What is Enumeration ?

 Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further.


Enumeration can be used to gain information on −


Network shares

SNMP data, if they are not secured properly

IP tables

Usernames of different systems

Passwords policies lists

Enumerations depend on the services that the systems offer. They can be −


DNS enumeration

NTP enumeration

SNMP enumeration

Linux/Windows enumeration

SMB enumeration

Let us now discuss some of the tools that are widely used for Enumeration.


NTP Suite

NTP Suite is used for NTP enumeration. This is important because in a network environment, you can find other primary servers that help the hosts to update their times and you can do it without authenticating the system.


enum4linux

enum4linux is used to enumerate Linux systems. Take a look at the following screenshot and observe how we have found the usernames present in a target host.


enum4linux


smtp-user-enum

smtp-user-enum tries to guess usernames by using SMTP service. Take a look at the following screenshot to understand how it does so.


SMTP


Quick Fix

It is recommended to disable all services that you don’t use. It reduces the possibilities of OS enumeration of the services that your systems are running.



Enjoy! Follow us for more...

No comments:

Post a Comment

What is Prototype content functions in JavaScript Framework Programming.mp4

  Download now Enjoy! Follow us for more...