In the enumeration phase, the attacker creates active connections with the system and performs directed queries to gain more information about the target.
An attacker uses the extracted information to identify points of the system attack and perform password attacks to gain unauthorized access to information system resources.
Enumeration techniques are conducted in an internet environment.
Also Read: How to hack wifi using kali
Information Enumerated by Intruders
- Network resources
- network shares
- Routing tables
- Audit and service setting
- SNMP and FQDN details
- Machine names
- Users and groups
- Applications and banners
What is Enumeration?
Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system or network. In the enumeration phase, the attacker creates active connections with the system and performs direct queries to gain more information about the target.
The attacker uses the information collected by means of enumeration to identify the vulnerabilities or weak points in the system security, which helps them exploit the target system. It allows attackers to perform password attacks to gain unauthorized access to information system resources. Enumeration techniques work in an internet environment.
Techniques for Enumeration
Extract user names using email IDs
Extract information using the default password
Brute force active Directory
Extract information using DNS Zone Transfer
Extract user groups from Windows
Extract user names using SNMP
These are the main Techniques of Enumeration If you need brief information about each term you can comment below.
Services and Ports to Enumerate
Domain Name System (DNS) Zone Transfer.
Microsoft RPC Endpoint Mapper.
NetBIOS Name Service (NBNS)
NetBIOS Session Service (SMB over NetBIOS)
SMB over TCP (Direct Host)
Simple Network Management Protocol(SNMP)
Lightweight Directory Access Protocol (LDAP)
Global catalog service.
Simple Mail Transfer Protocol
What is NetBIOS?
NetBIOS stands for Network Basic Input Output System. IBM developed it along with Sytek. The primary intention of NetBIOS was developed as Application Programming Interface (API) to enable access to LAN resources by the client’s software.
NetBIOS naming convention starts with 16-ASCII character string used to identify the network devices over TCP/IP; 15-characters are used for the device name, and the 16th character is reserved for the service or name record type.
NetBIOS Enumeration Tools:
The following table shows the list of tools to perform NetBIOS Enumeration:
5. NetBIOS enumerator
What is SNMP?
SNMP stands for Simple Network Management Protocol is an application-layer protocol that runs on User Datagram Protocol (UDP). It is used for managing network devices which run on IP layer like routers. SNMP is based on a client-server architecture where SNMP client or agent is located on every network device and communicates with the SNMP managing station via requests and responses. Both SNMP request and responses are configurable variables accessible by the agent software. SNMP contains two passwords for authenticating the agents before configuring the variables and for accessing the SNMP agent from the management station.
Also Read This :- What is Footprinting?