Tweet
Enumeration is the process of extracting information from a target system in an organized and methodical manner. During enumeration you should be able to extract information such as usernames, hostnames, shares, system services as well as other information depending on the nature of the environment. Unlike with previous phases, you are initiating active connections to a target system in an effort to gather what information you find useful. This phase should be considered a high-risk process. Make sure to take extra effort to be precise to reduce the risk of detection.
During this phase you are using active connections to the target system to perform more aggressive information gathering. The active connections allow you to perform directed queries against the system to extract more information about the target environment. After having retrieved sufficient information, you can assess the strengths and weaknesses of the system. Attackers use this information to identify attack points and also perform password attacks to get unauthorized access to information and resources and is often done in an Intranet environment.
Information gathered in this phase could be
Make sure you have written permission to perform enumeration or you may be crossing legal boundaries.
Extracting Information from e-mail IDs
This technique is used to obtain usernames and domain name information from an e-mail address or ID. An email address contains but a domain name and a username.
Obtaining Information through Default Passwords
Every device has default settings in place, and default usernames and passwords are part of this group. It is not uncommon to find default settings either partially or wholly left in place, meaning that an attacker can easily gain access to the system and extract useful information.
Using Brute-Force Attacks on Discovery Services
A directory service is a database that contains information used to administer the network thus making it an obvious target for an attacker looking to gain extensive information about the target environment. Many directory services are vulnerable to input verification deficiencies as well as other issues that may be exploited for the purpose of discovering and compromising user accounts.
Exploiting the SNMP service
The Simple Network Management Protocol (SNMP) can sometimes be exploited by an attacker who can guess the community strings and use them to extract usernames and other information. It might also allow an attacker to change settings on the target device.
DNS Zone Transfers
A zone transfer in a DNS system is a normal occurrence, but when this information falls into the hands of an attacker, the effect can be devastating. A zone transfer is in place to update secondary DNS servers with the current information form a primary DNS server; however, the zone files contain information that could assist an attacker in mapping out the target network, providing valuable data about the design and structure of the target environment.
Capturing User Groups
This technique involves extracting user accounts from specified groups, to determine whether the session accounts are in that particular group.
During this phase you are using active connections to the target system to perform more aggressive information gathering. The active connections allow you to perform directed queries against the system to extract more information about the target environment. After having retrieved sufficient information, you can assess the strengths and weaknesses of the system. Attackers use this information to identify attack points and also perform password attacks to get unauthorized access to information and resources and is often done in an Intranet environment.
Information gathered in this phase could be
- Network resources and shares
- Users and groups
- Routing tables
- Auditing and service settings
- Machine names
- Applications and banners
- SNMP and DNS details
Make sure you have written permission to perform enumeration or you may be crossing legal boundaries.
Extracting Information from e-mail IDs
This technique is used to obtain usernames and domain name information from an e-mail address or ID. An email address contains but a domain name and a username.
Obtaining Information through Default Passwords
Every device has default settings in place, and default usernames and passwords are part of this group. It is not uncommon to find default settings either partially or wholly left in place, meaning that an attacker can easily gain access to the system and extract useful information.
Using Brute-Force Attacks on Discovery Services
A directory service is a database that contains information used to administer the network thus making it an obvious target for an attacker looking to gain extensive information about the target environment. Many directory services are vulnerable to input verification deficiencies as well as other issues that may be exploited for the purpose of discovering and compromising user accounts.
Exploiting the SNMP service
The Simple Network Management Protocol (SNMP) can sometimes be exploited by an attacker who can guess the community strings and use them to extract usernames and other information. It might also allow an attacker to change settings on the target device.
DNS Zone Transfers
A zone transfer in a DNS system is a normal occurrence, but when this information falls into the hands of an attacker, the effect can be devastating. A zone transfer is in place to update secondary DNS servers with the current information form a primary DNS server; however, the zone files contain information that could assist an attacker in mapping out the target network, providing valuable data about the design and structure of the target environment.
Capturing User Groups
This technique involves extracting user accounts from specified groups, to determine whether the session accounts are in that particular group.