Professional Documents
Culture Documents
CIS 76 - Lesson 7: Rich's Lesson Module Checklist
CIS 76 - Lesson 7: Rich's Lesson Module Checklist
Flash cards
Properties
Page numbers
1st minute quiz
Web Calendar summary
Web book pages
Commands
1
CIS 76 - Lesson 7
Evading Network
TCP/IP
Devices
Cryptography Network and
Computer Attacks
Embedded Operating
Enumeration
Systems
Desktop and Server Scripting and
Vulnerabilities Programming
1. Browse to:
http://simms-teach.com
2. Click the CIS 76 link.
3. Click the Calendar link.
4. Locate today’s lesson.
5. Find the Presentation slides for
the lesson and download for
easier viewing.
6. Click the Enter virtual classroom
link to join CCC Confer.
7. Log into Opus with Putty or ssh
command.
4
CIS 76 - Lesson 7
3) Click OK button.
[ ] Is recording on?
Should change
Red dot means recording from phone
handset icon to
little Microphone
[ ] Use teleconferencing, not mic icon and the
Teleconferencing …
Should be grayed out message displayed
7
CIS 76 - Lesson 7
vSphere Client
putty
[ ] Video (webcam)
[ ] Make Video Follow Moderator Focus
9
CIS 76 - Lesson 7
Quite interesting
that they consider
you to be an
Elmo rotated down to view side table
"expert" in order to
use this button!
Rotate
image
button Elmo rotated up to view white board
Rotate
image
button
Control Panel (small icons) General Tab > Settings… 500MB cache size Delete these
11
CIS 76 - Lesson 7
Start
12
CIS 76 - Lesson 7
Sound Check
Students that dial-in should mute their
line using *6 to prevent unintended
noises distracting the web conference.
13
CIS 76 - Lesson 7
Dave R.
Email me (risimms@cabrillo.edu) a relatively current photo of your face for 3 points extra credit
CIS 76 - Lesson 7
Enumeration
Objectives Agenda
• Describe the enumeration step • Quiz
16
CIS 76 - Lesson 7
Admonition
17
Shared from cis76-newModules.pptx
CIS 76 - Lesson 7
Questions
19
CIS 76 - Lesson 7
Questions
How this course works?
Previous labs?
他問一個問題,五分鐘是個傻子,他不問一個問題仍然是一個
Chinese 傻瓜永遠。
Proverb He who asks a question is a fool for five minutes; he who does not ask a question
remains a fool forever.
20
CIS 76 - Lesson 7
In the
news
21
CIS 76 - Lesson 7
https://www.us-cert.gov/ncas/current-
activity/2016/10/11/Potential-Hurricane- 22
Matthew-Phishing-Scams
CIS 76 - Lesson 7
Recent news
23
CIS 76 - Lesson 7
Best
Practices
24
CIS 76 - Lesson 7
25
CIS 76 - Lesson 7
1) You
2) Passwords
3) Updates
4) Backups
http://securingthehuman.sans.org/newsletters/o
uch/issues/OUCH-201610_en.pdf
26
CIS 76 - Lesson 7
Housekeeping
28
CIS 76 - Lesson 7
29
CIS 76 - Lesson 7
Red Pod
Blue Pod
30
CIS 76 - Lesson 7
31
CIS 76 - Lesson 7
Send me an email
if you would like to
join one of the
teams
32
CIS 76 - Lesson 7
Enumeration
33
CIS 76 - Lesson 7
Phase 1 - Reconnaissance
Phase 2 - Scanning
http://www.techrepublic.com/blog/it-security/the-five-phases-of-a-successful-network-penetration/
34
CIS 76 - Lesson 7
Enumeration
35
CIS 76 - Lesson 7
NetBIOS
Enumeration
36
CIS 76 - Lesson 7
NetBIOS
37
CIS 76 - Lesson 7
Number
Name (HEX) Type Usage
<computername> 00 U Workstation Service NetBIOS Suffix Code Table
<computername> 01 U Messenger Service
<\\_MSBROWSE_> 01 G Master Browser
<computername> 03 U Messenger Service http://www.pyeung.com/pages/mi
<computername> 06 U RAS Server Service crosoft/winnt/netbioscodes.html
<computername> 1F U NetDDE Service
<computername> 20 U File Server Service
<computername> 21 U RAS Client Service
<computername> 22 U Exchange Interchange
<computername> 23 U Exchange Store
<computername> 24 U Exchange Directory
<computername> 30 U Modem Sharing Server Service
<computername> 31 U Modem Sharing Client Service
<computername> 43 U SMS Client Remote Control
<computername> 44 U SMS Admin Remote Control Tool
<computername> 45 U SMS Client Remote Chat
<computername> 46 U SMS Client Remote Transfer
<computername> 4C U DEC Pathworks TCPIP Service
<computername> 52 U DEC Pathworks TCPIP Service
<computername> 87 U Exchange MTA
<computername> 6A U Exchange IMC
<computername> BE U Network Monitor Agent
<computername> BF U Network Monitor Apps
<username> 03 U Messenger Service
<domain> 00 G Domain Name
<domain> 1B U Domain Master Browser
<domain> 1C G Domain Controllers
<domain> 1D U Master Browser
<domain> 1E G Browser Service Elections
<INet~Services> 1C G Internet Information Server 38
<IS~Computer_name> 00 U Internet Information Server
CIS 76 - Lesson 7
NetBIOS Enumeration
39
CIS 76 - Lesson 7
40
CIS 76 - Lesson 7
1. Run Wireshark on Kali and set the filter to "browser". It may take a minute
or two before you capture any packets.
3. In the center pane, look at the last layer named "Microsoft Windows
Browser Protocol" and expand it.
Is it considered a NT Workstation (bit set to 1)? Write your answer in the chat
window.
45
CIS 76 - Lesson 7
Various
Enumeration
Tools
Selected from EC-Council, NDG, NISGTC labs
and the textbook
47
CIS 76 - Lesson 7
Nmap and
Zenmap
48
CIS 76 - Lesson 7
https://nmap.org/ 49
CIS 76 - Lesson 7
https://en.wikipedia.org/wiki/Nmap 50
CIS 76 - Lesson 7
http://sectools.org/ 51
CIS 76 - Lesson 7
http://news.bbc.co.uk/2/hi/technology/3039329.stm
52
CIS 76 - Lesson 7
Nmap
Zenmap
53
CIS 76 - Lesson 7
-O detects OS
(operating system) -v is verbose
54
CIS 76 - Lesson 7
nmap -T3 -O -v 172.30.10.162,170,172
55
CIS 76 - Lesson 7
nmap -T3 -O -v 172.30.10.162,170,172
56
CIS 76 - Lesson 7
nmap -T3 -O -v 172.30.10.162,170,172
Show a network
topology map
Router
Switch
WAP
Firewall
https ://nmap.org/book/zenmap-
topology.html#zenmap-topology-legend
57
CIS 76 - Lesson 7
nmap -T3 -O -v 172.30.10.162,170,172
https ://nmap.org/book/zenmap-
topology.html#zenmap-topology-legend
58
CIS 76 - Lesson 7
59
Use the chat window to indicate you have installed it
CIS 76 - Lesson 7
Global Network
Inventory
61
CIS 76 - Lesson 7
http://www.magnetosoft.com/product/global_network_inventory/features 62
CIS 76 - Lesson 7
63
CIS 76 - Lesson 7
64
CIS 76 - Lesson 7
File shares
65
CIS 76 - Lesson 7
User logged in
66
CIS 76 - Lesson 7
67
Use the chat window to indicate you have installed it
CIS 76 - Lesson 7
10.76.xx.201
Find the BIOS name and version number of your EH-WinXP VM and write it in
the chat window (use the Generate Summary Report right-click option) 68
CIS 76 - Lesson 7
Remote
Desktop
Howto
69
CIS 76 - Lesson 7
whitehats\xxxxxx76
whitehats\xxxxxx76
Windows
nbtstat
net view
commands
72
CIS 76 - Lesson 7
Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP addresses to
computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh
73
CIS 76 - Lesson 7
77
CIS 76 - Lesson 7
From EH-WS2008-Std
From pod EH-WinXP VM
Logged in as whitehats\simben76
Logged in as cis76 student
via remote desktop
78
CIS 76 - Lesson 7
From EH-WS2008-Std
From pod EH-WinXP VM
Logged in as whitehats\simben76
Logged in as cis76 student
via remote desktop
79
CIS 76 - Lesson 7
80
CIS 76 - Lesson 7
81
CIS 76 - Lesson 7
2. Log in as whitehats\xxxxxx76
(where xxxxxx76 is your Opus username with your original Opus password)
4. Look for a system whose name ends with "-ENT" and get its MAC address
nbtstat -a eh-??????-ent
What is the name of this system and its MAC address? Write your answer in the
chat window.
82
CIS 76 - Lesson 7
SuperScan
83
CIS 76 - Lesson 7
SuperScan
http://www.mcafee.com/us/downloads/free-tools/superscan.aspx 84
CIS 76 - Lesson 7
SuperScan
https://en.wikipedia.org/wiki/Superscan 85
CIS 76 - Lesson 7
http://www.mcafee.com/us/downloads/free-tools/superscan.aspx 86
CIS 76 - Lesson 7
87
Use the chat window to indicate you have installed it
CIS 76 - Lesson 7
Enumerate 172.30.10.171
5. Click Options button and enter your "Opus" username, original "Opus"
password, and whitehats as the domain. Click OK to accept.
Look at the local user accounts on this system. Between Hillary and Donald,
who logged in last? Write your answer in the chat window.
88
CIS 76 - Lesson 7
Hyena
89
CIS 76 - Lesson 7
Hyena
http://www.systemtools.com/hyena/
90
CIS 76 - Lesson 7
Hyena
http://www.systemtools.com/index.html
91
CIS 76 - Lesson 7
Hyena
92
CIS 76 - Lesson 7
Hyena
Hyena
2. Log in as whitehats\xxxxxx76
(where xxxxxx76 is your Opus username with your original Opus password)
3. Run hyena
4. Expand WHITEHATS.
7. Expand Groups.
Besides the Domain Users group, what other groups do you belong to?
Write your answer in the chat window.
94
CIS 76 - Lesson 7
enum4linux
95
CIS 76 - Lesson 7
enum4linux
https://labs.portcullis.co.uk/tools/enum4linux/ 96
CIS 76 - Lesson 7
enum4linux
enum4linux -a -u cis76 -p xxxxxx 172.30.10.174
https://labs.portcullis.co.uk/tools/enum4linux/ 97
CIS 76 - Lesson 7
enum4Linux
2. Bring up a terminal.
98
CIS 76 - Lesson 7
Textbook likes
the finger
command
99
CIS 76 - Lesson 7
100
CIS 76 - Lesson 7
Assignment
101
CIS 76 - Lesson 7
Lab 6 due
next week
102
CIS 76 - Lesson 7
Wrap up
104
CIS 76 - Lesson 7
Next Class
Assignment: Check the Calendar Page on the web site to
see what is due next week.
105
CIS 76 - Lesson 7
Backup
106