Electronic Books

Basically the application is a front-end
application for the NetUserGetInfo API windows call. Do not forget to
establish a NULL session first.
Procedure:
Establish a NULL session (refer to Lab 8). Open the DUMPSEC
application; enter target information, the dump user information, and
then read the results given.
Open the DUMPSEC application from the directory containing the executable.
This is the initial screen when DUMPSEC is started. There is not much
here, yet. From
Report,
Select Computer
, enter the target IP address and
click
OK
.
Target Enumeration


99
The
Dump Users as Table
screen appears.
From
Report
, select
Dump User as Column. Click Add until all items
on the left are now on the right on the screen.
100
Practical Hacking Techniques and Countermeasures
Click OK.
The results from the target will appear in the main window.
Scrolling to the right will display the rest of the enumerated information.
*Note: Extra attention should be given to the ???notes??? section of the results as many
Administrators place sensitive information in that block, including passwords.
Target Enumeration
101
The DUMPSEC application may also be run from the DOS command line
with the following syntax:
dumpsec /computer=\\Target IP Address /options
In this example, the DUMPSEC application will retrieve much of the same
information as the Graphical Interface User (GUI) interface does but retrieve
the results in comma-delimited format in a text file with the name of users.


Pages:
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64