Enumeration

 - Provide a Network Enumeration

1. User Name and User Groups
2. List of computers, their operating system, and ports
3. Machine names, network resources and services
4. List of shares on individual hosts on the network
5. Policies and passwords

-- Collected Details about
    
1. Network Machine
2. Users
3. Shared Folders
3. Ports
4. Operating System
5. Machine Names
6. Network Resources
7. Services

1. NetBIOS Enumeration Using Global Network Inventory

Tool : Global Network Inventory tool - use for security auditing and testing of
     firewall and networks. It is also used for Idle scanning.

-- In this tool we enumerate the Machine names, users, user Groups , etc.


2. Enumerating Network Resources Using Advanced IP Scanner

--> The goad of running a scanner to identify device on your Network that are
    open to vulnerabilities.

--> Procedure to identifying host, ports and services in a network.

1. perform a system and network scan
2. Enumerate user accounts
3. Execute remote penetration
4. Gather information abbout local network computers


3. Performing Network Enumeration Using SuperScan : /NetBIOS Enumeration Tool/SuperScan

--> SuperScan detect open TCP and UDP ports on target machines
--> Allowing to atttackers to exploit these open ports and hack target machine
--> We can enumerate target networks and extract list of computers, user names, user groups,
    machine names, network resources and service using SuperScan.

1. List of computers that belong to a domain
2. List of share on the individual hosts on the network
3. Policies and Passwords

4. Enumerating Resources in a Lical Machine Using Hyena :

--> Mangement of users, groups (local and global), shares, domains, Computers, service,
    devices, events, files, printers, sessions, open files, disk space, user rights,
    messaging, exporting, job scheduling and printing.


5. Performing Network Enumeration Using NetBIOS Enumerator :

--> NetBIOS Enumerator is an enumeration tool that show how to use remote network support and
    to deal

--> NetBIOS Enumeration is gather the following information :
    1. Account lockout threshold
    2. Local groups and user accounts
    3. Global groups and user accounts

--> Attackers can use the information such as enumerated usernmames and peroforma password
    guessing techniques to crackk a user account.

6. Enumerating a Network Using SoftPerfect Network Scanner :
 
--> We resolve host names and auto-detect your local and external IP range.

--> A hacker enumerates application and banners to identifying user accounts and shared resource.

    1. Hardware MAC addresses across routers
    2. Hidden shared folders and writable ones
    3. Internal and External IP address

7. Enumerating a Target Network using Nmap and Net Use --

--> Nmap determines what hosts are available on the network, what sevices (application name and version)
    what operating system (OS version) , what type of packet firewall are use.

--> By using open ports attacker can easily attack the target machines to overcome
    this type of attack network filled with IP filters.

--> We need to enumerate a target network and extract a list of computers, user names, user groups,
    machine names, network resources and services.

     1. User names and user groups
    2. List of computers, their operating system and the ports on them
    3. List of shares on the individual hosts on the network
    4. Policies and Passwords

--> We use Nmap GUI on Windows Machine

--> Fistly we Scan the Machine using Zenmap GUI is specified the target and give -O command.

--> We give nbtstat -A [ip] command and then

--> Type net use \\10.10.10.16[ip]\e ""\user:"" and press Enter

--> Now type net use \\10.10.10.16\e ""/user:"" and press Enter

--> Open file Explorer, right click the mapped network drive (Z:\) and select Disconnect

--> This creates/connects a null session. Confirm it type 'net use' command which should list
    your newly created null session. the null session has been created with name 'e'


8. Enumerating Services on a Target Machine :

    1. Scan all the machines on a given network or subnet
    2. List of machines that are up and running
    3. Determine open ports on given node
    4. Find if any port has firewall restriction
    5. Enumerate all the services running on the port along with their respective versions

We Performing on linux Terminal

--> Nmap scans all the nodes on the given network and start displaying all the hosts, MAC addres
    device information.
# nmap -sP [ip/subnet]  -- It is ping sweep scan.

--> perform a stealthy SYN scan to list all the open ports on give IP address
# nmap -sS [ip address of machine] -- stealthy scan

--> We can enumerate version of each service running on the ports
    version detecion along with OS fingerprint/detection will be initiated
# nmap -sSV -O [ip address of machine]

--> We save the result to home root directory
# nmap -sSV -O [ip address of machine] -oN Enumeration.txt [file name] -- we give path also /home/Desktop/nmap.txt

--> We also view the result on command line terminal
# cat Enumeration.txt


9. SNMP Enumeration Using snmp_enum

--> SNMP enumeration is the process enumerating user's accounts and devices on a SNMP enabled computer.
    SNMP service comes with two passwords, which are used to configure and access the SNMP agent form the
    management station.

--> we find out default community string. Extract information about network resources shch as hosts, routers, devices, shares,etc.
    and network information such as ARP tables, routing tables, device specific information and traffic statistics.

--> We enumerate to
    
    1. Connected Devices
    2. Hostname and information
    3. Domain
    4. Hardware and storage information
    5. Software Components
    6. Total Memory

--> We enumerate such a Information using Nmap :

--> We view the port status of the target machine using cmd
# nmap -sU -p 161 [ip address of the machine]

--> port 161 is used by SNMP

---> The snmp-brute script will exract the SNMP community string from target machine.
# nmap -sU -p 161 --script=snmp-brute [ip address of machine]

--> We Exploit the Vulnerability using Metasploit > msfconsole
# msfconsole

msf > use auxiliary/scanner/snmp/snmp_login

msf > show options

msf > set RHOSTS [ip address of target machine]

msf > exploit

--> We are login Successful

--> Now we we use snmp_enum module

msf > use auxiliary/scanner/snmp/snmp_enum

msf > show options

msf > set RHOSTS [ip of target machine]

--> We getting Connected message and give the result for observation.


10. LDAP Enumeration Using Active Directory Explorer (ADExplorer)

--> This Enumeration to obtain information :
    
    1. User names and user groups
    2. Attributes


--> Tool : Active Directory Explorer > ADExplorer

--> Type the Ip adress of target machine at the dialoague box


11. Enumerating information from Windows and Samba host using Enum4linux
 
--> Tool : Enum4linux -- Enumerating information from Windows and Samba System.

--> This tool base on the linux terminal

# man enum4linux

# enum4linux -u martin -p apple -U [ip address of target machine]

--> Get the details of the target system

# enum4linux -u [user name] -p [password] -o [ip address of target ]

--> It shows Operating System details of the target machine.

# enum4linux -u [user name] -p [password] -P [ip address of target ]

--> To get Password Policy Information

# enum4linux -u [user name] -p [password] -G [ip address of target ]

--> To get the Groups information of target machine

# enum4linux -u [user name] -p [password] -S [ip address of target ]

--> To get Share Policy Information of the target Machine

 


 

Previous Post Next Post
Share to other apps
Copy Post Link

Contact Form