network hacking L4

Questions and Answers

What is the primary function of the NetBIOS Enumerator tool?

• To enumerate SMB shares on a network
• To use Nmap Scripting Engine to discover NetBIOS shares
• To explore and scan networks to identify security vulnerabilities (correct)
• To scan for SNMP enabled network devices

Which Nmap script is used to enumerate SMB shares on a network?

• smb-enum-shares.nse (correct)
• snmp-enum.nse
• nbstat.nse
• netbios-enum.nse

What is the primary function of SNMP?

• To explore and scan networks to identify security vulnerabilities
• To enumerate SMB shares on a network
• To monitor, diagnose and troubleshoot security issues (correct)
• To scan for SNMP enabled network devices

What is the default port used by SNMP?

UDP 161 (A)

What is the name of the software component of a managed system in SNMP?

Agent (D)

What is the notation used to store information in SNMP MIBs?

ASN.1 (C)

What is the purpose of OID in SNMP?

To identify nodes or data elements (A)

How many versions of SNMP are there?

3 (v1, v2c, and v3) (D)

What is the purpose of nmblookup?

To use node status and broadcast (D)

What is the purpose of NetBIOS Enumerator?

To explore and scan networks to identify security vulnerabilities (A)

Study Notes

Network Hacking (Enumeration)

• Enumeration is the process of identifying active services on a target system to discover potential attack surfaces or vectors.
• It involves gathering information about:
  • Username and groups
  • Hostname
  • Running services
  • Application banners
  • etc.

Service Enumeration

• Service enumeration is used to determine the services running on a target system.
• It involves extracting running service information using tools like nmap (e.g., nmap -sV [IP address]).
• The extracted information can be used to search for vulnerabilities and exploits in databases like Exploit-DB, VulDB, or through Google Search.

Service Enumeration Techniques

• RPC enumeration
• RMI enumeration
• SMB enumeration
• NetBIOS enumeration
• SNMP enumeration
• LDAP enumeration

Remote Procedure Calls (RPC)

• RPC is a service that allows remote systems to utilize resources across the network.
• It is used for sharing storage, printers, and other resources.
• Common implementation of RPC program calls is portmap or rpcbind.
• Portmapper assigns port numbers to services, and application programs use the port mapper to determine the assigned port.
• RPC enumeration can be performed using tools like Metasploit Sunrpc Scanner.

Remote Method Invocation (RMI)

• RMI is Remote Procedure Calls in Java.
• Portmapper of Java is rmiregistry.
• Programs running RMI will register with rmiregistry program.
• Any service can check rmiregistry for services.
• RMI enumeration can be performed using tools like Metasploit RMI Scanner.

Server Message Block (SMB)

• SMB is the most common implementation of RPC.
• It is used on Windows networks for file sharing, network management, system administration, and more.
• SMB is an application layer protocol that can be used with different protocols at lower OSI layers.
• It can be used over TCP on port 445, over NetBIOS on UDP 137 and 138, or over NetBIOS on TCP 137 and 139.
• Authentication is not always necessary, and support for null authentication is available.
• SMB enumeration can be performed using tools like Windows built-in tool nbtstat, Kali with Samba package install, and nmblookup.

NetBIOS

• NetBIOS is used for name resolution.
• NetBIOS enumeration can be performed using tools like Nmap, Nmap Scripting Engine (NSE), and NetBIOS Enumerator.

SNMP Enumeration

• SNMP is a protocol used for network management and monitoring.
• It is widely used in network management for network monitoring.
• SNMP uses UDP port 161 and 162.
• There are three versions: v1, v2c, and v3.
• Information is stored in management information bases (MIBs) using Abstract Syntax Notation One (ASN.1).
• Each node or data element gets an object identifier (OID).
• SNMP enumeration can be performed using tools like Nmap and SNMP Enumerator.