Electronic Books

Many enumeration labs are
more successful when establishing a NULL session.
Procedure:
From an operating system (OS) prompt enter the following
syntax:
net use \\Target IP Address\IPC$ ""/u:""
When successful, the result will show
The command completed successfully
.
Note that this is
not
logged in the System Event Log!
*Note:
As long as the target computer has not restricted NULL sessions (see the
???Restrict Anonymous??? section in Chapter 1) and a firewall is not used to
identify attempts to connect or deny connections to port 139 or 445, this
technique works. Again, remember that this connection is
not
logged in the
System Event Log.
90


Practical Hacking Techniques and Countermeasures
Lab 9: Enumerate Target MAC Address
Enumerate MAC Address and Total NICs: GETMAC
Prerequisites:
NULL Session
Countermeasures:
Restrict Anonymous, host-based firewalls
Description:
The GETMAC application is used to identify the Media
Access Control (MAC) address assigned to each network card (NIC) of
the target. Another feature of the GETMAC application will identify the
total number of NICs in the target.
Procedure:
Establish NULL session (refer to Lab 8). Then from a DOS
prompt, type the following with the syntax of:
getmac IP Address
In this example, the target MAC addresses have been identified as well as
the total number of NICs. In this case, two NICs have been identified.
In this case, the target has the following MAC addresses for each identified
NIC:
NIC 1: 00-0C-29-A3-E4-40
NIC 2: 24-C8-20-52-41-53
Target Enumeration


91
Lab 10: Enumerate SID from User ID
Enumerate the SID from the Username: USER2SID
Prerequisites:
NULL Session
Countermeasures:
Restrict Anonymous, host-based firewalls
Description:
Every account on a Windows computer has a Security Identifier
(SID).


Pages:
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59