4.1 Enumeration Conecpts
What is Enumeration?
- In the enumeration phase, attacker creates active connections to system and performs directed queries to gain more information about the target.
- Attackers use extracted information to identify system attack points and perform password attacks to gain unauthorized access to information system resources.
- Enumeration techniques are conducted in an intranet environment.
- Information Enumerated by Intruders:
- Network resources
- Network shares
- Routing tables
- Audit and service settings
- SNMP and DNS details
- Machine names
- Users and groups
- Applications and banners
Techniques for Enumeration
- Extract user names using email IDs
- Extract information using the default passwords
- Extract user names using SNMP
- Brute force Active Directory
- Extract user groups from Windows
- Extract information using DNS Zone Transfer
Services and Ports to Enumerate
- TCP/UDP 53: DNS Zone Transfer
- TCP/UDP 135: Microsoft RPC Endpoint Mapper
- UDP 137: NetBIOS Name Service (NBNS)
- TCP 139: NetBIOS Session Service (SMB over NetBIOS)
- TCP/UDP 445: SMB over TCP (Direct Host)
- UDP 161: Simple Network Management Protocol (SNMP)
- TCP/UDP 389: Lightweight Directory Access Protocol (LDAP)
- TCP/UDP 3268: Global Catalog Service
- TCP 25: Simple Mail Transfer Protocol (SMTP)
- TCP/UDP 162: SNMP Trap