CEH 4-Enumeration

By

What is Enumeration?

  • Enumeration is the process of establishing an active connection to the target host.
  • To discover potential attack vectors in the computer system.
  • Information gained at this phase can be used for further exploitation of the system.
  • It is often considered as a critical phase because few pieces of information gathered in this phase can help us directly exploit the target computer.
Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

Information gathered in this phase

  1. Usernames, Group names
  2. Hostnames
  3. Network shares and services
  4. IPtables and routing tables
  5. Service settings and Audit configurations
  6. Application and banners
  7. SNMP and DNS Details

1. NetBIOS Enumeration:

  • NetBIOS stands for Network Basic Input Output System.
  • It allows computers to communicate over a LAN to share files and devices like printers.
  • NetBIOS names are used to identify network devices over TCP/IP.

Attackers use the NetBIOS enumeration to obtain:

  1. List of computers that belong to a domain
  2. List of shares on the individual hosts on the network
  3. Policies and passwords

Tools:

  1. nmblookup
  2. nbtscan

2. SMB Enumeration

  • SMB stands for Server Message Block. 
  • It is mainly used for providing shared access to files, printers and miscellaneous communications between nodes on a network. 
  • It also provides an authenticated inter-process communication mechanism.
Tools:
  1. smbmap
  2. smbclient
  3. nmap(smb-vuln*)

3. DNS Enumeration

  • DNS enumeration retrieves information regarding all the DNS servers and their corresponding records related to an organization. 
  • DNS enumeration will yield usernames, computer names, and IP addresses of potential target systems.
Tools: 
  1. dig
  2. host
  3. dnsenum
  4. nmap(dns-brute) 

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment