Email Login| Link Exchange | Cyber News | Phishing Attack | SQL Injection | SEO | DOS Attack | Hacking Tools | |Hacking Tricks | Penetration Testing | Trojans & Keyloggers |Hacking Videos | General Discussion | Website Hacking | Session Hijacking | Social Engineering | Anonymous Surfing | Recover Passwords | Bypass Firewall | Hacking Books | Network Sniffers | Password Cracking | Enumerating & Fingerprinting | Movies & Songs

Share This Post With Your Friends

Friday, July 10, 2009

Enumerate User Information

Enumerate User Information from Target: USERDUMP

The USERDUMP application is designed to gather user information from the target. Some of the information enumerated is the user RID, privileges, login times, login dates, account expiration date, network storage limitations, login hours, and much more.

From a DOS prompt type the following syntax:

userdump \\Target IP Address Target Username

The results reveal the following username Administrator details:
The User ID is 500. (This tells us that this is indeed the real Administrator account.)
The user’s password never expires.
The Administrator last logged in at 12:44 a.m. on January 16, 2004.
The account has had 9 bad password attempts.
The Administrator has only logged in to this computer 2 times.
The PasswordExp is set to 0. (This tell us that the password never expires.)
The logon hours are all set to 1. (This tells us that the Administrator can log
in 24/7.)
Other information.

The username Administrator details have been successfully enumerated via the USERDUMP application.



Exploit Data from Target Computer: USERINFO

The USERINFO application is designed to gather user information from the target. Some of the information enumerated is the user RID, privileges, login times, login dates, account expiration date, network storage limitations, login hours, and much more. An attacker uses this information in his or her social engineering phase of an attack.

From a Disc Operating System (DOS) prompt type the following syntax:

userinfo \\Target IP Address Target Username

Notice the results returned with USERINFO are identical to the USERDUMP application





---Regards,
Amarjit Singh
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Enumerating and Fingerprinting

Thursday, July 9, 2009

Social Engineering Techniques: Dumpster Diving

Information that companies consider sensitive is thrown out daily in the normal garbage cans. Attackers can successfully retrieve this data by literally climbing into the company dumpsters and pilfering through the garbage. Information such as names, Social Security numbers,
addresses, phone numbers, account numbers, balances, and so forth is thrown out every day somewhere. I personally know a nationally recognized movie rental company that still uses carbon paper in its fax machine. Once the roll is used up they simply throw the entire
roll in the dumpster. The information on that roll is priceless, including names, addresses, account numbers, phone numbers, how much they actually pay for their movies, and so forth.

Another social engineering attack that also proves to be very successful is when an attacker dresses in the uniform of those personnel considered “honest” and “important” or even “expensive.” For example; an attacker purchases/steals the uniform of a carrier, telephone, or gas or electric employee and appears carrying boxes and/or clipboards, pens, tools,
etc. and perhaps even an “official-looking” identification badge or a dolly carrying “equipment.” These attackers generally have unchallenged access throughout the building as employees tend to see “through” these types of people. When is the last time you challenged
one of these personnel to verify their credentials?

This attack is very risky as the attacker can now be personally identified should he or she get caught. Again, this attack is normally very successful so bear this in mind.

---Regards,
Amarjit Singh
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Social Engineering
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)