enumeration on wink2003

I am aware that enumeration doesn't work on wink2k3...

Is there any new version or technique that produces similar results?

Find more posts tagged with

Comments

sprkymrk

There are many kinds of enumeration. What, specifically, are you referring to? And if you are talking about things like anonymous enumeration of certain registry keys, drives, use names, groups, named pipes, etc., you can control/lockdown those settings on W2K and XP through the Local Security Policy. It's just the default state is more secure in W2K3.

liven

Sorry that was a poorly worded question.

Just looking for some default tools for enumeration to use on win2k3.

If anyone has any ideas/examples please share.

keatron

Most tools you need for this are included in Windows. You simply perform a netbios null session connection for example the command net use \\Target IP\IPC$ "" /u"" gives you the null connection, then use command line tools to list user accounts, permissions, policies etc. You can use the net view commands, to see most information. One key to enummeration, and hacking in general is knowing the system you're trying to hack. If you don't know the Windows command line very well, then get the Microsoft Press book Windows Command Line guide (or something like that). If you want to make it easy (and be noisy), do a null session connection, then get a tool like dumpsec. And run it against the target AFTER you've performed the null session connection. And be amazed.

Keep in mind, null sessions only work against Windows 2003 servers that are domain controllers.

Some countermeasures are as follows;

Since Null sessions require access to TCP ports 139 and/or 445, You can filter or block certain kinds of access across these ports (if you have host based application level firewall capabilities, and I'm not talking Windows Firewall either).

Unbind the WINS from the NIC (if you don't need it).

Restrict anonymous user access by adding the following registry key(no disabling the anonymous account is not the same thing).
Go to HKLM\SYSTEM\CurrentControlSet\LSA, choose edit from the drop down menu, then select add value. Add the value Restrict Anonymous, make the Data Type REG_WORD, and make the value 2.

Keatron.