This is a selection of enumeration tools you may wish to install in your MIS Lab machine in order to do the course assignments. You should be very careful in using these tools outside of the Lab. Network administrators do not take lightly the probing of their networks and may respond aggressively to your attempts to gain information about them by using some of these tools. Please note that I am emphasizing Windows tools, but we will see Linux/UNIX tools later.
Start by downloading NBTscan from this Web site. Create a directory to extract NBTscan, e.g. security\nbtscan and extract the files as shown in this example. This tool is used at the command prompt. The uses of NBTscan are shown here.
Download DumpSec from its web site. Extract it using Explorer and install it . DumpSec is a graphical tool which allows you to dump the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. You click on the Report tab, Select Computer (enter IP number) and select what items you want in the report. You receive an output as in this example.
Download Legion from its archive location Extract it using Explorer and install it. Legion let you scan IP ranges or lists for shares, as shown in class. Once you obtain the IP block of the target organization, you use Legion to look for shared resources: files, directories, printers, etc.
Download Nat from its ftp location. Create a directory to extract Nat, e.g. security\nat and extract the files in this directory. This tool is used at the command prompt, as shown in class. More detail on its use is available here.
Download SMBScanner from this Web site. Create a directory to extract SMBScanner, e.g. security\SMBScanner and extract the files in this directory. SMBScanner allows you to check for Microsoft SMB (SAMBA) shares in a range of IP addresses. It is a graphical tool and has an on-line help.
Download NBTDump from here. (Note: limited time only, for the course). Create a directory to extract nbtdump, e.g. security\nbtdump and save the file in this directory (it is uncompressed). NBTdump lists NetBIOS information from Windows and *NIX Samba servers such as shares, user accounts with comments etc and the password policy as shown in this example.
Download NBTEnum from here. Create a directory to extract Enum, e.g. security\NBTEnum and extract the files in this directory. NBTEnum is a command prompt Win32 information enumeration utility. Using null sessions, NBTEnum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. This tool is used at the command prompt and the output is an HTML file. Information on its use is shown here.
Download Netcat from this location. Create a directory to extract Netcat, e.g. security\netcat and extract the files in this directory. In the simplest usage, "nc host port" creates a TCP connection to the given port on the given target host. Your standard input is then sent to the host, and anything that comes back across the connection is sent to your standard output. This tool is used at the command prompt, and more detail on its use is shown here.
This page is maintained by Al Bento
who can be reached at firstname.lastname@example.org. This page was last updated on February 6, 2012. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.