Chapter 3 Gathering Network and Host Information

Get Started. It's Free
or sign up with your email address
Rocket clouds
Chapter 3 Gathering Network and Host Information by Mind Map: Chapter 3 Gathering Network and Host Information

1. Define enumeration

1.1. is a set of related constants that define a value type where each constant is known as a member of the enumeration

2. Purpose of enumeration

2.1. provided by the .NET Framework are generally used to set object properties and to specify the values that are passed to methods

3. Stage such as:

3.1. Usernames

3.2. Machine names

3.3. Network resources

3.4. Services

4. Null sessions

4.1. The null sessions are the unauthenticated sessions of the Server Message Block (SMB), which is the core network protocol of the Windows operating system

5. SNMP enumeration

5.1. SNMP stands for Simple Network Management Protocol

5.2. managers send requests to agents, and the agents send back replies

5.3. the requests and replies refer to variables accessible to agent software

5.4. managers can also send requests to set values for certain variables

6. Enumeration tools

6.1. -NBTscan -DumpSec -SMBScanner -Netcat

7. Types of scanning:

7.1. Port scanning

7.1.1. -a series message sent by someone attempting to break into a computer to learn about the computer's network services -each associated with a "well-known" port number

7.2. Network scanning

7.2.1. -a procedure for identifying active hosts on a network -either for the purpose of attacking them or for network security assessment

7.3. Vulnerability scanning

7.3.1. -the automated process of proactively identifying vulnerabilities of computing systems present in a network

8. Scanning methodology

8.1. Check for live system

8.1.1. Ping send out an ICMP Echo Request packet and awaits an

8.1.2. ICMP Echo Reply message from an active machine.

8.1.3. Alternatively, TCP/UDP packets are sent if incoming ICMP messages are blocked.

8.1.4. Ping helps in assessing network traffic by time stamping each packet.

8.1.5. Ping can also be used for resolving host names.

8.1.6. Tools include Pinger, WS_Ping ProPack, NetScan Tools, HPing, icmpenum

8.2. Check for open ports

8.2.1. Port Scanning is one of the most popular reconnaissance techniques used by hackers to discover services that can be compromised.

8.2.2. A potential target computer runs many 'services' that listen at ‘well-known’ 'ports'.

8.2.3. By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited

8.3. Service identification

8.3.1. Example Services -IPTV vs. Multimedia -Gaming vs. Voice Chat -Config vs. Pager messaging

8.3.2. Uses of Service ID -App Invocation in UA -App Invocation in network -Network QoS Auth -Accounting and Billing -Service Negotiation -Dispatch to Devices

8.3.3. Serious of Explicit identifiers -Fraud -Systemic Interop failures -Stifling of innovation

8.3.4. Recommendations -Determine service by examining signaling -If you think signaling is not sufficient, its because you are doing implicit signaling for some feature -Caching of service ID is reasonable within a domain

8.4. Banner grabbing/OS fingerprinting

8.4.1. Is the technique to find the Operating System of the target

8.4.2. Active Banner Grabbing

8.4.2.1. -specially crafted packets are sent to remote OS and the response are noted -the responses are then compared with a database to determine the OS -response from different OSes varies due to differences in TCP/IP stack implementation

8.4.3. Active Banner Grabbing

8.4.3.1. Banner grabbing from error messages

8.4.3.2. Sniffing the network traffic

8.4.3.3. Banner grabbing from page extensions

8.4.4. tools

8.4.4.1. ID Serve

8.4.4.2. Netcraft

8.4.4.3. Netcat

8.4.4.4. Telnet

8.4.4.5. Nmap

8.5. Vulnerability scanning

8.5.1. -Is a security technique used to identify security weaknesses in a computer system

8.5.2. This is done by using a very popular tool called Nessus

8.5.3. This tool helps in

8.5.3.1. Data collection

8.5.3.2. Identify hosts

8.5.3.3. Scan Ports

8.5.3.4. Report the information found

8.6. Draw network diagrams of vulnerable hosts

8.6.1. Is accessible in any other sites or a network