Enumeration is the process of extracting user names, machine names, network resources, shares, and services from a system or network. In the enumeration phase, the attacker creates active connections with system and performs directed queries to gain more information about the target. The attackers use the information collected by means of enumeration to identify the vulnerabilities or weak points in the system security, which helps them exploit the target system. It allows the attacker to perform password attacks to gain unauthorized access to information system resources. Enumeration techniques work in an intranet environment.
Enumeration allows you to collect the following information:
• Network resources
• SNMP and FQDN details
• Network shares
• Machine names
• Routing tables
• Users and groups
• Audit and service settings
• Applications and banners
During enumeration, attackers may stumble upon a remote IPC share, such as IPC$ in Windows, which they can probe further for null sessions to collect information about other shares and system accounts.
The previous modules highlighted how attackers gather necessary information about a target without really getting on the wrong side of the legal barrier. However, enumeration activities may be illegal depending on the organization policies and any laws that are in effect. As an ethical or pentester, you should always acquire proper authorization before performing enumeration.
Related Product : Certified Ethical Hacker | CEH Certification
Techniques for Enumeration
To extract information about a target :
• Extract user names using email IDs
Every email address contains two parts: the user name and the domain name. The structure of an email address is username@domainname. Consider abc@gmail.corn; in this email address, the “abc” (the string of characters preceding the ‘@’ symbol) is the user name and “gmail.com” (the string of characters following the ‘@’ symbol) is the domain name.
• Extract information using default passwords
Many online resources provide a list of default passwords assigned by manufacturers to their products. Users often neglect to change the default usernames and passwords provided by the manufacturer or developer of a product. This eases the task of an attacker in enumerating and exploiting the target system.
• Brute force Active Directory
Microsoft Active Directory is susceptible to a username enumeration at the time of user-supplied input verification. This is a design error in the Microsoft Active Directory implementation. If a user enables the “logon hours” feature, then all the attempts at service authentication result in different error messages. Attackers take advantage of this to enumerate valid user names. An attacker who succeeds in extracting valid user names can conduct a brute-force attack to crack the respective passwords.
• Extract information using DNS Zone Transfer
A network administrator can use DNS Zone Transfer to replicate Domain Name System (DNS) data across a number of DNS servers, or to back up DNS files. The administrator needs to execute a specific zone transfer request to the name server. If the name server permits zone transfer, it will convert all the DNS names and IP addresses, hosted by that server to ASCII text.
If the network administrators did not configure the DNS server properly, the DNS Zone transfer is an effective method to obtain information about the organization’s network. This information may include lists of all named hosts, sub-zones, and related IP addresses. A user can perform DNS zone transfer using nslookup.
• Extract user groups from Windows
To extract user groups from Windows, the attacker should have a registered ID as a user in the Active Directory. The attacker can then extract information from groups in which the user is a member by using the Windows interface or command line method.
• Extract user names using SNMP
Attack-s can easily guess the read-only or read-write community strings using the SNMP AD to extract user names.
Also Read : What is SNMP Enumeration?
What is NetBIOS?
NetBIOS stands for Network Basic Input Output System. IBM developed it along with Sytek. The primary intention of NetBIOS was developed as Application Programming Interface (API) to enable access to LAN resources by the client’s software.
NetBIOS naming convention starts with 16-ASCII character string used to identify the network devices over TCP/IP; 15-characters are used for the device name, and the 16th character is reserved for the service or name record type.
NetBIOS Enumeration Explained:
NetBIOS software runs on port 139 on the Windows operating system. File and printer service needs to be enabled to enumerate NetBIOS over Windows Operating system. An attacker can perform the below on the remote machine.
- Choose to read or write to a remote machine depending on the availability of shares
- Launch a Denial of Service (DoS) attack on the remote machine
- Enumerate password policies on the remote machine
NetBIOS Enumeration Tools:
- nbtstat
- SuperScan
What is SNMP?
SNMP stands for Simple Network Management Protocol is an application-layer protocol that runs on User Datagram Protocol (UDP). It is used for managing network devices which run on IP layer like routers. SNMP is based on a client-server architecture where SNMP client or agent is located on every network device and communicates with the SNMP managing station via requests and responses. Both SNMP request and responses are configurable variables accessible by the agent software. SNMP contains two passwords for authenticating the agents before configuring the variables and for accessing the SNMP agent from the management station.
SNMP Passwords are:
- Read Community string are public, and the configuration of the device can be viewed with this password
- Read/Write community string is private, and the configuration of the device can be modified using this password.
SNMP uses a virtual hierarchical database internally for managing the network objects, and it is called Management Information Base (MIB). MIB contains a tree-like structure, and object ID uniquely represents each network object. The network objects can be viewed or modified based on the SNMP passwords.
SNMP Enumeration:
Default SNMP password allow attackers to view or modify the SMMP configuration settings. Attackers can enumerate SNMP on remote network devices for the following:
- Information about network resources such as routers, shares, devices, etc.
- ARP and routing tables
- Device-specific information
- Traffic statistics etc.
SNMP Enumeration Tools:
- OpUtils
- SolarWinds
What is LDAP?
LDAP Stands for Light Weight Directory Access Protocol and it is an Internet protocol for accessing distributed directory services like Active Directory or OpenLDAP etc. A directory service is a hierarchical and logical structure for storing records of users. LDAP is based on client and server architecture. LDAP transmits over TCP and information is transmitted between client and server using Basic Encoding Rules (BER).
LDAP Enumeration:
LDAP supports anonymous remote query on the Server. The query will disclose sensitive information such as usernames, address, contact details, Department details, etc.
LDAP Enumeration Tools:
- Softerra LDAP Administrator
- Jxplorer
What is NTP?
NTP stands for Network Time protocol designed to synchronize clocks of networked computers. NTP can achieve accuracies of 200 milliseconds or better in local area networks under ideal conditions. NTP can maintain time to within ten milliseconds (1/100 second) over the Internet. NTP is based on agent-server architecture where agent queries the NTP server, and it works on User Datagram Protocol (UDP) and well-known port 123.
NTP Enumeration:
An attacker can enumerate the following information by querying NTP server.
- List of hosts connected to the NTP server
- Internal Client IP addresses, Hostnames and Operating system used.
NTP Enumeration Tools:
- Ntptrace
- Ntpdc
What is SMTP?
SMTP stands for Simple Mail Transfer Protocol and it is designed for electronic mail (E-Mail) transmissions. SMTP is based on client-server architecture and works on Transmission Control Protocol (TCP) on well-known port number 25. SMTP uses Mail Exchange (MX) servers to send the mail to via the Domain Name Service, however, should an MX server not detected; SMTP will revert and try an A or alternatively SRV records.
SMTP Enumeration:
SMTP provides three built-in commands
- VRFY– validate users on the SMTP servers
- EXPN– Delivery addresses of aliases and mailing lists
- RCPT TO– Defines the recipients of the message
SMTP servers respond differently to the commands mentioned above, and SMTP enumeration is possible due to varied responses. Attackers can determine the valid users on the SMTP servers with the same technique.
SMTP Enumeration Tools:
- NetScan Tools Pro
- SMTP User Enum
What is DNS?
DNS stands for Domain Name Service, and it is primarily designed as hierarchical decentralized distributed naming systems for computers, services, or any resource connected to the network. DNS resolves hostnames to its respective IP addresses and vice versa. DNS internally maintains a database for storing the records. The following are the most commonly used record types in DNS.
- Start of Authority (SOA),
- IP addresses (A and AAAA),
- SMTP mail exchangers (MX),
- Nameservers (NS),
- Pointers for reverse DNS lookups (PTR), and
- Domain name aliases (CNAME)
DNS works on both UDP and TCP on well-known port number 53. It uses UDP for resolving queries and TCP for zone transfers. DNS zone transfer allows DNS databases to replicate the portion of the database from the primary server to the secondary server. DNS zone transfer must only be allowed by other validated secondary DNS servers acting as clients.
DNS Enumeration:
DNS enumeration is possible by sending zone transfer request to the DNS primary server pretending to be a client. It reveals sensitive domain records in response to the request.
DNS Enumeration Tools:
- Nslookup
- DNS Dumpster
- DNS Recon
The most common technique used to search users names and machine name of the target system which hacker do most to find victims. Infosavvy gives training on Certified Ethical Hacking in which covers one module on Enumeration. Do CEHv10 Training and Certification from Infosavvy in Banglore Location.
People also ask Question
1. What is the default password policy Active Directory?
2. What does Do not allow anonymous enumeration of SAM accounts default?
3. Where are password requirements in Active Directory?
4. Do not allow any shares to be accessed anonymously?
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Foot printing Penetration Testing
- Different types of tools with Email Foot printing
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Foot printing tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grapping
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article Written by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
Keep on writing, great job!
I enjoy what you guys are usually up too. This type
of clever work and coverage! Keep up the fantastic works
guys I’ve incorporated you guys to my blogroll.
Hello There. I found your blog using msn. This is a very well written article.
I will make sure to bookmark it and return to read more of your useful info.
Thanks for the post. I will certainly comeback.
Everything is very open with a precise description of the issues.
It was really informative.
Thank you for sharing!
Ahaa, its nice discussion about this piece of writing here at this weblog, I have read all that, so
at this time me also commenting here.
Very good blog post. I certainly appreciate
this website. Thanks!
Wonderful work! That is the kind of information that are
meant to be shared across the net.Thank you =)
Excellent way of explaining, and good piece of writing….
That is very interesting, You are a very skilled blogger.
wonderful points altogether!
Good blog you have got here.. It’s hard to find quality
writing like yours these days. I really appreciate individuals like you!
Take care!!
Good article. I will be dealing with a few of these issues as well..
Thanks for sharing your thoughts about replacement
windows dorking. Regards
excellent put up, very informative. I ponder why the opposite experts of this sector don’t
understand this. You should proceed your writing.
I am confident, you have a great readers’ base already!
Hi my family member! I want to say that this article is awesome, great written and include almost all significant
infos. I’d like to see extra posts like this .
Its such as you read my thoughts! You seem to understand a lot
about this, such as you wrote the guide in it or something.
I believe that you just can do with some percent to drive the message house a
little bit, but instead of that, that is magnificent blog.
An excellent read. I will certainly be back.
I have read so many posts about the blogger lovers however this piece of writing is really a pleasant article, keep it up.
Thanks to my father who informed me on the topic of this web site, this website
is in fact amazing.
Hi there, just wanted to mention, I liked this blog post.
It was helpful. Keep on posting!
Saved as a favorite, I really like your web site!
It’s actually a cool and useful piece of information. I am satisfied that you shared this useful info with us.
Please stay us up to date like this. Thanks for sharing.
I like the valuable info you provide for your articles.
Cool blog!
I pay a quick visit daily some websites and blogs to read articles, but this web site offers feature based content.
It is appropriate time to make some plans for the future and it’s
time to be happy.
I want to read more things approximately it!
Fascinating blog!
Keep on writing, great job!
I like the valuable info you provide in your articles.
I will bookmark your weblog and check again here frequently.
I am quite certain I’ll learn many new stuff right here!
Good luck for the next!
I have read so many articles on the topic of the blogger
lovers but this piece of writing is genuinely
a pleasant paragraph, keep it up.
Sweet blog! I found it while surfing around on Yahoo News.
Do you have any tips on how to get listed in Yahoo News?
I’ve been trying for a while but I never seem to get there!
Cheers
Great article.
My brother recommended I may like this website. He was once totally right.
This post truly made my day. You cann’t imagine simply how so much time I
had spent for this info! Thanks!
It’s amazing in support of me to have a web site, which is good
in support of my know-how. thanks admin
Thank you for the auspicious writeup.
These are in fact great ideas in concerning blogging. You have
touched some good factors here. Any way keep
up writing.
I’m amazed, I like it…
Peculiar article, totally what I wanted to find.
Greate post. Keep writing such kind of info on your site.
Im really impressed by it.
Keep on working, great job!
Nice blog right here! Also your web site rather a lot up
very fast!
Amazing things here. I’m very happy to peer your post.
Thank you a lot and I’m looking forward to contact
you.
What’s up it’s me, I am also visiting this web site on a regular basis, this site is
truly good and the visitors are genuinely sharing pleasant thoughts.
WOW Amazing blog….
I really liked your blog.Really thank you! Awesome.
This article is genuinely a pleasant one it
helps new the web users, who are wishing in favor of blogging.
I really enjoy the blog post.Really looking forward to read more. Really Cool.
Thanks very interesting blog!
Great article.
It’s amazing to go to see this site and reading the views of
all colleagues concerning this article, while I am also eager of getting
experience.
Excellent site you’ve got here.. It’s difficult to find quality writing like yours nowadays.
I seriously appreciate people like you! Take care!!
Wonderful blog!
Many thanks
Very nice info and BEST to the point.
Good post! We will be linking to this particularly
great content on our website. Keep up the good writing.
Good post. I will be facing some of these issues as well..
I just like the helpful information you supply for your articles.
It’s an awesome article …
Spot on with this write-up, I seriously believe that this website needs far more attention. I’ll probably be
back again to read through more, thanks for the information!
Thanks for some other informative website.
This is very interesting, You are a very skilled blogger.
This is very interesting, You’re a very skilled blogger.
Very good blog post.
Wow, awesome blog!
Nice blog!
I also conceive so, perfectly indited post!
I like this site so much, saved to bookmarks.
Wonderful work!
I’m not that much of a internet reader to be
honest but your sites really nice, keep it up! I’ll go ahead and
bookmark your site to come back in the future.
All the best
An excellent read. I’ll definitely be back.
I think this is one of the most important information for me.
And i’m glad studying your article.
I think this is one of the most important info for me.
And i am glad reading your article. But should remark on few general things,
The web site style is wonderful, the articles is really excellent :
D. Good job, cheers
Great blog!!
Wonderful beat !
Nice post.
The articles is really great
This is a great tip especially to those fresh
to the blogosphere. Brief but very accurate info… Thank you for sharing this one.
A must read article!
Wow! In the end I got a webpage from where I be capable of genuinely obtain helpful information regarding
my study and knowledge.
Thanks in favor of sharing such a pleasant thinking, piece of writing is nice, thats why i have read it fully
Liked it!
Hi, of course this piece of writing is truly good and I have learned lot of things from it regarding blogging.
thanks.
This site was… how do I say it? Relevant!!
Finally I have found something that helped me.
Thank you!