CHAPTER 3 GATHERING NETWORK AND HOST INFORMATION

Get Started. It's Free
or sign up with your email address
Rocket clouds
CHAPTER 3 GATHERING NETWORK AND HOST INFORMATION by Mind Map: CHAPTER 3  GATHERING NETWORK AND HOST INFORMATION

1. define enumeration

1.1. the process of extracting user names, machine names, network resources, shares, and services from a system.

2. purpose enumeration

2.1. to get more details information about the target that needs to be compromised.

3. Information to be collected during the enumeration Stage such as :

3.1. usernames

3.2. machine names

3.3. network resources

3.4. services

4. null session

4.1. allow unauthenticated hosts to share information with each other

4.2. can exploit CIFS/SMB &NetBIOS

4.3. requires port 139 and/or 445

4.4. once it has been created can use it to extract information such as domains, host names, user accounts, security policy

5. SNMP enumeration

5.1. process of using SNMP to enumerate user accounts on a target system.

5.2. managers send requests to agents and the agents send back replies

5.3. the requests and replies refer to variable accessible to agent software

5.4. managers can also send requests to set values for certain variable

6. Enumeration tools.

6.1. SNScan

6.2. LoriotPro

6.3. SNMPScanner

7. Types of scanning

7.1. a) port scanning

7.1.1. The act of systematically scanning a computer's ports.

7.1.2. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer.

7.2. b) network scanning

7.2.1. refers to the use of a computer network to gather information regarding computing systems. Mainly used for security assessment, system maintenance, and also for performing attacks by hackers.

7.3. c)Vulnerability scanning

7.3.1. Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.

7.3.2. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures

8. Scanning methodology

8.1. a)Check for live system

8.1.1. Ping send out an ICMP Echo Request packet and awaits

8.1.2. ICMP Echo Reply message from an active machine

8.1.3. Ping helps in assessing network traffic by time stamping each packet.

8.1.4. Tools include Pinger, WS_Ping ProPack, NetScan Tools, HPing, icmpenum

8.2. b) Check for open ports

8.2.1. Port Scanning is one of the most popular reconnaissance techniques used by hackers to discover services that can be compromised.

8.2.2. A potential target computer runs many 'services' that listen at ‘well-known’ 'ports'.

8.2.3. By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited

8.3. c)Service identification

8.3.1. Example Services -IPTV vs. Multimedia -Gaming vs. Voice Chat -Config vs. Pager messaging

8.3.2. Uses of Service ID -App Invocation in UA -App Invocation in network -Network QoS Auth

8.3.3. Serious of Explicit identifiers -Fraud -Systemic Interop failures -Stifling of innovation

8.4. d) Banner grabbing/OS fingerprinting

8.4.1. technique to find the Operating System of the target

8.4.2. the hacker can look for vulnerabilities in the OS and accordingly plan the attack

8.4.3. a)Active Banner Grabbing

8.4.3.1. Intentionally packets are sent to target to retrieve information of OS, like its name, Version etc

8.4.4. b)Passive Banner Grabbing

8.4.4.1. uses sniffing techniques to capture packets flowing from system . captured packets are then analyzed for OS information

8.4.5. tools

8.4.5.1. -ID Serve -Netcraft -Netcat -Telnet -Nmap

8.4.6. How to avoid this attack

8.4.6.1. Use false banners , will misguide the hacker

8.4.6.2. Do not keep unnecessary servers open

8.4.6.3. Use IIS Lock down Tool or server mask

8.5. e)Vulnerability scanning

8.5.1. used to identify security weaknesses in a computer system.

8.5.2. Can be used by individuals or network administrators for security purposes

8.5.3. Can also be used by hackers attempting to gain unauthorized access to computer system.

8.5.4. This is done by using a very popular tool called Nessus It is the most popular tool and gives all information about the vulnerability on the target

8.5.5. This tool helps in :

8.5.5.1. -Data collection -Identify hosts -Scan Ports -Report the information found

8.6. f)Draw network diagrams of vulnerable hosts

8.6.1. Is accessible in any other sites or a network

8.6.2. Tools like Solar Winds LAN Surveyor can be helpful to make a network diagram of the network

8.6.3. These diagrams can then be moved to Visio for documenting it