Ethical Hacking Enumeration - Ethical Hacking

What is Ethical Hacking Enumeration?

The information Gathering phase of Ethical Hacking, which is the first phase, is called as the process of Enumeration. The attacker identifies as many attack vectors as possible by establishing an active connection with the victim. This helps the attacker to further exploit the systems.

Why Ethical Hacking Enumeration is used?

Ethical Hacking Enumeration can be used to gain information on −

  • Network shares
  • SNMP data, if they are not secured properly
  • IP tables
  • Usernames of different systems
  • Passwords policies lists

What are the system services on which the Ethical Hacking Enumeration depends on?

Ethical Hacking Enumerations depend on the services that the systems offer. They can be −

  • DNS enumeration
  • NTP enumeration
  • SNMP enumeration
  • Linux/Windows enumeration
  • SMB enumeration

What are the most widely used tools for Ethical Hacking Enumeration?

Some of the tools that are widely used for Enumeration are:

NTP Suite

As the name appears, NTP Suite is used for NTP enumeration. This is essential as other primary servers which help hosts in updating the names can do without authenticating the system.

For instance:

enum4linux

enum4linux is used to enumerate Linux systems. From the below screenshot it is observed how the usernames present in the target host are identified.

enum4linux

smtp-user-enum

smtp-user-enum tries to guess usernames by using SMTP service. The following screenshot makes it understand better.

smtp

Quick Fix

It is always suggested that all the services which are not in use need to be disabled, which reduces the possibility of the OS enumeration of the running system services.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Ethical Hacking Topics