Electronic Books

Target Enumeration


95
Now when the SID2USER application is run against the target:
From the example:


The renamed Administrator account of Kermit has been identified by
the RID of 500. Remember that the RID for the real Administrator account
will always be 500 regardless of what the account is renamed to.


As before, the target resides in the WIN2000S-V domain.
*Note:
Knowing the username is half the battle to cracking an account. An attacker
can now inject the username of Kermit into a brute-force password-cracking
program until the correct password is identified.
96


Practical Hacking Techniques and Countermeasures
Lab 12: Enumerate User Information
Enumerate User Information from Target: USERDUMP
Prerequisites:
NULL Session
Countermeasures:
Restrict Anonymous, host-based firewalls
Description:
The USERDUMP application is designed to gather user information
from the target. Some of the information enumerated is the user
RID, privileges, login times, login dates, account expiration date, network
storage limitations, login hours, and much more.
Procedure:
Establish a NULL session (refer to Lab 8). From a DOS prompt
type the following syntax:
userdump \\Target IP Address Target Username
The results reveal the following username Administrator details:


The User ID is 500. (This tells us that this is indeed the real Administrator account.)


The user??™s password never expires.


The Administrator last logged in at 12:44 a.


Pages:
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62