Module Summary
- Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system.
- SNMP enumeration is a process of enumerating user accounts and devices on a target system using SNMP.
- MIB is a virtual database containing formal description of all the network objects that can be managed using SNMP.
- Attacker queries LDAP service to gather information such as valid user names, addresses, departmental details, etc. that can be further used to perform attacks.
- Network Time Protocol (NTP) is designed to synchronize clocks of networked computers.
- Attackers use the specific port with telnet to enumerates the server version running on the remote host.
Q1) Which of the following tools are used for enumeration? (Choose three.)
- SolarWinds
- USER2SID
- Cheops
- SID2USER
- DumpSec
A1) USER2SID,SID2USER,and DumpSec are three of the tools used for system enumeration. Others are tools such as NAT and Enum. Knowing which tools are used in each step of the hacking methodology is an important goal of the CEH exam. You should spend a portion of your time preparing for the test practicing with the tools and learning to understand their output.
Q2) What did the following commands determine?
C: user2sid \earth guest
S-1-5-21-343818398-789336058-1343024091-501
C:sid2user 5 21 343818398 789336058 1343024091 500
Name is Joe
Domain is EARTH
- That the Joe account has a SID of 500
- These commands demonstrate that the guest account has NOT been disabled
- These commands demonstrate that the guest account has been disabled
- That the true administrator is Joe
- Issued alone,these commands prove nothing
A2) One important goal of enumeration is to determine who the true administrator is. In the example above, the true administrator is Joe.
Q3) Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.
- SNMPUtil
- SNScan
- SNMPScan
- Solarwinds IP Network Browser
- NMap
A3) SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil,you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMPenumeration tool with a graphical tree-view of the remote machine's SNMP data.
Q4) In the context of Windows Security, what is a 'null' user?
- A user that has no skills
- An account that has been suspended by the admin
- A pseudo account that has no username and password
- A pseudo account that was created for security administration purpose
A4) NULL sessions take advantage of “features” in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Using these NULL connections allows you to gather the following information from the host:
- List of users and groups
- List of machines
- List of shares
- Users and host SID' (Security Identifiers)
NULL sessions exist in windows networking to allow:
- Trusted domains to enumerate resources
- Computers outside the domain to authenticate and enumerate users
- The SYSTEM account to authenticate and enumerate resources NetBIOS NULL sessions are enabled by default in Windows NT and 2000. Windows XP and 2003 will allow anonymous enumeration of shares,but not SAM accounts.
Q5) Enumeration does not uncover which of the following pieces of information?
- Services
- User accounts
- Ports
- Shares
A5) Ports are usually uncovered during the scanning phase and not the enumeration phase.
Q6) Enumeration is useful to system hacking because it provides __
- Passwords???
- IP ranges
- Configuration
- Usernames
A6) Usernames are especially useful in the system-hacking process because they let you target accounts for password cracking. Enumeration can provide information regarding usernames and accounts.
Q7) What is enumeration?
- Identifying active systems on the network
- Cracking passwords
- Identifying users and machine names
- Identifying routers and firewalls
A7) Enumeration is the process of finding usernames, machine names, network shares, and services on the network.
Q8) What is a countermeasure for SNMP enumeration?
- Remove the SNMP agent from the device
- Shut down ports 135 and 139 at the firewall
- Shut down ports 80 and 443 at the firewall
- Enable SNMP read-only security on the agent device
A8) The best countermeasure to SNMP enumeration is to remove the SNMP agent from the device. Doing so prevents it from responding to SNMP requests.
Q9) A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?
- Reject all invalid email received via SMTP.
- Allow full DNS zone transfers.
- Remove A records for internal hosts.
- Enable null session pipes.
Q10) What is the following command used for?
net use \target\ipc$ "" /u:""
- Grabbing the etc/passwd file
- Grabbing the SAM
- Connecting to a Linux computer through Samba.
- This command is used to connect as a null session
- Enumeration of Cisco routers
A10) The null session is one of the most debilitating vulnerabilities faced by Windows. Null sessions can be established through port 135, 139, and 445.