4.8 Enumeration Pen Testing
Enumeration Pen Testing
- Used to identify valid user accounts or poorly protected resources shares using active connections to systems and directed queries.
- The information can be users and groups, network resources and shares, and applications.
- Used in combination with data collected in the reconnaissance phase.
- In order to enumerate important servers, find the network range using tools such as WhoIs Lookup.
- Calcuate the subnet mask required for the IP range using Subnet Mask Calculators, that can be given as an input to many of the ping sweep and port scanning tools.
- Find the servers connected to the Internet using tools such as Nmap.
- Perform port scanning to check for the open ports on the nodes using tools such as Nmap.
- Perform NetBIOS enumeration using tools such as SuperScan, Hyena, and Winfingerprint.
- Perform SNMP enumeration using tools such as OpUtils Network Monitoring Toolset and Engineer's Toolset.
- Perform LDAP enumeration using tools such as Softerra LDAP Administrator.
- Perform NTP enumeration using commands such as ntptrace, ntpdc, and ntpq.
- Perform SMTP enumeration using tools such as NetScanTools Pro.
- Perform DNS enumeration using Windows utility NSLookup.