This is a selection of enumeration tools you may wish to install in
your MIS Lab VM machine in order to do the course assignments. Some of these tools are NOT safe to install in your home PCs. You should
be very careful in using these tools outside of the VM and Lab. Network
administrators do not take lightly the probing of their networks and
may respond aggressively to your attempts to gain information about
them by using some of these tools. Please note that I am emphasizing
Windows tools, but we will see Linux/UNIX tools later.
I suggest you create a directory C:\security and install your
tools there. Some are graphical, while others only run at the command
prompt with admin privileges.
Download DumpSec from its web site.
Extract it using Explorer and install it and place a shotcut in
the desktop. Right-click on the shortcut and select run as admin.
DumpSec is a graphical tool
which allows you to dump the permissions (DACLs) and audit settings
(SACLs) for the file system, registry, printers and shares in a
concise, readable listbox format, so that holes in system security are
readily apparent. DumpSec also dumps user, group and replication
information. You click on the Report tab, Select Computer (enter IP
number) and select what items you want in the report. You receive an
output as in this example. Right-click
Download GetAcct from wthis site.
Extract it using Explorer and install it . GetAcct sidesteps
"RestrictAnonymous=1" and acquires account information on Windows. See this page for more information.
Start by downloading NBTscan from this Web site. Create a directory to extract NBTscan, e.g. security\nbtscan and extract the files as shown in this example. This tool is used at the command prompt. The uses of NBTscan are shown here.
Download Nat from its ftp location.
Create a directory to extract Nat, e.g. security\nat and extract the
files in this directory. This tool is used at the command prompt, as shown in class. More detail on its use is available here.
Download NBTDump from here. Create a directory to extract nbtdump, e.g. security\nbtdump and save the file in this directory (it is uncompressed). NBTdump
lists NetBIOS information from Windows and *NIX Samba servers such as
shares, user accounts with comments etc and the password policy as
shown in this example.
Download ShareEnum from Microsoft SysInternals here . ShareEnum uses NetBIOS enumeration to scan all the
computers within the domains accessible to it, showing file and print
shares and their security settings as sown in this example.
Download NBTEnum from here.
Create a directory to extract Enum, e.g. security\NBTEnum and extract
the files in this directory. NBTEnum is a command prompt Win32
information enumeration utility. Using null sessions, NBTEnum can
retrieve userlists, machine lists, sharelists, namelists, group and
member lists, password and LSA policy information. This tool is used at
the command prompt and the output is an HTML file. Information on its
use is shown here.
Sid2user and user2sidDownload these tools from this site. User2sid and Sid2user are two small utilities for Windows that allow the administrator to query the SAM to find out
a SID value for a given account name and vice versa. User2sid.exe can
retrieve a SID from the SAM (Security Accounts Manager) from the local
or a remote machine and Sid2user.exe can then be used to retrieve the
names of all the user accounts and more. See their sintax here. For more details read this page.
Cain and AbelDownload Cain and Abel from its home page. You will need to download Winpcap 4.1.3 for Windows 10 and select DNS, DNS suffix for it to work. You may wish to see this youtube video to install and basic usage. Please use their detailed User Manual to
learn how to do Network enumeration and too many other functions to list here. We will see
and use it again as a penetration tool, including
password cracking, etc, in a future class.
Download Netcat from this location.
Create a directory to extract Netcat, e.g. security\netcat and extract
the files in this directory. The password is nc. In the simplest usage, "nc host port"
creates a TCP connection to the given port on the given target host.
Your standard input is then sent to the host, and anything that comes
back across the connection is sent to your standard output. This tool is used at the command prompt, and more detail on its use is shown here.
This page is maintained by Al Bento
who can be reached at firstname.lastname@example.org.
This page was last updated on August 20, 2017. Although we will attempt
to keep this information accurate, we can not guarantee the accuracy of
the information provided.