1. Enumeration with SNMP
1.1. For enumerating a target system is the Simple Network Management Protocol (SNMP).
1.2. Is used to assist in the management of devices such as routers, hubs, and switches, among others.
1.3. SNMP is an application layer protocol that functions using UDP.
1.4. The main requirement for SNMP is that the network is running the TCP/IP protocol.
1.5. SNMP enumeration for the ethical hacker consists of leveraging the weaknesses in the protocol to reveal user accounts and devices on a target running the protocol.
1.6. The following can be extracted through SNMP: - Network resources such as hosts, routers, and devices - File shares - ARP tables - Routing tables - Device-specific information - Traffic statistics
1.7. Commonly used SNMP enumeration tools include: - SNMPUtil - SolarWinds’ IP Network Browser
2. Null sessions
2.1. Basically a NULL session is something that occurs when a connection is made to a Windows system without credentials being provided.
2.2. Information that may be obtained during this process includes: - List of users and groups - List of machines - List of shares - Users and host SIDs
3. Types of scanning
3.1. a. Port scanning b. Network scanning c. Vulnerability scanning
3.1.1. Port scanning
3.1.1.1. The act of systematically scanning a computer's ports.
3.1.1.2. Port scanning is when you send carefully crafted messages or packets to a target computer with the intent of learning more about it.
3.1.1.3. Each of these has ports 0 through 65535 available so essentially there are more than 65,000 doors to lock.
3.1.1.4. Example: Nmap Online Port Scanner
3.1.2. Network scanning
3.1.2.1. Refers to the use of a computer network to gather information regarding computing systems.
3.1.2.2. Network scanning is mainly used for security assessment, system maintenance, and also for performing attacks by hackers.
3.1.2.3. Example tools: Nessus, Nmap, OpenVas
3.1.3. Vulnerability Scan
3.1.3.1. A vulnerability scan is used to identify weaknesses or vulnerabilities on a target system.
3.1.3.2. Scanning methodology: a. Checkingfor live system b. Checking for open ports c. Service identification d. Banner grabbing/OS fingerprinting e. Vulnerability scanning f. Draw network diagrams of vulnerable hosts g. Prepare proxies h. Attack
3.1.3.2.1. a. Checking for live system
3.1.3.2.2. b. Checking for Open Ports
3.1.3.2.3. c. Service identification
3.1.3.2.4. d. Banner grabbing
3.1.3.2.5. e. Vulnerability scanning
3.1.3.2.6. f. Draw network diagrams of vulnerable hosts
3.1.3.2.7. g. Prepare proxies
3.1.3.2.8. h. Attack
4. Enumeration
4.1. The process of extracting information from a target system in an organized and methodical manner.
4.2. Able to extract information such as: Usernames, machine names, shares, and services from a system as well as other information depending on the operating environment.
4.3. Information to be collected during the enumeration:
4.3.1. - Username, group names
4.3.2. -Hostnames
4.3.3. - Network shares and services
4.3.4. - IP tables and routing tables
4.3.5. - Service settings and Audit configurations
4.3.6. - Application and banners
4.3.7. - SNMP and DNS Details