footprinting scanning and enumeration
play

Footprinting, Scanning, and Enumeration Philip Robbins September - PowerPoint PPT Presentation

Dec 23, 2023 •383 likes •2.03k views

ISA 330 Introduction to Proactive System Security Week #3 Footprinting, Scanning, and Enumeration Philip Robbins September 28, 2013 Information Security & Assurance Program University of Hawai'i West Oahu 1 Footprinting, Scanning, and

  1. Scanning • nmap –A –v 192.168.56.101 (against MS2) 71

  2. Scanning • nmap 192.168.56.102 (against BT5R3) 72

  3. Scanning • nmap –sS ‐v 192.168.56.101 (against MS2) 73

  4. Scanning • nmap –sS ‐v 192.168.56.100‐200 (range) 74

  5. Reconnaissance • Unicornscan Conduct tests on large networks and consolidate tools for large‐scale endeavors. ‐ Ideal for large networks. ‐ Scans 65,535 ports in 3‐7 seconds. ‐ Port scanning using TCP, ICMP, and IP. ‐ Optimizes UDP scanning. 75

  6. Reconnaissance • fping A command‐line tool that allows you to ping multiple IP addresses simultaneously (determining which computers are “live”). 76

  7. Reconnaissance • fping ‐h ping vs fping: specify a range 77

  8. Reconnaissance • hping Allows you to ping sweep multiple IP addresses simultaneously while bypassing filtering devices (using modified IP packets). 78

  9. Reconnaissance • hping3 –h | less 79

  10. Reconnaissance • hping3 –h | less 80

  11. Reconnaissance • hping3 –h | less set flags just like nmap… 81

  12. Enumeration ‐ Next step after port scanning. ‐ Actually connecting to the system and obtaining information about users, passwords, and shared resources. ‐ Active / intrusive v.s. Passive 82

  13. REVIEW: OS Vulnerabilities • Network Basic Input / Output System (NetBIOS) ‐ OSI Session Layer 5. ‐ Software that allows us to interact with a shared network resources or devices. ‐ NetBIOS frees an application from understanding the details of a network. ‐ Still used today for ensuring backward capability. ‐ Uses ports open to the internet: UDP/137 UDP/138 TCP/139 83

  14. REVIEW: OS Vulnerabilities • Network Basic Input / Output System (NetBIOS) Why is NetBIOs over TCP/IP considered a security risk again? 84

  15. REVIEW: OS Vulnerabilities • Network Basic Input / Output System (NetBIOS) Why is NetBIOs over TCP/IP considered a security risk again? 85

  16. Enumeration • Network Basic Input / Output System (NetBIOS) ‐ Names have 16 char limit; 15 useable char limit. ‐ Last char reserved for service identification (00 to FF). ‐ Hackers attack Domain Controllers because of the type of info. ‐ Null Sessions (NS) is a serious vulnerability for NetBIOS systems. ‐ NS still present on Windows XP ‐ NS disabled by default in Windows Server 2003 ‐ NS not available in Windows Vista and Server 2008 ‐ NBTstat command used. 86

  17. Enumeration 87

  18. Enumeration 88

  19. Enumeration • NBTscan NetBIOS over TCP/IP scan finds computers running NETBIOS. 89

  20. Enumeration • NBTscan 90

  21. Enumeration • nbtstat 91

  22. Enumeration • nbtstat ‐a 92

  23. Enumeration • net view Displays a list of domains, computers, or resources that are being shared by the specified computer. Used without parameters, net view displays a list of computers in your current domain. 93

  24. Enumeration • net view 94

  25. Enumeration • net view 95

  26. Enumeration • net use Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections. Used without parameters, net use retrieves a list of network connections. 96

  27. Enumeration • net use 97

  28. Enumeration • DumpSec Enumeration tool for Windows systems allowing users to connect to a server and “dump” permissions for shares. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares. 98

  29. Enumeration • DumpSec 99

  30. Enumeration • smb4K Used to enumerate Windows computers on a network. 100

Recommend

Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty

Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty

Security track Footprinting for security auditors Jose Manuel Ortega @jmortegac Footprinting for securty auditors Agenda Information gathering Footprinting tools Port scanning with nmap Nmap scripts Footprinting for securty

880 views • 61 slides
Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and

Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and

Hands-On Ethical hacking and Network Defense -2 nd Edition Chapter 4 Summary - Footprinting and Social Engineering Objectives After reading this chapter and completing the exercises, you will be able to: Use Web tools for footprinting

213 views • 6 slides
CSE 527 Lecture 10 Parsimony and Phylogenetic Footprinting Phylogenies (aka Evolutionary

CSE 527 Lecture 10 Parsimony and Phylogenetic Footprinting Phylogenies (aka Evolutionary

CSE 527 Lecture 10 Parsimony and Phylogenetic Footprinting Phylogenies (aka Evolutionary Trees) Nothing in biology makes sense, except in the light of evolution -- Dobzhansky A Complex Question: Given data (sequences, anatomy,

593 views • 17 slides
Carbon Footprinting 101 April 22, 2020 Housekeeping All attendees are muted Q&A

Carbon Footprinting 101 April 22, 2020 Housekeeping All attendees are muted Q&A

Carbon Footprinting 101 April 22, 2020 Housekeeping All attendees are muted Q&A session at the end Please submit any questions to the GoToWebinar Questions box Webinar slides and recording will be sent to all registrants 2

687 views • 55 slides
WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH -

WE MAKE DIGITAL HUMANS CONTENTS SCANNING 3D EXTRAS - FACIAL SCANNING - HAIR + CLOTH - BODY SCANNING - REAL-TIME INTEGRATION MODELLING/TEXTURING - LIGHTING + RENDERING - CAMERA ANIMATION - MODELLING - HEAD TRACKING -

728 views • 42 slides
Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides
Chapter 7 Utilities for High-Level Descriptions 1 Type Declarations and Usage Enumeration

Chapter 7 Utilities for High-Level Descriptions 1 Type Declarations and Usage Enumeration

Chapter 7 Utilities for High-Level Descriptions 1 Type Declarations and Usage Enumeration types Physical types Array types Record types 2 Enumeration Types Enumeration is basic scalar type Enumeration is defined

522 views • 39 slides
Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan)

3/12/20 Cases & Straps Mounts, stands, clamps. Types of Scanning 1 Switch Automatic Step/Dwell Indirect Access SCANNING 2 Switch Step Scanning (get/select, move/scan) Switches SG SGD Sc Scan an

270 views • 4 slides
Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR

Introduction to Static LiDAR Scanning Presented By: Anthony Falbo P.L.S. September 2020 LiDAR Scanning Overview Scanning background Applications Strengths Weaknesses Scanning Examples Fisher Associates LiDAR = light

610 views • 20 slides
Leveraging Variation and Uncertainty in Environmental Footprinting Randolph Kirchain Jeremy

Leveraging Variation and Uncertainty in Environmental Footprinting Randolph Kirchain Jeremy

Leveraging Variation and Uncertainty in Environmental Footprinting Randolph Kirchain Jeremy Gregory, Jeffrey Dahmus, Elsa Olivetti Materials Systems Laboratory Massachusetts Institute of Technology Massachusetts Institute of Technology

654 views • 17 slides
FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath

FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath

FamilySearch Scanning (Scanstone) An Automated Exposure Method For Scanning Microfilm Heath Nielson nielsonhe@ldschurch.org Digitizing Microfilm Scan as efficiently as possible At 30 minutes a roll, it would require a single scanner

471 views • 21 slides
Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as

Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as

1 Scanning Probe Microscopy L. J. Heyderman 2 Scanning Probe Microscopy If an atom was as large as a ping-pong ball... ...the tip would have the size of the L. J. Heyderman Matterhorn! 3 Magnetic Force Microscopy Stray field

147 views • 14 slides
An Introduction to Enumeration Schemes Lara Pudwell Valparaiso University Trinity University

An Introduction to Enumeration Schemes Lara Pudwell Valparaiso University Trinity University

Pattern-Avoiding Permutations Enumeration Schemes Summary An Introduction to Enumeration Schemes Lara Pudwell Valparaiso University Trinity University Mathematics Colloquium November 18, 2009 Lara Pudwell An Introduction to Enumeration

1.14k views • 79 slides
ENUMERATION TYPES An enumeration type is a type whose values are defined by a list of named values

ENUMERATION TYPES An enumeration type is a type whose values are defined by a list of named values

ENUMERATION TYPES An enumeration type is a type whose values are defined by a list of named values of type int. This programmer-defined type is very much like a list of declared constants. Enumeration types can be handy for defining a list of

363 views • 3 slides
Verified Enumeration of Plane Graphs Modulo Isomorphism Tobias Nipkow Fakult at f ur

Verified Enumeration of Plane Graphs Modulo Isomorphism Tobias Nipkow Fakult at f ur

Verified Enumeration of Plane Graphs Modulo Isomorphism Tobias Nipkow Fakult at f ur Informatik TU M unchen 1 Background 2 Generic enumeration 3 Application 1 Background 2 Generic enumeration 3 Application Kepler Conjecture (1611)

643 views • 30 slides
Random Sampling Revisited: Lattice Enumeration with Discrete Pruning Yoshinori Aono

Random Sampling Revisited: Lattice Enumeration with Discrete Pruning Yoshinori Aono

Random Sampling Revisited: Lattice Enumeration with Discrete Pruning Yoshinori Aono Phong Nguy n Summary Motivation Lattices, Enumeration and Pruning Enumeration with Discrete Pruning Motivation Context Needs: convincing

457 views • 43 slides
Scanning Activity Seen @ LBNL Scanning Hosts Seen @ LBNL Services Scanned Over Time Scans Per

Scanning Activity Seen @ LBNL Scanning Hosts Seen @ LBNL Services Scanned Over Time Scans Per

Scanning Activity Seen @ LBNL Scanning Hosts Seen @ LBNL Services Scanned Over Time Scans Per Scanner Hosts Scanned Per Scanner Ports Scanned Per Scanner Scanning Speed # Failed Conns Not Enough Info Failure Ratio Much More Distinctive

320 views • 12 slides
Graph classes with given 3 -connected components: asymptotic enumeration and random graphs

Graph classes with given 3 -connected components: asymptotic enumeration and random graphs

Background Enumeration Largest block 3-connected component Graph classes with given 3 -connected components: asymptotic enumeration and random graphs Juanjo Ru e (joint work with Omer Gim enez and Marc Noy) Laboratoire dInformatique

947 views • 70 slides
3D Scanning Dr. Francesco Banterle, francesco.banterle@isti.cnr.it banterle.com/francesco What

3D Scanning Dr. Francesco Banterle, francesco.banterle@isti.cnr.it banterle.com/francesco What

3D Scanning Dr. Francesco Banterle, francesco.banterle@isti.cnr.it banterle.com/francesco What is 3D Scanning? 3D scanning is the process of measuring 3D information; and it is the very first step when creating a complete 3D model. 3D

832 views • 68 slides
Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research

Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research

Scanning (and some other no-tech hacking) Todays Class Scanning the Internet for research Scanning the Internet for research Other no-tech hacking Definitions: domain name: google.com unm.edu a registrable

542 views • 19 slides
: Enumeration Type Enumeration Type Week Week 11 11: Monchai Sopitkamol, Ph.D. Monchai

: Enumeration Type Enumeration Type Week Week 11 11: Monchai Sopitkamol, Ph.D. Monchai

2/8/2007 204111 204111: Computer and : Computer and Programming Programming : Enumeration Type Enumeration Type Week Week 11 11: Monchai Sopitkamol, Ph.D. Monchai Sopitkamol, Ph.D. Enumeration Type Enumeration Type Motivations

229 views • 10 slides
Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web

Overview System Security Scanning Security Scanning and Discovery Important Security Web Sites Fingerprinting OS FingerPrinting IP Stacks Share Scans Chapter 14 SNMP Vulnerabilities FingerPrinting TCP/IP Services

439 views • 8 slides
StratoSphere Above the Clouds Triangle Enumeration Input Set of undirected edges

StratoSphere Above the Clouds Triangle Enumeration Input Set of undirected edges

Stratosphere Demo Triangle Enumeration & TPC-H Query 3 Thomas Bodner, Matthias Ringwald TU Berlin StratoSphere Above the Clouds Triangle Enumeration Input Set of undirected edges Friend-of-a-Friend RDF data from Billion Triple

590 views • 19 slides
Scanning Gianpaolo Palma 3D Scanning Taxonomy SHAPE ACQUISTION CONTACT NO-CONTACT NO

Scanning Gianpaolo Palma 3D Scanning Taxonomy SHAPE ACQUISTION CONTACT NO-CONTACT NO

Optical Active 3D Scanning Gianpaolo Palma 3D Scanning Taxonomy SHAPE ACQUISTION CONTACT NO-CONTACT NO ACOUSTIC DESTRUCTIVE X-RAY DESTRUCTIVE MAGNETIC OPTICAL CMM ROBOTIC SLICING PASSIVE ACTIVE GANTRY Recap Computational

704 views • 48 slides

More recommend