Question

(35 pts) Analyze the output from the tool Enum4Linux [See Appendix B]. List: Hostname & IP...

  1. (35 pts) Analyze the output from the tool Enum4Linux [See Appendix B]. List:
    1. Hostname & IP address
    2. Domain/Workgroup Name
    3. All users found
      1. Is there any interesting info for any of the users? If so, how can this be used?
    4. Is Password Complexity enabled?
    5. What shares are available on this system?

Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Fri Sep 25 17:51:22 2020

==========================

|    Target Information    |

==========================

Target ........... 192.168.1.102

RID Range ........ 500-550,1000-1050

Username ......... ''

Password ......... ''

Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none

====================================================

|    Enumerating Workgroup/Domain on 192.168.1.102    |

====================================================

[E] Can't find workgroup/domain

===========================================

|    Getting domain SID for 192.168.1.102    |

===========================================

Domain Name: MEGABANK

Domain Sid: S-1-5-21-1392959593-3013219662-3596683436

[+] Host is part of a domain (not a workgroup)

=============================

|    Users on 192.168.1.102    |

=============================

index: 0xfbc RID: 0x1f4 acb: 0x00000210 Account: Administrator Name: (null)             Desc: Built-in account for administering the computer/domain

index: 0x10b4 RID: 0x19ce acb: 0x00000010 Account: angela        Name: (null)             Desc: (null)

index: 0x10bf RID: 0x19d9 acb: 0x00000010 Account: claude        Name: (null)             Desc: (null)

index: 0xfbe RID: 0x1f7 acb: 0x00000215 Account: DefaultAccount Name: (null)             Desc: A user account managed by the system.

index: 0x10b5 RID: 0x19cf acb: 0x00000010 Account: felicia         Name: (null)             Desc: (null)

index: 0x10b3 RID: 0x19cd acb: 0x00000010 Account: fred           Name: (null)             Desc: (null)

index: 0xfbd RID: 0x1f5 acb: 0x00000215 Account: Guest             Name: (null)             Desc: Built-in account for guest access to the computer/domain

index: 0x10b6 RID: 0x19d0 acb: 0x00000010 Account: gustavo     Name: (null)             Desc: (null)

index: 0xff4 RID: 0x1f6 acb: 0x00000011 Account: krbtgt              Name: (null)             Desc: Key Distribution Center Service Account

index: 0x10b1 RID: 0x19cb acb: 0x00000010 Account: marcus       Name: (null)             Desc: (null)

index: 0x10a9 RID: 0x457 acb: 0x00000210 Account: marko          Name: Marko Novak Desc: Account created. Password set to Welcome123!

index: 0x10ba RID: 0x19d4 acb: 0x00000010 Account: paulo         Name: (null)             Desc: (null)

index: 0x10be RID: 0x19d8 acb: 0x00000010 Account: per            Name: (null)             Desc: (null)

index: 0x10a3 RID: 0x451 acb: 0x00000210 Account: ryan            Name: Ryan Bertrand Desc: (null)

index: 0x10c1 RID: 0x2776 acb: 0x00000010 Account: zach           Name: (null)             Desc: (null)

=========================================

|    Share Enumeration on 192.168.1.102   |

=========================================

    Sharename       Type      Comment

    ---------       ----      -------

    print$          Disk      Printer Drivers

    tmp             Disk      oh noes!

    opt             Disk

    IPC$            IPC       IPC Service (metasploitable server (Samba 3.0.20-Debian))

    ADMIN$          IPC       IPC Service (metasploitable server (Samba 3.0.20-Debian))

Reconnecting with SMB1 for workgroup listing.

    Server               Comment

    ---------            -------

    Workgroup            Master

    ---------            -------

    MEGABANK            MEGABANK

[+] Attempting to map shares on 192.168.1.102

//192.168.1.102/print$ Mapping: DENIED, Listing: N/A

//192.168.1.102/tmp    Mapping: OK, Listing: OK

//192.168.1.102/opt    Mapping: DENIED, Listing: N/A

//192.168.1.102/IPC$   [E] Can't understand response:

NT_STATUS_NETWORK_ACCESS_DENIED listing \*

//192.168.1.102/ADMIN$ Mapping: DENIED, Listing: N/A

====================================================

|    Password Policy Information for 192.168.1.102    |

====================================================

[+] Attaching to 192.168.1.102 using a NULL share

[+] Trying protocol 445/SMB...

[+] Found domain(s):

                [+] MEGABANK

                [+] Builtin

[+] Password Info for Domain: MEGABANK

                [+] Minimum password length: 7

                [+] Password history length: 24

                [+] Maximum password age: Not Set

                [+] Password Complexity Flags: 000000

                                [+] Domain Refuse Password Change: 0

                                [+] Domain Password Store Cleartext: 0

                                [+] Domain Password Lockout Admins: 0

                                [+] Domain Password No Clear Change: 0

                                [+] Domain Password No Anon Change: 0

                                [+] Domain Password Complex: 0

                [+] Minimum password age: 1 day 4 minutes

                [+] Reset Account Lockout Counter: 30 minutes

                [+] Locked Account Duration: 30 minutes

                [+] Account Lockout Threshold: None

                [+] Forced Log off Time: Not Set

[+] Retieved partial password policy with rpcclient:

Password Complexity: Disabled

Minimum Password Length: 7

==============================

|    Groups on 192.168.1.102    |

==============================

=======================================================================

|    Users on 192.168.1.102 via RID cycling (RIDS: 500-550,1000-1050)    |

=======================================================================

[E] Couldn't get SID: NT_STATUS_ACCESS_DENIED. RID cycling not possible.

=============================================

|    Getting printer info for 192.168.1.102    |

=============================================

Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED

Homework Answers

Answer #1

a. HostName: labs.portcullis.co.uk

IP Address: 192.168.1.102

b.   Domain/Workgroup Name: MEGABANK

c. All users found:

Administrator, angela, claude, Default account, felicia, fred,

Guest, gustavo, krbtgt, Marcus, marko, paulo, per, Bryan, zach

d. As shown above enumerating users list RID cycling attack that try to enumerate the users account through null sessions. This extracts users from windows hosts. The users list can be also used in other hacking activities.

After extracting the users from windows hosts some users information like real name of the user and his profile along with his account passwords can be seen. These can be used furtherly for other hacking activities.

e. Shares available:

Sharenames are: Disk type shares are: print$, tmp, opt while IPC type shares are: IPC$, ADMIN$

All these belong to the workgroup of MEGABANK.

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions