Account Enumeration
Results 1 to 9 of 9

Thread: Account Enumeration

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    356

    Account Enumeration

    Here is an easy one for you guys. A few months ago I had this small utility. It was a small .exe file, and I believe the file name started with a "n" (not sure). It was able to connect to a remote IP address and list the accounts and shares on the machine if anonymous permission for account enumeration is enabled. For the life of me I cannot remember what this handy security testing tool is named. I've installed various patches and updates to my servers since I last did a security test, and would really like to find this utility again.

    If anyone knows what this utility's name is, or even better know where I can download it at, please let me know. If you don't want to reply to the thread for obvious reasons, you can PM it to me. Thanks in advance!

    While on this topic, I remember when I first found out that the account and shared information is available to the world by default, I was shocked. In the past I have edited my security policy to not allow account enumeration without permission. Does anyone know if there are other ways a cracker could get that account and share information so easily? I trust that editing that rule in the security policy will stop that, but are there other security policies that are enabled by default that definitely should be disabled?

    Another thing is Netbios over TCP/IP. Unfortunately I need this enabled because I have computers on seperate networks that need remote access to the shares. I have a hardware firewall, but it randomly decides not to do it's job. So unfortunately it seems anyone can connect remotely. But as far as I know they need a user name and password to get in. They can't get a user name by account enumeration anymore, but are there other vulnerabilities they can use to make a brute force method easier?

    Sorry for all the questions. I just want to make my windows 2000 network as secure as possible. A project in itself. haha... Thanks!
    An Ounce of Prevention is Worth a Pound of Cure...
     

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    enum

    Make sure you block tcp/139 tcp/445 at all ingress/egress points to your network and you will be largely protected from the internet (at least until one of your users catches worms). You should be able to set your policy up to where a user can not create a share, I can look up how to do it if you need, but it is not normally something I have to mess with, I just yell at the NT admins to do it

    Make sure you have null logon/anonymous login turned off. Check out my tut on hardening Win2k, it does have how to turn off anonymous login...

    I will post the link as soon as I find it...

    http://www.antionline.com/showthread...hreadid=234577

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    Ah, thanks for your response. I just found a whole bunch of NT type enumerations tools at:
    http://www.cotse.com/tools/netbios.htm

    I definitely will check out your tut. Thanks.
    An Ounce of Prevention is Worth a Pound of Cure...
     

  4. #4
    Banned
    Join Date
    May 2003
    Posts
    31

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Dumpsec from Somarsoft.
    It can be found under the Free Tools here:
    http://www.systemtools.com/somarsoft/

    Edit: I think I found your tool. It's called NAT which is short for Netbios Auditting Tool.
    I found one here:
    http://www.tux.org/pub/security/secnet/tools/nat10/

    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    I know that some options have already been listed, but I'll throw in my suggestion too. I use nbtdump.exe, it's a command line util that will do the job and output the results to an HTML file. Works quite well...
    - Maverick

  7. #7

    nbtenum.exe

    Did the tool you use make HTML reports of what it found? IF so, then you were using my favorite, NBTENUM v3. The web site for it is no longer up, but you can find NBTENUM.EXE on Packetstorm.

  8. #8
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852

    Re: nbtenum.exe

    Originally posted here by omalakai
    Did the tool you use make HTML reports of what it found? IF so, then you were using my favorite, NBTENUM v3. The web site for it is no longer up, but you can find NBTENUM.EXE on Packetstorm.


    Well, as I stated it did output to an HTML file, but the name was not NBTENUM.EXE - it was NBTDUMP.EXE, and can be found here:

    http://www.cerberus-infosec.co.uk/toolsn.shtml

  9. #9
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    Account enumeration is quite simple and very effective

    1. Remember before running any tool u need top create a null session
    net use \\<ip> "" /user:""
    2. Use a tool like
    (i) Dumpsec from Somarsoft
    (ii)UserInfo,GetUser at www.hammerofgod.com
    (iii)GetAcct from www.securityfriday.com

    warl0ck7
    .::No Remorse::.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •