Ethical Hacking: Enumeration
Course info
Course info
Description
Pluralsight is not an official partner or accredited training center of EC-Council. Enumeration is the first official attack at your target. Enumeration is the process of gathering information that might include user names, computer names, network shares, services running, and other possible points of entry. This course we'll show different techniques that can be used against your network. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking
About the author
Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.
More from the author
Section Introduction Transcripts
Enumeration Explained & the Techniques Used
♫ Enumeration, massive frustration ♫ Enumeration, the game we love to play ♫ Yeah, I know, don't give up my day job, right? Hi, my name is Dale Meredith and welcome to Ethical Hacking: Enumeration. Now, this is going to be an interesting course because enumeration does something that we typically don't want to take place, or it makes systems behave in a way that they're not normally, or that we wouldn't expect them to behave, and if you're familiar with my quotes, the Woz, Steve Wozniak, one of the original founders of Apple, he once said "a lot of hacking is playing with other people, "you know, getting them to do strange things, " and that's exactly what enumeration does for us. So, we'll go through in this first module, and take a look at exactly what is enumeration, then we'll discuss how it works, and why it works. A lot of this, unfortunately, we can't stop, because it's going to be the natural effect of some of the services that we're supporting on our network infrastructures. We'll also go through and take a look at what exactly can we learn from enumeration? That's gonna depend on what we're enumerating with. So, that leads to the logical next step, and that is, looking at the different technologies that we can enumerate. So, go get your hacker hat, put it on, tilt it a little to the side, sure you get some style, and let's get going.
Enumerating via SNMP
It's simple. It's a network management protocol. What could possibly go wrong? Well, quite a bit actually. John Wooden once made the statement of "It's the little details that are vital. Little things make big things happen. " And that's completely true. SNMP has been around for a long time and it's gone through several different version changes. In this module we'll go through and take a look at how we actually deal with SNMP. Obviously, what it's short for, we'll go through and take a look at what it is exactly. We'll talk about why adminstrators enable it. It's basically to make our lives easier. Any time ease of use, remember the technology triangle from our first course when we implement heavier on the ease of use, or from the gooey perspective we lose security. We'll also go through and take a look at what they refer to as MIB's. Which are the management information base. Basically, they're databases that can control some of the objects we monitor with SMNP. And then we're going to go through and show you how to setup SNMP so that we can do a little enumeration. We won't be actually doing this against any types of switchers or routers We'll do it against a server and see what kind of information we can actually extrapolate away from that box. So crack the knuckles, get comfortable in your chair, and let's get going.
Enumerating via LDAP
So let's talk about Enumerating via LDAP. LDAP is a part of our lives, especially in the IT world. There's a famous quote that the author is unknown, but they said, "Be careful who you share your weaknesses with. Some people can't wait to have the opportunity to use them against you. " And the reason why this is so prevalent when it comes to LDAP is that LDAP can be a weakness as well. In this module, we'll go through and take a look at, exactly what is LDAP? Well, as I mentioned before we're using this almost everywhere in our IT organizations because of things like active directory by Microsoft or OpenLDAP, which is, I believe what Apple utilizes. So we'll take a look at LDAP. Again, this is not going to be an LDAP course, we just want to show you how we can use it to our advantage. And then we'll go through and see what it is we can actually discover enumerating LDAP. It might surprise you. And then we'll go through and take a look at a demo of enumerating with both Jxplorer and a product I really enjoy called Hyena.
Enumerating via NTP
Okay, guess what? I can actually enumerate using time. You're like, "What? " There's a protocol out there that our computers use to synchronize the time between each other. It's called NTP, or Network Time Protocol. Now you may be thinking, "Dale, you cannot possibly have "a quote about this. " Well, guess again. A famous philosopher whose name is Cyndi Lauper, I believe she just wants to have fun. She once said, "If you're lost, "you can look and you will find me... time after time. " See, I can find a quote for anything, guys. And it always deals with the aspect when it comes to hacking is, the things that you don't expect end up giving up information. So, in this module, we'll go through and we're going to have some fun. We'll take a look at what is NTP? Give you a little history lesson on it, and then we'll go through and take a look at, what is it we can actually extrapolate out of an NTP server? And you may be thinking, "Dale, I don't have an NTP server. " Yes, you do, you just don't realize it yet, especially if you're in a network environment, and then of course, we'll get our fingers warmed up again and we'll go do a little bit more demoing, using some basic command line interfaces for enumerating NTP, and see what we can find.
Enumerating via SMTP
So who would think that a simple protocol that we use in day to day life, such as SMTP could reveal so much about your network? Well, guess what? It does. There was a famous bumper car sticker that went around in black hats several years ago and a lot of people didn't understand it's meaning, and it just simply said, 'I read your email. ' And it's so true, e-mail goes across clear text and as the e-mail servers communicate with each other they leave behind a lot of information that can be enumerated to tell an attacker more about your infrastructure. So, in this module we're going to go through, we're going to take a look at the Simple Mail Transfer Protocol. And in it we'll take a look at what it is, what it's used for in case you're not familiar with it, trust me, it's all about e-mail. We'll also go through and take a look at the information that we can discover using SMTP enumeration, and then of course we're going to give you some more demos, I know you're excited. We'll go through and enumerate using a product that's called NetScanTools Pro which is a GUI based environment and just to make sure that everything is all equal and fair, we'll break out a little command line and we'll enumerate with something that's called SMTP_User_Enum. The purpose here, folks, is not necessarily to read someone's e-mail, even though that could give up a lot of information, but it's more of looking at what we refer to as the headers of e-mail, which is the information that gets attached to the beginning of the e-mail during transit, which again, will expose quite a bit.