Windows 2000 DNS Zone Transfer



In a Windows 2000 domain, clients use service (SRV) records to locate Windows 2000 domain services, such as Active Directory and Kerberos. This means every Windows 2000 Active Directory domain must have a DNS server for the network to operate properly.
A simple zone transfer performed with the nslookup command can enumerate lots of interesting network information. The command to enumerate using the nslookupcommand is as follows:
nslookup ls -d domainname
Within the nslookup results, a hacker looks closely at the following records, because they provide additional information about the network services:
  • Global Catalog service (_gc._tcp_)
  • Domain controllers (_ldap._tcp)
  • Kerberos authentication (_kerberos._tcp)
As a countermeasure, zone transfers can be blocked in the properties of the Windows DNS server.
An Active Directory database is a Lightweight Directory Access Protocol (LDAP)-based database. This allows the existing users and groups in the database to be enumerated with a simple LDAP query. The only thing required to perform this enumeration is to create an authenticated session via LDAP. A Windows 2000 LDAP client called the Active Directory Administration Tool (ldp.exe) connects to an Active Directory server and identifies the contents of the database. You can find ldp.exe on the Windows 2000 CD-ROM in the Support\Reskit\Netmgmt\Dstool folder.
To perform an Active Directory enumeration attack, a hacker performs the following steps:
  1. Connect to any Active Directory server using ldp.exe on port 389. When the connection is complete, server information is displayed in the right pane.
  2. On the Connection menu, choose Authenticate. Type the username, password, and domain name in the appropriate boxes. You can use the Guest account or any other domain account.
  3. Once the authentication is successful, enumerate users and built-in groups by choosing the Search option from the Browse menu.
at 9:19 AM
Labels: , ,

1 comment:

  1. No NameAugust 18, 2020 at 12:19 PM

    Hello Everyone !

    USA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)

Popular Posts

  • Scanning Methodology
    As you’re probably aware by now, EC-Council is in love with methodology. Sure, in the real world you may not follow the steps blindly in or...
  • The Phases of Ethical Hacking
    The process of ethical hacking can be broken down into five distinct phases.  An ethical hacker follows processes similar to those of a mal...
  • nmap Command Switches
    Nmap is a free, open source tool that quickly and efficiently performs ping sweeps, port scanning, service identification, IP address dete...
  • Redirecting the SMB Logon to the Attacker
    Another way to discover passwords on a network is to redirect the Server Message Block (SMB) logon to an attacker's computer so that...
  • Understanding Email Tracking & Web Spiders
    Understanding Email Tracking Email-tracking programs allow the sender of an email to know whether the recipient reads, forwards, modifies, ...
  • Overt and Covert Channels
    An  overt channel  is the normal and legitimate way that programs communicate within a computer system or network. A  covert channel  us...
  • Banner Grabbing and OS Fingerprinting Techniques
    Banner grabbing and operating system identification—which can also be defined as  fingerprinting  the TCP/IP stack—is the fourth step in...
  • How the Netcat Trojan Works
    Netcat is a Trojan that uses a command-line interface to open TCP or UDP ports on a target system. A hacker can then telnet to those ope...
  • How to Be Ethical
    Ethical hacking is usually conducted in a structured and organized manner, usually as part of a penetration test or security audit. The de...
  • Using Traceroute in Footprinting
    Traceroute is a packet-tracking tool that is available for most operating systems. It operates by sending an Internet Control Message Prot...