130 Chapter 6 ■ Enumeration of Services
So what options are available to an attacker performing enumeration? Let’s take a look
at the techniques you will be using in this chapter:Extracting Information from E-mail IDs This technique is used to obtain username and
domain name information from an e-mail address or ID. An e-mail address contains two parts:
the first part before the @ is the username and what comes after the @ is the domain name.Obtaining Information through Default Passwords Every device has default settings in
place, and default passwords are part of this group. It is not uncommon to find default set-
tings either partially or wholly left in place, meaning that an attacker can easily gain access
to the system and extract information as needed.Using Brute-force Attacks on Directory Services A directory service is a database that
contains information used to administer the network. As such it is a big target for an
attacker looking to gain extensive information about an environment. Many directories are
vulnerable to input verification deficiencies as well as other holes that may be exploited for
the purpose of discovering and compromising user accounts.Exploiting SNMP The Simple Network Management Protocol (SNMP) can be exploited
by an attacker who can guess the strings and use them to extract usernames.Working with DNS Zone Transfers A zone transfer in DNS is a normal occurrence, but
when this information falls into the wrong hands the effect can be devastating. A zone
transfer is designed to update DNS servers with the correct information; however, the zone
contains information that could map out the network, providing valuable data about the
structure of the environment.Capturing User Groups This technique involves extracting user accounts from specified
groups, storing the results, and determining whether the session accounts are in the group.Windows Basics
The Microsoft Windows operating system is designed to be used as either a stand-alone or
a networked environment; however, for this discussion you will assume a networked setup
only. In the Windows world, securing access to resources, objects, and other components
is handled through many mechanisms, but there are some things that are common to both
setups.
You need to know how access to resources such as file shares and other items is man-
aged. Windows uses a model that can be best summed up as defining who gets access to
what resources. For example, a user gets access to a file share or printer.Users
In any operating system, the item that is most responsible for controlling access to the sys-
tem is the user object. In Windows, the fundamental object that is used to determine access