Enumeration in Ethical Hacking

Enumeration is one of the phases of Penetration Testing or Ethical Hacking. It is a process of gaining complete access to the system by cooperating the vulnerabilities identified in the first two phases. The Scanning stage only supports to find the vulnerabilities to a certain level, but  Enumeration helps us learn the whole details such as users, groups and even system level details – routing tables. This phase of the Ethical hacking is to gain end-to-end knowledge of what will be tested in the target environment. Tools are installed to gain complete control over the system.

Types of information enumerated by intruders

  • Network Resource and shares
  • Users and Groups
  • Routing tables
  • Auditing and Service settings
  • Machine names
  • Applications and banners
  • SNMP and DNS details

Techniques for Enumeration

  • Extract user names using SNMP
  • Extract user groups from Windows
  • Brute Force Active Directory
  • Extract information using DNS Zone transfer
  • Extracting user names using email ID’s
  • Extract information using the default password

Significance of Enumeration

Enumeration is the feature of Ethical hacking. The metrics, outcomes, results are used directly in testing the system in the next steps of penetration testing.

Enumeration helps us to decrypt the full information – Hostnames, IP tables, SNMP and DNS, Application, Banners, Audit configurations and service settings. Enumeration meaning is that it systematically collects details. This allows pentesters to entirely examine the systems.  The pentesters collect information about the weak links in the enumeration phase of ethical hacking. It helps in finding the attack Vectors and threats.

Enumeration Classification 

What are the goals of the Enumeration ?

  • To map the end-to-end details that we need to check after the enumeration step
  • The ways to execute the attacks in the future phases
  • Identify all the information we need to do the implementation in future testing
  • Compile a list of devices with configuration for testing
  • Complete the network map to confirm the steps for testing
  • Compile the list of people who support the testing
  • Collect even unrelated information that might still be important in the future

Process of Enumeration

Services and Port to Enumerate 

Tools supporting Enumeration

Tool Use Service
Nmap Network mapper To determine port and service information on a target

 

Nessus Service and vulnerability scanner. Identify vulnerable services
WPScan WordPress vulnerability scanner Identify vulnerable WordPress applications
Searchsploit CLI tool for exploit.db for exploits To look up exploits for services.
GoBuster Web directory brute forcer Discover directories on web servers.
Dig Domain Information Groper Used to query DNS servers
Nmblookup SMB share lookup. Find any open and exposed SMB shares 
Dnsenum    Enumerate DNS information 

Port – Scanning Enumeration

  • Port scanning is the common form of enumeration. This is used to learn the many services which can exploit the systems. This includes all the systems that are connected to LAN or accessing the network through the modem which runs the services.  We can find out what services are running, who are the owners of these services and if any of them needs a separate verification.

NetBIOS (Network Basic Input Output System) Enumeration

  • It helps in computer communication with LAN for sharing files and printers.
  • They are mainly used for finding the network devices.
  • The naming is 16 characters – 15 characters for the device and the 16th denotes the service it runs.
  • Attackers use the NetBIOS for scanning the list of computers per domain, policies and passwords and other shares in the network.
  • Tools used in Netbios are Nbtstat, superscan, Net View, Hyena

Categorized in: