Enumeration is the process of establishing an active connection to the target host to discover potential attack vectors in the computer system, information gained at this phase can be used for further exploitation of the system. It is often considered as a critical phase because few pieces of information gathered in this phase can help us directly exploit the target computer.
Information gathered in this phase
1. Usernames, Group names
2. Hostnames
3. Network shares and services
4. IPtables and routing tables
5. Service settings and Audit configurations
6. Application and banners
7. SNMP and DNS Details
In the enumeration phase attacker creates active attacks to system and performs directed queries to gain more information about the target.
Attackers used extracted information to identify system attack points and perform password attacks to gain unauthorized access to information system reources
Most common ports targeted by hackers to enumerate
Information gathered in this phase
1. Usernames, Group names
2. Hostnames
3. Network shares and services
4. IPtables and routing tables
5. Service settings and Audit configurations
6. Application and banners
7. SNMP and DNS Details
In the enumeration phase attacker creates active attacks to system and performs directed queries to gain more information about the target.
Attackers used extracted information to identify system attack points and perform password attacks to gain unauthorized access to information system reources
Most common ports targeted by hackers to enumerate
- DNS port-53
- FTP port-21
- Telnet port-23
- SMTP port-25
- NETBIOS session service port-139
- NETBIOS name service port-137
- SMP over TCP port-445
- POP3 port-110
Benefits of NetBIOS Enumeration:
1. Information related to computers that belong to a domain.
2. Details related to shares on computers in the network.
3. Extracting policies and passwords.
SMB Enumeration
SMB stands for Server Message Block. It is mainly used for providing shared access to files, printers and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism.
DNS Enumeration
DNS enumeration retrieves information regarding all the DNS servers and their corresponding records related to an organization. DNS enumeration will yield usernames, computer names, and IP addresses of potential target systems.
DNS Zone Transfer
• Used to replicate DNS data across some DNS Servers or to backup DNS files. A user or server will perform a specific zone transfer request from a name server.
• DNS servers should not permit zone transfers towards any IP address from the Internet.
• Since zone files contain complete information about domain names, subdomains and IP addresses configured on the target name server, finding this information is useful for increasing your attack surface and for better understanding the internal structure of the target company.
• We can identify hidden subdomains, development servers information, and internal IP addresses, etc.
• Information gathered from zone files can be useful for attackers to implement various attacks against the target company, like targeting test or development servers which are less secure.
No comments:
Post a Comment