Electronic Books

Another social engineering attack that also proves to be very successful is
when an attacker dresses in the uniform of those personnel considered
???honest??? and ???important??? or even ???expensive.??? For example; an attacker
purchases/steals the uniform of a carrier, telephone, or gas or electric
employee and appears carrying boxes and/or clipboards, pens, tools,
etc. and perhaps even an ???official-looking??? identification badge or a
dolly carrying ???equipment.??? These attackers generally have unchallenged
access throughout the building as employees tend to see
???through??? these types of people. When is the last time you challenged
one of these personnel to verify their credentials?
This attack is very risky as the attacker can now be personally identified
should he or she get caught.
Again, this attack is normally very successful so bear this in mind.
Chapter 3
Target Enumeration
Target Enumeration


89
Lab 8: Establish a NULL Session
Establish a NULL Session: NULL Session
Prerequisites:
Transfer Control Protocol (TCP) 139, IPX, or NetBEUI
Countermeasures:
Secure access control lists (ACLs), Restrict Anonymous,
host-based firewalls
Description:
The NULL session is used on Windows computers via the
Inter-Communication Process (IPC$) to allow the viewing of shared
resources. This connection is made without a username or password.
An attacker will use the NULL session to his or her advantage to enumerate
user information from the target.


Pages:
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58