|
-
June 12th, 2003, 02:29 PM
#1
Account Enumeration
Here is an easy one for you guys. A few months ago I had this small utility. It was a small .exe file, and I believe the file name started with a "n" (not sure). It was able to connect to a remote IP address and list the accounts and shares on the machine if anonymous permission for account enumeration is enabled. For the life of me I cannot remember what this handy security testing tool is named. I've installed various patches and updates to my servers since I last did a security test, and would really like to find this utility again.
If anyone knows what this utility's name is, or even better know where I can download it at, please let me know. If you don't want to reply to the thread for obvious reasons, you can PM it to me. Thanks in advance!
While on this topic, I remember when I first found out that the account and shared information is available to the world by default, I was shocked. In the past I have edited my security policy to not allow account enumeration without permission. Does anyone know if there are other ways a cracker could get that account and share information so easily? I trust that editing that rule in the security policy will stop that, but are there other security policies that are enabled by default that definitely should be disabled?
Another thing is Netbios over TCP/IP. Unfortunately I need this enabled because I have computers on seperate networks that need remote access to the shares. I have a hardware firewall, but it randomly decides not to do it's job. So unfortunately it seems anyone can connect remotely. But as far as I know they need a user name and password to get in. They can't get a user name by account enumeration anymore, but are there other vulnerabilities they can use to make a brute force method easier?
Sorry for all the questions. I just want to make my windows 2000 network as secure as possible. A project in itself. haha... Thanks!
An Ounce of Prevention is Worth a Pound of Cure...
 
-
June 12th, 2003, 03:14 PM
#2
enum
Make sure you block tcp/139 tcp/445 at all ingress/egress points to your network and you will be largely protected from the internet (at least until one of your users catches worms). You should be able to set your policy up to where a user can not create a share, I can look up how to do it if you need, but it is not normally something I have to mess with, I just yell at the NT admins to do it 
Make sure you have null logon/anonymous login turned off. Check out my tut on hardening Win2k, it does have how to turn off anonymous login...
I will post the link as soon as I find it...
http://www.antionline.com/showthread...hreadid=234577
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
June 12th, 2003, 03:17 PM
#3
Ah, thanks for your response. I just found a whole bunch of NT type enumerations tools at:
http://www.cotse.com/tools/netbios.htm
I definitely will check out your tut. Thanks.
An Ounce of Prevention is Worth a Pound of Cure...
-
June 12th, 2003, 03:33 PM
#4
-
June 12th, 2003, 04:00 PM
#5
Dumpsec from Somarsoft.
It can be found under the Free Tools here:
http://www.systemtools.com/somarsoft/
Edit: I think I found your tool. It's called NAT which is short for Netbios Auditting Tool.
I found one here:
http://www.tux.org/pub/security/secnet/tools/nat10/
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 12th, 2003, 05:09 PM
#6
I know that some options have already been listed, but I'll throw in my suggestion too. I use nbtdump.exe, it's a command line util that will do the job and output the results to an HTML file. Works quite well...
-
June 12th, 2003, 05:34 PM
#7
Member
nbtenum.exe
Did the tool you use make HTML reports of what it found? IF so, then you were using my favorite, NBTENUM v3. The web site for it is no longer up, but you can find NBTENUM.EXE on Packetstorm.
-
June 12th, 2003, 07:17 PM
#8
Re: nbtenum.exe
Originally posted here by omalakai
Did the tool you use make HTML reports of what it found? IF so, then you were using my favorite, NBTENUM v3. The web site for it is no longer up, but you can find NBTENUM.EXE on Packetstorm.
Well, as I stated it did output to an HTML file, but the name was not NBTENUM.EXE - it was NBTDUMP.EXE, and can be found here:
http://www.cerberus-infosec.co.uk/toolsn.shtml
-
June 14th, 2003, 07:04 PM
#9
Account enumeration is quite simple and very effective
1. Remember before running any tool u need top create a null session
net use \\<ip> "" /user:""
2. Use a tool like
(i) Dumpsec from Somarsoft
(ii)UserInfo,GetUser at www.hammerofgod.com
(iii)GetAcct from www.securityfriday.com
warl0ck7
.::No Remorse::.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
