Electronic Books

Procedure:
From the LANguard application, enter the target IP address,
hostname, or IP range and scan.
Enter the Target IP address or hostname as the target.
In this example, the LANguard application has revealed:


The target??™s Media Access Control (MAC) address


Currently logged-in user


Shared resources


Users


Installed network cards


Several other pieces of valuable information
152


Practical Hacking Techniques and Countermeasures
Because of the canned scripts included with LANguard, several vulnerabilities
were found including the Internet Information Service (IIS) directory transversal,
which allows an attacker to browse the contents of the target and gain other
information. Many, if not all, of these weaknesses can be prevented if the target
had received its service packs and Windows updates.
As a side note notice the Remote Time of Day service is running on the
target. This allows an attacker to initiate a DoS attack against the target at will.
The Remote Time of Day service is an example of a service that should not
be turned on unless there is a very specific reason to do so, and even then
should be protected by firewalls and/or routers.
*Note:
As with any application be aware of your environment prior to and after
installing it. One of LANguard??™s features is to perform a remote shutdown of
the target. Initially this feature did not work on a Windows computer with
Service Pack 1 installed on it; however, once Service Pack 2 was installed
that same computer could be shut down without notice or warning.


Pages:
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82