" Entry 28 Interface: "880fd55e-43b9-lle0-bla8-cf4edfd72085” ver 1.0 Binding: "ncacn_ip_tcp:10.0.0.8[49154]״ Object Id: ״00000000-0000-0000-0000-000000000000״ Annotation: ״KAPI Service endpoint" Entry 29 Interface: "880fdS5e-43b9-lle0-bla8-cf4edfd72085" ver
Ready
FIGURE 2.5: SuperScanmainwindowwithresults
La b A n a ly sis Analyze and document die results related to die lab exercise. Give your opinion on your target’s security posture and exposure. Tool/Utility
Information Collected/Objectives Achieved Enumerating Virtual Machine IP address: 10.0.0.8
SuperScan Tool
Performing Enumeration Types: ■ Null Session ■ MAC Address ■ Work Station Type ■ Users ■ Groups ■ Domain ■ Account Policies ■ Registry Output: Interface, Binding, Objective ID, and Annotation
C E H Lab Manual Page 279
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B .
Q uestio ns 1. Analyze how remote registry enumeration is possible (assuming appropriate access nghts have been given) and is controlled by the provided registry.txt tile. 2. As far as stealth is concerned, tins program, too, leaves a rather large footprint in die logs, even 111 SYN scan mode. Determine how you can avoid tins footprint 111 the logs. Internet Connection Required □ Yes
0
No
Platform Supported
0
C E H Lab Manual Page 280
Classroom
0 !Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
3
E n u m e r a tin g N e tB I O S U s in g t h e N e tB I O S E n u m e r a to r T o o l E n u m e r a tio n is th e p ro cess o f p r o b in g id e n tifie d services f o r k n o w n w ea kn esses.
I C ON
KEY
/ Valuable information Test your knowledge g
Web exercise
m Workbook review
La b S cen ario Enumeration is the first attack 011 a target network; enumeration is the process of gathering the information about a target machine by actively connecting to it. Discover NetBIOS name enumeration with NBTscan. Enumeration means to identify die user account, system account, and admin account. 111 tins lab, we enumerate a machine’s user name, MAC address, and domain group. You must have sound knowledge of enumeration, a process that requires an active connection to the machine being attacked. A hacker enumerates applications and banners ni addition to identifying user accounts and shared resources.
La b O b jectives The objective of this lab is to help students learn and perform NetBIOS enumeration. The purpose of NetBIOS enumeration is to gather the following information: ■ Account lockout threshold ■ Local groups and user accounts ■ Global groups and user accounts ■ To restrict anonymous bypass routine and also password checking for user accounts with: & Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 04 Enumeration
C E H Lab Manual Page 281
•
Blank passwords
•
Passwords that are same as the username 111 lower case
La b Environm ent To earn ־out die lab, you need:
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
■ NETBIOS Enumerator tool is located at
D:\CEH-Tools\CEHv8 Module 04 E nu m eratio n \N etB IO S E num eration T oo ls\N etB IO S E num erator
■ You can also download the latest version of N etB IO S the link http:// nbtenum.sourceforge.11et/
E nu m erato r
from
■ If you decide to download the latest version, then screenshots shown m the lab might differ ■ Run tins tool in W indow s
S erver 2 0 1 2
■ Administrative privileges are required to nan this tool
La b Duration Time: 10 Minutes
O verview of Enum eration Enumeration involves making active connections, so that they can be logged. Typical information attackers look for 111 enumeration includes user account names for future password guessing attacks. NetBIOS Enumerator is an enumeration tool that shows how to use rem ote network support and to deal with some other interesting web techniques, such as SMB.
La b T a s k s
NetBIOS Enumerator
! f k j I P range to scan from: | t o :||
Scan
|
Clear
Settings
X
Performing Enumeration using NetBIOS Enumerator
1. To launch NetBIOS Enumerator go to D:\CEH-Tools\CEHv8 Module 04 Enumeration\NetBIOS Enumeration Tools\NetBIOS Enumerator, and double-click NetBIOS Enum erater.exe. ם
1
1
TASK
1
£
|
Your local ip: 10.0.0.7 W
[1 ...2 54 ]
Debug window A
m NetBIOS is designed to help troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.
\
לעב FIGURE 3.1: NetBIOS Enumerator mainwindow
C E H Lab Manual Page 282
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
2. In the IP range to scan section at the top left of the window, enter an IP range in from and to text fields. 3.
Click Scan.
m Feature: Added port scan GUI - ports can be added, deleted, edited Dynamic memory management
NetBIOS Enumerator IP range to scan fron :| 10.0.0.1 to | 10.0.0.501
Scan
Clear
T ZL^ 1 *
'
Settings
Your local ip: 10.0.0.7 W
[1 ...2 54 ]
Debug window
Threaded work (64 ports scanned at once)
m Network function SMB scanningis also implemented and running.
FIGURE 3.2: NetBIOS EnumeratorwithIP rangeto scan
4. NetBIOS Enumerator starts scanning for die range of IP addresses provided. m The network function, NetServerGetlnfo, is also implemented in this tool.
C E H Lab Manual Page 283
5. After the compledon of scanning, die results are displayed in die left pane of die window. 6. A Debug w indow section, located 111 the right pane, show’s the scanning of die inserted IP range and displays Ready! after completion of the scan.
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
NetBIOS Enumerator
a
f i ) IP rang e to scan
Scan
from :| 1 0 .0 .0 .1
]1 0 .0 .0 .7
to : | 1 0 .0 .0 .5 0
P
B ? 0
N etB IO S Names (3) ^
Q=* The protocol SNMP is implemented and running on all versions of Windows.
[1 ...2 5 4 ]
10.0.0.3 [WIN-ULY858KHQIP] |U
l~ 2 f
י
Settings
Your local ip:
W IN -U LY858KH Q IP - W orkstation Service
Debog window Scanning from: to : 1 0 .0 .0 .5 0 R eady!
WORKGROUP - Domain Name W IN -U LY858KH Q IP - R le Server Service U sername: (No one logged on)
Domain: WORKGROUP
Of Round Trip Tim e (RTT): 3 ms - Tim e To Live ( m i S
? 3
1 0 .0 .0 .6 [ADMIN-PC] H I N etB IO S Names (6) %
A DMIN-PC - W orkstation Service
י
WORKGROUP - Domain Name A DMIN-PC - R le Server Service ^ §5 WORKGROUP - Potential M aster Browser
%
WORKGROUP - M aster Browser
^
□ □ _ M S B R O W S E _ □ □ - M a s t e r Browser
Username: (No one logged on) I— ET Domain: WORKGROUP
,r
■— |
5— Of R o u n d T n p T im e (RTT): 0 ms -T im e T o U ve (TTl. B
?
1 0 .0 .0 .7 [W IN -D 39M R 5H L9E4]
0 • E 3 N etB IO S Names (3) ! Q Username: (No one logged on) [
{
Of Domain: WORKGROUP
■#Start Scanning *
0 . 0 . 0
Response Time
m SoftPerfect allows you to mount shared folders asnetwork drives, browse themusing Windows Explorer, and filter the results list. Ready
Threads
Devices
0/0
Scan
FIGURE 4.1: SoftPerfect Network Scannermainwindow
3. To start scamung your network, enter an IP range ui die Range From field and click S tart Scanning.
C E H Lab Manual Page 287
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
•00
SoftPerfect Network Scanner
File
V iew
Actions
O ptions
Bookm arks
0
.
1-1
Help
□ L3 H Range From I
B # E0
.
.
0
1
to
I
10
• 0
.
50
♦ ןa
W eb-site
II
Start Scanning
Response Time
& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 04 Enumeration
Ready_______________________Threads__________ Devices
0/0
FIGURE 4.2: SoftPerfect settinganIP rangeto scan
4. The status bar displays the status ot the scamied IP addresses at die bottom of die window. >*j File
SoftPerfect Network Scanner View
□
A ction s
Bookm arks
El .
F Address ?
Help
| X fc* V IP ₪ id
y
Range From
0
. 0
1
Host Name
10.0.0.1
| To |
10
.
0
0
50
Response Tme
0!
0 ms
10.0.0.2
WIN-MSSELCK4...
D
■י-1...
ffl
10.0.0.3
WIN-ULY858KH...
0!
1-0...
1ms
,■« 10.0.0.5
WIN-LXQN3WR...
0!
S-6...
4 ms
ISA 10.0.0.6
ADMIN-PC
0'
1-0...
0 ms
e■ 10.0.0.7
WIN-D39MR5H...
D
5-C...
0 ms
Igu 10.0.0.8
ADMIN
0!
t-0...
0 ms
1«u 10.0.0.10
WINDOWS8
Ot
.8-6...
2 ms
B
.
MAC Address
B
a
£Q SoftPerfect Network Scanner can also check for auser-defined port and report if one is open. It can also resolve host names and auto-detect your local and external IP range. It supports remote shutdown and Wake-On-LAN.
Options
.
fa, & Q W W eb-site ~| ♦ a IB Stop Scanning
»
jj
2ms
FIGURE 4.3: SoftPerfect statusbar
5. To view die properties of an individual particular IP address.
C E H Lab Manual Page 288
IP address,
nght-click diat
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
SoftPerfect Network Scanner File
V iew
Range From
Actions
O ptions
Bookm arks
B3
To
IP Address e i
10 .0 .0 .1
11 ». 10.0.0.2
VVIN-MSSELCK4..
ש
WIN-UL'f
El
s
■j 10.0.0.3
Help
10
0 ■ ^ ^-2...
0ms
D
2ms
■ «- l...
eta 10.0.0.5
WIN-LXQ
eu 10.0.0.6
ADMIN-P
Copy
e b 10.0.0.7
WIN-D 39
Properties
eu
ADMIN
10 .0 .0 .8
WINDOW
♦ £%•
Response Time
Open Computer
eta 10.0.0.10
50
MAC Address
> ►
j^> Start Scanning *
Rescan Com puter
i
W ake-O n-LAN R em ote Shutdow n R em ote Suspend / Hibernate Send Message... Create Batch File...
Devices
8/8
FIGURE 4.4: SoftPerfect IP addressscanneddetails
La b A n a ly sis Analyze and document die results related to die lab exercise. Tool/Utility
Information Collected/Objectives Achieved IP Address Range: 10.0.0.1 —10.0.0.50
SoftPerfect Network Scanner
Result: ■ IP Address ■ Host Names ■ MAC Address ■ Response Time
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B .
Q uestio ns 1. Examine die detection of die IP addresses and MAC addresses across routers. 2. Evaluate die scans for listening ports and some UDP and SNMP services. C E H Lab Manual Page 289
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
3.
H o w w o u ld y o u la u n c h e x te rn a l th ird - p a rty a p p lic a tio n s ?
Internet Connection Required □ Yes Platform Supported 0 Classroom
C E H Lab Manual Page 290
0 !Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
Lab
E n u m e r a tin g a N e t w o r k U s in g S o la v W in d s T o o ls e t T h e S o la r W in d s T o o ls e t p r o v id e s th e to o ls y o n n e e d n s a n e tw o r k en g in ee r o r n e tn o r k
c o n s u lta n t to g e t y o u r j o b
d on e.
T o o ls e t in c lu d e s b e st-o f-b re e d
s o lu tio n s th a t w o r k s im p ly a n d p re c ise ly , p r o v id in g th e d ia g n o stic, p e t fo r m a nee, and
b a n d w id th
m e a su re m e n ts y o u
w a n t,
w ith o u t e x tr a n e o u s, n n n e c e s s a y
fe a tu r e s .
I C ON
KEY
/ Valuable information Test your knowledge — Web exercise m
Workbook review
Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 04 Enumeration
La b S cen ario Penetration testing is much more than just running exploits against vulnerable systems like we learned 111 the previous module. 111 fact a penetration test begins before penetration testers have even made contact with die victim systems. Rather dian blindly dirowing out exploits and praying diat one of them returns a shell, penetration tester meticulously study the environment for potential weaknesses and their mitigating factors. Bv the time a penetration tester runs an exploit, he or she is nearly certain diat it will be successful. Since failed exploits can in some cases cause a crash or even damage to a victim system, or at die very least make the victim unexploitable 111 the future, penetration testers won't get the best results. 111 tins lab we enumerate target system services, accounts, hub ports, TCP/IP network, and routes. You must have sound knowledge of enumeration, which requires an active connection to the macliine being attacked. A hacker enumerates applications and banners 111 addition to identifying user accounts and shared resources.
La b O b jectives The objective of tins lab is to help students learn and perform NetBIOS enumeration. NetBIOS enumeration is carried out to detect: ■ Hardware MAC addresses across routers ■ Hidden shared folders and writable ones ■ Internal and external IP addresses
C E H Lab Manual Page 291
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
La b Environm ent To earn’ out the lab, you need: י
m You can also download SoftPerfect Network Scanner from http://www.solarwinds .com
SolarW inds-Toolset-V10 located at D:\CEH-Tools\CEHv8 M odule 04 E num eration\SN M P E num eration Tools\S olarW ind’s IP N e tw o rk B row ser
■ You can also download the latest version of SolarW inds S cann er trom the link http:/ /www.solarw1nds.com/ ■ If you decide to download the la te s t 111 the lab might differ
version,
T oo lset
then screenshots shown
■ Run tliis tool 111 W indow s S erver 2 0 1 2 Host machine and W indow s S erver 2 0 0 8 virtual machine ■ Administrative privileges are required to run tins tool ■ Follow the w izard -d riven installation instructions
La b Duration Tune: 5 Minutes
O verview of Enum eration Enumeration involves an active connection so that it can be logged. Typical information diat attackers are looking for includes user account names tor future password guessing attacks.
La b T a s k W TASK
1
Enumerate N etw ork
1. Configure SNMP services and select Start
_ File
Acton
ViM
4■ *־.S j □
E3 Cut troubleshooting time in half usingthe Workspace Studio, which puts the tools you need for common situations at your fingertips
^־־Control Panel
^־A dm inistrative Tools ^־־Services.
□ ־X
Help
£5
B
3
► ■ « ►י
f t Stiver Sh«H Hardware Detect!:n S^Smir Card £4 Smart Card Removal Policy E SNMP Servke Descnptior: Lrvjfck: Smpk Network 4 SNMP Trap Management Protocol (SNMP) ^ Software Protection requests to be processed by this ^ Special Admimilitlicn Comcle Hdpct computer If this service 15stopped, the computer •will be unable to w5fcSpot Verifier proem SNMP irquetti. If this servic. & S G I Full-text Filter Daemon launcher -. k disabled, any services that eiplicitlj *׳SQL Server (MSSQLSERVER) depend on it will fail to (tart. &SQL Server Agent (MSSQLSERVER) SQL Server Analyse Services (MSSQLS.. SQL Server Browser & SQL Server Distributed Replay CSert £6 SQL Server Dirtributed Replay Cortrcl £&SQL Server Integration Services 110 5* SQL Server Reporting Services (MSSQL Q SQL Server VSS Writer {fcSSDP Discovery Superfetch System Event Notification Sciyicc ׳$ ,Task Scheduler S i TCP/IP NetBIOS Helper
Dcscnpton Supports Me, paProvide* notifica.. Manages access.. Allow* the cyst*... Enables Simple... trap m#_. FrvtLIrs th* (Scfjj.. Allow■* adrniktti. . Verifies potential.. Service to launch.. Provides stcrcge... Executesjobs. m... Supplies online a-. Provides SQL Ser.. One or more Dist.. Provides trace re... Provides manag.. Manages, execute. Provides the inle_. D«wen nehvorMaintains and i . Monitors system— Enables a user to.. Provides support..
Status Running Running
Running
Running Running Running
Running Running Running
Running Running Running
Startup type Automatic Automatic DkabUd Manual Automatic Manual Automatic (D... Manual Manual (Trig... Manual Automatic Manual Automatic Disabled Manual Manual Automatic Automatic Automatic Oisabled Manual Automatic Automatic Automatic (T».
Log On As Local Syste... Local Syste... Local Service Local Syste .. Local Syste .. 1 Local Service NrtrtorV S.. Local Syste... Local Syste.. NT Servke... NT Service... NT Scrvice... NT Service... Local Service NT Service... NT Service... NT Service... NT Servke... Local Syste.״ Local Service Local Syste.. Local Syste.. Local SysteLocal Service
\ Extended >vStandard/
FIGURE 5.1: SettingSNMP Services
C E H Lab Manual Page 292
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
2. Double-click SNMP service. 3. Click die Security tab, and click Add... The SNMP Services Configuration window appears. Select READ ONLY from Community rights and Public 111 Community Name, and click Add. SNMP Service Properties (Local Computer) Se cu rity
G e n e ra l ] Log O n [ R e c o v e r y [ A g e n t [ T ra p s
@
D e p e n d e n c ie s
S e n d a u th e n ticatio n trap A c c e p t e d com m unity n a m e s Com m unity
Rig hts
Add...
Edit
Remove
D A c c e p t S N M P p a c k e t s from a n y host
IP Monitor and alert in real tim e on netw ork availability and health w ith tools including RealT im e Interface Monitor, SNMP R eal-Tim e Graph, and Advanced CPU Load
SNMP Service Configuration Com m unity rights:_____________________________ !r ea d o n ly
[“ “
^1
Cancel
C om m unity N am e : |public
L e a m m ore ab o u t S N f f lP ־
OK
Cancel
Apply
FIGURE 5.2: ConfiguringSNMP Services
4.
Select A ccept SNMP packets from any host, and click OK. SNMP Service Properties (Local Computer) G e n e ra l
0
Log O n
R eco v ery
Agent
rap s
|
־T l
| Z- ep en aencies
S e n d au th e n ticatio n trap A c c e p t e d com m unity n am es
® O
\ c c e p t S N M P p a c k e t s from a n y host A c c e p t S N M P p a c k e t s from t h e s e h osts
L e a m m ore ab o u t S N M P
OK
C E H Lab Manual Page 293
Cancel
Apply
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
FIG U RE 5.3: setting SNMP Services
5. Install SolarWinds-Toolset-V10, located 111 D:\CEH-Tools\CEHv8 Module 04 Enumeration\SNMP Enumeration Tools\SolarWind’s IP N etw ork Browser.
6. Launch the S ta rt menu by hovering the mouse cursor on the lower-left corner of the desktop.
FIGURE 5.4: WindowsServer 2012—Desktopview
& Perform robust network diagnostics for troubleshooting and quickly resolving complex netw ork issues w ith tools such as Ping Sweep, DNS Analyzer, and Trace Route
7. Click the W o rksp ace Studio window. S
t a
Studio
app to open the SolarW inds
A d m in is t r a t o r ^
r t
Server Manager
IL Computer
Windows PowerShel
Google Chrome
IT Control Panel
£
Hyper-V Manager
Workspace Studio
m
*
f t
Hyper־V Virtual Machine...
SQL Server Installation Center...
Mozilla Firefox
ProxySwiL. Standard
? Command Prompt
InternetExplorer
W orkspace
ז ז
F3
\
SjtrelSc4r ComptetiC
FIGURE 5.10: IP NetworkBrowserwindows resultspage
La b A n a ly sis Analyze and document die results related to die lab exercise. Tool/Utility
Information Collected/Objectives Achieved Scan Device IP Address: 10.0.0.7
Output: ■ Interfaces ■ Services SolarWinds Tool ■ Accounts Set ■ Shares ■ Hub Ports ■ TCP/IP Network ■ IPX Network ■ Routes
P L E A S E T A L K TO Y O U R I N S T R U C T O R I F Y O U H A V E Q U E S T I O N S R E L A T E D TO T H I S L A B .
Q uestio ns 1. Analyze die details of die system such as user accounts, system MSI, hub ports, etc.
C E H Lab Manual Page 297
Etliical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
2. Find the IP address and Mac address of the system. Internet Connection Required □ Yes Platform Supported 0 Classroom
C E H Lab Manual Page 298
0 !Labs
Ethical Hacking and Countermeasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
E n u m e r a tin g t h e S y s t e m U s in g H yen a H y e n a u ses a n E x p lo r e r -s ty k in terfa ce f o r a ll operations, in clu d in g rig h t m o u se click p o p - ip c o n te x t m e n u s f o r a ll objects. M a n a g e m e n t o f users, g ro u p s (b o th lo ca l a n d g lo b a l), shares, d o m a in s, com puters, services, devices, events, file s , p r in te r s a n d p r in t jo b s , sessions, open file s , d is k space, u se r rights, m essaging, e x p o /tin g , j o b scheduling, processes, a n d p r in tin g a re a ll su p p o /ted .
I C ON
La b S cen ario
KEY
/ Valuable information ' Test your ____ knowledge______ m Web exercise £Q Workbook review
The hacker enumerates applications and banners 111 addition to identifying user accounts and shared resources. 111 tliis lab. Hyena uses an Explorer-style interface for all operations, management of users, groups (both local and global), shares, domains, computers, services, devices, events, files, printers and print jobs, sessions, open tiles, disk space, user nghts, messaging, exporting, job scheduling, processes, and printing are all supported. To be an expert ethical hacker and penetration tester, you must have sound knowledge of enumeration, which requires an active connection to the maclune being attacked.
La b O b jectives The objective of this lab is to help students learn and perform network enumeration: ■ Users information 111 the system ■ Services running 111 the system & Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 04 Enumeration
C E H Lab Manual Page 299
La b Environm ent To perform the lab, you need: ■ A computer running Windows Server 2012 ■ Administrative privileges to install and run tools ■ You can also download tins tool from following link http: / / www. svstemtools.com/hvena/download.htm Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
■ If you decided to download latest version of dns tool screenshots may differ
La b Duration Time: 10 Minutes
O verview of Enum eration Enumeration is die process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted 111 an intranet environment
La b T a s k s The basic idea 111 diis section is to: 1. E
t a s k
Navigate to D:\CEH-Tools\CEHv8 Module 04
Enumeration\NetBIO
Enumeration Tools\Hyena
1
Double-click Hyena_English_x64.exe. You can see die following window. Click N ext
Installation of Hyena
H y e n a v 9 .0 - In s t a llS h ie ld W i z a r d
ca
You can download die Hyena from http://unv1v.systemtools.com /hyena/hyena_ne1v.htm
FIGURE 6.1:InstallationofHyena
C E H Lab Manual Page 300
3.
The S o ftw a re L icense A g re e m e n t window appears, you must accept the agreement to install Hyena.
4.
Select I a c c e p t click Next.
th e term s o f th e licen se a g re e m e n t
to continue and
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
FIGURE 6.2: Select dieAgreement
5.
Choose die destination
6.
Click Next to continue the installation.
location
to install Hyena. x
H y e n a v 9 .0 ־In s t a llS h ie ld W i z a r d
Choose Destination Location
Selectfolderwheresetupwill installfiles.
m In addition to supporting standard Windows system management functions, Hyena also includes extensive Active Directory integration
InstallHyenav9.0to: C:\ProgramFies\Hyena
Change...
FIGURE 6.3: Selectingfolder for installation
7.
C E H Lab Manual Page 301
The Ready to
install the Program
window appears. Click Install
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
r
H y e n a v 9 .0 - I n s t a l l S h i e l d W i z a r d
—
ן
Ready to Install the Program The wizard is ready to begin installatic
ClickInstall tobegintheinstalation Ifyouwanttorevieworchangeanyerfyourretaliationsettings, clickBack. ClickCancel toexitthe wizard.
ILU Hyena can be used on anyWindows client to manage anyWindows NT, Windows 2000, Windows XP/Vista, Windows 7, or Windows Server 2003/2008/2012 installation
FIGURE 6.4: selectinginstallationtype
8.
The InstallShield Wizard complete window appears. Click Finish ro complete die installation.
InstallShield Wizard Complete
TheInstallShieldWizardhassuccessful instaledHyenav9.0. ClickFinishtoexitthewizard.
FIGURE 6.5: Readytoinstall window
Enumerating system Information
C E H Lab Manual Page 302
9.
Launch the S tart menu by hovering the mouse cursor 011 the lowerleft corner of the desktop.
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
FIGURE 6.6: WindowsSeiver 2012—Desktopview & Hyena also includes full exporting capabilities and both Microsoft Access and Excel reporting and exporting options
10.
Click the Hyena app to open the Hyena window.
FIGURE 6.7: Windows Server 2012—Apps
11. The Registration window will appear. Click OK to continue. 12. The main window of Hyena is shown 111 following figure.
C E H Lab Manual Page 303
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
M odule 04 - Enum eration
13. Click + to expand Local workstation, and then click Users. J
’ י ם ' ־
H y e n a v9 .0
x
ף־
He Edit W ew Tools Help
c a Additional command-line options were added to allow starting Hyena and automatically inserting and selecting/expanding a domain, server, or computer.
- Jfr W 1N-D39MR5HL9E4(LocalWorkstation)! j 5 £1 D rives j g £"LocalConnections - cygSU ♦ E Administrator 4 C Guest 4 C Jason(Jason) &CJuggyboy(Juggyboy) &£ Martin(Martin) ♦ CShiela(Shiela) ♦J1 LocalGroups >' ־Printers ^♦׳Shares 8־Sessions & OpenFiles £ Services gp Devices £ 4>נEvents 9 DiskSpace j '± £ UserRights I ♦9 Performance , a ScheduledJobs : ± £ Registry j . W MI +^ Enterprise
aa 11 Hyen a v9.0
6user(s)foundon,\\W1N-D39MR5HL9E4' FIGURE 6.9: Expand the Systemusers
14. To check the services running on the system, double-click S ervices H y e n a v9 .0 ־S e r v ic e s o n W W IN - D 3 9 M R 5 H L 9 E 4
Re Ed« W ew Toots Help V *s & x » a■ :s [e ] o ^ v
- V7IN-D39MR5HL9E4(LocalWorkstation) £ Drives & LocalConnections I £ Users . c Administrator ♦ C Guest | 5 c Jason(Jason) ♦ CJuggyboy(Juggyboy) ^ C Martin(Martin) ♦ C Shiela(Shiela) ♦ “5 LocalGroups g 4^ Printers ffiQ Shares S" Sessions iLJ•Qpenhles Lj&EEZaU 2PDevices BE Events O DiskSpace S S UserRights *9 Performance I ♦ 0 ScheduledJobs Registry i & WMI ♦^ Enterpnse K//www.systemtools.com
■3! ■31y b «!
aa Services on W W IN - D 3 9 M R 5 H L 9 E 4 Name________________ Display Nam e_________ Status______
$5־AdobeARMservice AdobeAcrobatUp... {}נAeLookupSvc ApplicationExperie... ApplicationLayerG... © ALG ©AIIUserinstallAgent WindowsAll-UserI... ApplicationHostH... ©AppHostSvc ApplicationIdentity ©ApplDSvc ApplicationInform... ©Appinfo ApplicationManag... $5־AppMgmt ©AudioEndpomtB... WindowsAudioEn... ©Audiosrv WindowsAudio ®6FE BaseFilteringEngine 0-BITS BackgroundIntellig... ©Brokerlnfrastruct... BackgroundTasksI... ©Browser ComputerBrowser ©CertPropSvc CertificatePropaga... COM♦SystemApp... ©COMSysApp 0CryptSvc CryptographicServi... ©DcomLaunch DCOMServerProce... ©defragsvc Optimizedrives ©DeviceAssociatio... DeviceAssociation...
Running Stopped Stopped Stopped Running Stopped Stopped Running Stopped Stopped Running Running Running Stopped Stopped Stopped Running Running Stopped Stopped
156servicesfoundon\\־W1N-D39MR5HL9E41/156 ־objects FIGURE 6.10: Sendees running in the system
15. To check the U ser Rights, click + to expand it.
C E H Lab Manual Page 304
Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
M odule 04 - Enum eration
' ־°r *
H y e n a v9 .0 - 3 D r iv e s o n A \ W IN - D 3 9 M R 5 H L 9 E 4 '
He Edt VtcH Tools Hdp y *3 a X * 3* ::: 5=] Q SI
fl J »3ai fe° E3 «
* C Juggyboy(Juggyboy)
♦ C Martin(Martin) ± CShiela(Shiela) ♦ ^ LocalGroups Pnnters +^ Shares S־Sessions j—^ O penFiles Qb Services Devices ffi& Events ^ DiskSpace ghtsI ft BackupOperators Users§ Administrators§ Everyone§ SeTcbPrivilege(Actaspartoftheopera£ SeMachmeAccountPrivilege(Addwork & St• SeBackupPrivilege(Backupfilesanddii-, iL SeChangeNotifyPrivilege(Bypasstraver SeUnsolicitedlnputPrivilege(SeUnsolicii ^ SeSystemtimePrivilege(Changethesys £-|־ -SeCreatePagefilePrivilege(Createapag21 SeCreateTokenPrivilege(Createatoki ■=£: a
3 Drives on \\־־W IN -D 3 9 M R 5 H L9 E 4 ־־
Server *■ Drive ©WIN-D39MR... C ©W1N-D39MR... D ©WIN-D39MR... E
3Driveson"W W 1N-D39MR5HL9E41
7www.systefntools.com
Format NTFS NTFS NTFS
Total 97.31GB 97.66GB 270.45GB
Used 87.15GB 2.90GB 1.70GB
^^^biects
FIGURE 6.11: Users Rights
To check the Scheduled jobs, click + to expand it.
16. J
H y e n a v 9 .0 - 77 t o t a l s c h e d u le d jo b s .
File Ed« W ew Tools Help
y *3
