Certified Ethical Hacker Cert Guide: Enumeration and System Hacking
This chapter introduces Windows enumeration and system hacking. It gives you the knowledge you need to prepare for the Certified Ethical Hacker exam, and it broadens your knowledge of Windows security controls and weaknesses. However, this chapter addresses only the basic information, as it would require an entire book to cover all Windows hacking issues. If you are seriously considering a career as a penetration tester, this chapter should whet your appetite for greater knowledge.
The chapter begins by introducing enumeration and discusses what kind of information can potentially be uncovered. Enumeration is the final pre-attack phase in which you probe for usernames, system roles, account details, open shares, and weak passwords. This chapter also reviews some basics of Windows architecture. A review of Windows users and groups is discussed. The last topic is system hacking. This section discusses the tools and techniques used for gaining access to computer systems. Although many of the tools introduced are specific to Windows systems, the steps are the same no matter what the platform, as evident in Chapter 5, “Linux and Automated Assessment Tools,” when Linux is discussed.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 4-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”
Table 4-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section |
Questions |
Enumeration |
2, 3, 4, 5, 10 |
System Hacking |
1, 6, 7, 8, 9 |
Which of the following is considered a nontechnical attack?
- Password sniffing
- Dumpster diving
- Password injection
- Software keylogger
A RID of 500 is associated with what account?
- A user account
- The first users account
- The guest account
- The administrator account
During enumeration what ports may specifically indicate SMB on a Windows computer?
- 110
- 111
- 389
- 445
During enumeration what ports may specifically indicate portmapper on a Linux computer?
- 110
- 111
- 389
- 445
Which of the following is a tool commonly used for enumeration?
- GetAcct
- John
- LCP
- IAM tool kit
Which type of password cracking makes use of the space/time memory trade-off?
- Dictionary attack
- Rainbow table
- Rule
- Hybrid
The second layer of security on the SAM file is known as what?
- Encoding
- Obscuring
- SYSKEY
- Salting
Windows passwords that are stored in seven-character fields are known as what?
- NTLMv2
- Kerberos
- Salted
- LAN Manager
Which of the following matches the common padding found on the end of short Windows passwords?
- 1404EE
- EE4403
- EEEEEE
- 1902DD
If you were going to enumerate DNS, which of the following tools could be used?
- Route print
- ARP -A
- Nslookup
- IPconfig