Palafito - Desarrollo de las piezas musicales

IV. DESARROLLO

4. D ESARROLLO Y ANÁLISIS DEL PRODUCTO ARTÍSTICO

4.3. Desarrollo de las piezas musicales

4.3.4. Palafito

Winfingerprint, seen in Figure 4-28, is a GUI-based tool that can scan a single host or provide a continuous network block. The information desired, from a port scan to Active Directory information, is selected from any of the multiple checkboxes on the interface. Winfingerprint can determine, along with some detail, the type of server and its operating system.

It identifies the primary domain controllers (PDCs), backup domain controllers (BDCs), and any domain to which the computer belongs. Winfingerprint lists each user’s system ID. This helps in identifying the administra-tor. The session feature in the utility lists the NetBIOS names of other systems that are connected to the target.

The utility also gives a complete picture of the programs that are installed and are active.

NBTscan

NBTscan, seen in Figure 4-29, scans IP networks for Microsoft Windows NetBIOS name information. It sends NetBIOS status queries to all hosts specified in the range to check and outputs the information directly to screen.

For each responded host, it lists the following:

• IP addresses

• NetBIOS computer names

• Logged-in usernames

• MAC addresses

Figure 4-28 Winfingerprint can determine a network’s operating system.

NetViewX

NetViewX, seen in Figure 4-30, is a tool used to list the servers in a domain or workgroup. It is able to list only servers with specific services. It uses a list format that is easily parsable.

FreeNetEnumerator

FreeNetEnumerator, seen in Figure 4-31, is a tool used to enumerate computers in a domain. Depending on enu-meration parameters, the tool can work in different ways. It can enumerate using the following parameters:

• All computers (if the “All Computers” option is selected)

• All SQL servers only (if “Microsoft SQL Servers” option is selected)

• All primary domain controllers only (if “Primary domain controllers” option is selected)

• Backup domain controllers only (if “Backup domain controllers” option is selected)

TXDNS

TXDNS is a multithreaded DNS digger that can expose a domain namespace through typos, TLD rotations, dictionary attacks, and brute force attacks.

TXDNS performs the following functions:

• Queries only for a given Resource Record type: A, CNAME, HINFO, NS, TXT, and SOA

• Nonrecursive queries

• Queries against a given DNS server

Figure 4-29 NBTscan scans IP networks for NetBIOS information.

Tools 4-37

Figure 4-30 NetViewX lists the servers in a domain or workgroup.

Figure 4-31 FreeNetEnumerator enumerates computers within a domain.

• Custom module support

• Customized data-set views

Amap

Amap allows users to identify applications that are running on a specific port. Amap connects to the ports, sends trigger packets, compares the response to a list, and prints out any matches.

Netenum

Netenum, seen in Figure 4-33, comes as a part of the IRPAS suite of tools. It can be used to produce a list of hosts for other programs. It uses ICMP echo requests to find available hosts. It prints an IP address per line. If no timeout is given, the tool can be used in shell scripts.

IP-Tools

IP-Tools, seen in Figure 4-34, is a set of 19 network utilities that offers various network administration and monitoring services. IP-Tools includes the following utilities:

• Local info: The local info utility checks the local host for details such as the processor, memory, Winsock data, network interfaces, IP (TCP, UDP, ICMP) statistics, modems, and routing table.

Figure 4-32 Unicornscan is an information gathering and correlating engine.

Tools 4-39

Figure 4-33 Netenum can produce a list of hosts for other programs.

Figure 4-34 IP-Tools is a set of network management utilities.

• Connections monitor: The utility displays all open connections on the local host. The details include the protocol, local IP address, local port, remote IP address, remote port, the status of each connection, and PID (process identification) of the process that is using the TCP/UDP port.

• NetBIOS scanner: The NetBIOS utility displays NetBIOS information about the network interfaces. It takes the IP address or host name. The tool displays information about network interfaces, such as the MAC address for computers on the LAN, and table of names.

• UDP scanner: The UDP scanning utility allows scanning of UDP-based services such as TFTP, SNTP, daytime, DNS, and so on, given a range or list of IP addresses.

• Ping scanner: The ping scanning utility sends ICMP ping requests to the remote computer(s) and listens for echo reply packets. A successful test reports the time it took for the machine to answer.

• Trace lookup: This utility traces the route to the remote host over the network. The packets sent across the network can be viewed. The time taken and the number of hops are reported. The number of packets sent, the TTL, and the maximum number of hops can all be set before running the scan. Trace the route to a remote host over the network.

• Lookup: The NS lookup utility makes use of the Windows API and the default DNS server to identify domain names based on the IP address or an IP address from its domain name. It displays the host name and the IP address.

• Finger: The finger utility displays details of user(s) on a specified host running the finger service. The report of the finger utility depends on the server’s configuration and consists of user account details, the home directory, login time, the last time mail was received, and the last time mail was read.

• WhoIs: The WhoIs utility retrieves details of the Internet host or domain from the NIC (Network Information Center). The utility reports details about the domain name owner, and administrative and technical contacts.

• Telnet client: The telnet client utility allows the user to telnet to a remote computer. It allows the user to provide input at the server control level, which enables direct control of the server.

• HTTP client: The HTTP client utility can send HTTP requests and verify responses from HTTP serv-ers. This utility performs the following functions:

• Displays HTTP header information

• Allows changing of parameters

• Allows capturing of the text portion of the Web page without accepting cookies

• IP-Monitor: The IP-Monitor utility displays real-time graphs of the number of input, output, and error packets for TCP, UDP, and ICMP.

• Host monitor: The host monitor utility tracks the up/down status of a given host. It sends ICMP echo packets (pings) to a remote host and listens for echo reply packets to verify the status of remote computers and other network devices.

• SNMP trap watcher: The SNMP trap watcher utility displays data about traps and saves that data to log files.

Review Questions 4-41

Chapter Summary

■ Enumeration involves active connections to systems and directed queries.

■ The type of information enumerated by intruders includes network resources and shares, users, groups, applications, and banners.

■ Hackers often use null sessions to connect to target systems.

■ Attackers can perform SNMP enumeration on a Windows system by using Snmputil.

■ Tools such as User2sid and Sid2user can be used to identify vulnerable user accounts.

Review Questions

1. What is a NetBIOS null session?

___________________________________________________________________________________________

2. What is a management information base (MIB)?

___________________________________________________________________________________________

3. What are three countermeasures against SNMP enumeration?

___________________________________________________________________________________________

4. List the basic steps needed to perform an enumeration.

___________________________________________________________________________________________

8. How can the Snmpwalk tool be used in an enumeration attempt?

___________________________________________________________________________________________

9. Describe the role of SNMP agents in enumeration.

___________________________________________________________________________________________

10. What is an access token?

___________________________________________________________________________________________

Hands-On Projects

1. Use GetAcct to enumerate users.

■ Navigate to Chapter 4 of the Student Resource Center.

■ Browse the getacct directory.

■ Install and launch GetAcct.exe.

■ Type the IP address of the victim computer and click the Get Account button (Figure 4-35).

2. Use SuperScan to enumerate users.

■ Navigate to Chapter 4 of the Student Resource Center.

■ Browse the SuperScan 4 directory.

■ Install and launch SuperScan 4.

■ Click the Windows Enumeration tab.

■ Type the IP address of the victim’s server and click the Enumerate button.

■ Analyze the results (Figure 4-36).

Hands-On Projects 4-43

Figure 4-35 Use GetAcct to enumerate users.

Figure 4-36 Use SuperScan 4 to enumerate users.

Figure 4-37 Launch the FreeNetEnumerator program.

■ To enumerate all computers, select the All Computers checkbox.

■ Click the Enumerate button to retrieve details of all computers available in the network (Figure 4-38).

Figure 4-38 Clicking the Enumerate button allows the user to retrieve information about computers on a network.

Hands-On Projects 4-45

■ Explore other options of the tool (Figure 4-39)

Figure 4-39 FreeNetEnumerator displays the results of enumerating all the computers.

5-1

Objectives

After completing this chapter, you should be able to:

• Understand how to crack passwords

• Identify various password cracking tools

• Implement countermeasures for password cracking

• Understand escalating privileges

• Execute applications remotely

• Understand keyloggers and spyware

• Implement spyware and keylogger countermeasures

• Hide files

• Understand rootkits

• Understand steganography

• Understand how to cover tracks

Key Terms

Internet Protocol Security (IPSec) a framework of Open Standard protocols that allow for secure communication by authenticating and encrypting each IP packet in a communications stream

Kerberos a network authentication system used by Microsoft to allow individuals

communicating over a nonsecure network to prove their identity to one another in a secure manner by logging on to the system only one time and then using a ticket system to access resources and applications

LAN Manager hash (LM hash) a legacy method used by Microsoft Windows to store passwords of less than 15 characters in two five-character hashes; it is considered very insecure

NT hash a more secure Microsoft method of storing passwords as a single at-least-14-character hash using MD4; the longer the character string, the more difficult it is to crack the hashed password

In document EL CURRULAO: UNA PROPUESTA DE EXPLORACIÓN, INTERPRETACIÓN Y CREACIÓN, A TRAVÉS DE LA BATERÍA Y LA GUITARRA ELÉCTRICA (página 109-0)