Scribd
Upload
17 views22 pages

Enumeration

Module 7 of the Cyber Security Professional Certification focuses on enumeration techniques used by penetration testers to identify potential attack vectors in systems. It covers various types of enumeration, including SNMP, NetBIOS, LDAP, NTP, SMTP, FTP, and DNS, along with their common ports and services. The module also includes practical labs for hands-on experience with each enumeration type.

Uploaded by

rish goy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views22 pages

Enumeration

Module 7 of the Cyber Security Professional Certification focuses on enumeration techniques used by penetration testers to identify potential attack vectors in systems. It covers various types of enumeration, including SNMP, NetBIOS, LDAP, NTP, SMTP, FTP, and DNS, along with their common ports and services. The module also includes practical labs for hands-on experience with each enumeration type.

Uploaded by

rish goy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

CYBER MODULE 7:

SECURITY ENUNMERATION

PROFESSIONAL
CERTIFICATION

01/22 https://www.careerera.com
Getting a thorough picture of the objective is the aim of this
AIM OF module. A penetration tester uses active connections to
systems in this phase to look for legitimate user accounts or
MODULE inadequately secured shared resources.

01/10 02/22 https://www.careerera.com


Agenda and Objectives

 What is Enumeration
 Common ports and services
 Enumerating services and types
• SNMP Enumeration
• NetBIOS Enumeration
• LDAP Enumeration
• NTP Enumeration
• SMTP Enumeration
• FTP Enumeration
• DNS Enumeration

03/22 https://www.careerera.com
What is Enumeration?

Enumeration is described as a technique that creates an active


connection to the target hosts in order to identify potential attack
vectors in the system, which may then be exploited for further
system exploitation.

Enumeration is used to gather the following:

 Usernames, group names


 Hostnames
 Network shares and services
 IP tables and routing tables
 Application and banners

04/22 https://www.careerera.com
Common Ports and Services

21 File Transfer Protocol (FTP) Command Control

22 Secure Shell (SSH)

23 Telnet - Remote login service, unencrypted text messages

25 Simple Mail Transfer Protocol (SMTP) E-mail Routing

53 Domain Name System (DNS) service

05/22 https://www.careerera.com
Common Ports and Services Cont’d

80 Hypertext Transfer Protocol (HTTP) used in World Wide Web

123 Network Time Protocol (NTP)

161 Simple Network Management Protocol (SNMP)

443 HTTP Secure (HTTPS) HTTP over TLS/SSL

3389 Remote Desktop Protocol (RDP)

06/22 https://www.careerera.com
Enumerating Services and Types

SNMP SMTP
Enumeration Enumeration

NetBIOS NTP FTP


Enumeration Enumeration Enumeration

LDAP DNS
Enumeration Enumeration

07/22 https://www.careerera.com
SNMP Enumeration

A cycle of describing client information and devices on an objective


framework using SNMP is known as an SNMP enumeration. It
comprises a manager and a specialist; specialists are inserted on
each organization gadget, and the trough is introduced on a
different PC.

To access and configure the SNMP specialist from the


administration station, SNMP requires two credentials.

These standard network strings are used by hackers to delete data


from devices. Hackers list SNMP to remove data about organization
assets, for example, has, switches, gadgets, shares, and so on, and
network data, for example, ARP tables, directing tables, traffic, etc.

08/22 https://www.careerera.com
NetBIOS Enumeration

The unique 16 ASCII character NetBIOS name is used to identify


organisation devices through TCP/IP. 15 characters are used for the
device name, while the remaining character is reserved for the
administration or name record type.

If a hacker discovers a Windows OS with port 139 open, they can


check what resources are accessible or visible on the distant
framework. However, the remote framework likely enabled document
and printer sharing in order to count the NetBIOS names. Depending
on the availability of offers, this type of enumeration may allow the
programmer to read or communicate with the remote PC system or
launch a DoS.

09/22 https://www.careerera.com
LDAP Enumeration

The active directory may be enumerated using LDAP enumeration. The


most common TCP ports used by this service are 389 and 639 by
default. Usernames, addresses, and other valuable information can be
gathered using LDAP enumeration and exploited for social engineering
and other attacks in the future.

LDAP queries can be used to enumerate a wide range of objects,


including users, groups, and a lot more.

Tools Used For LDAP Enumeration:


 Nmap
 enum4linux
 windapsearch

10/22 https://www.careerera.com www.careerera.com/


NTP Enumeration
A protocol called NTP was created to synchronise the clocks of
networked computers. The information that can be obtained by querying
the ntp server can prove to be highly helpful from a vulnerability
analysis/penetration testing perspective and is typically accessible
without any formal authentication being required.

An NTP server can be attacked using the following commands:

 ntpdate
 ntptrace
 ntpdc
 ntpq

11/22 https://www.careerera.com
SMTP Enumeration
(SMTP) Simple Mail Transport Protocol is used to send email messages
as opposed to POP3 or IMAP which can be used to both send and
receive messages. SMTP relies on using Mail Exchange (MX) servers to
direct the mail via the Domain Name Service, however, should an MX
server not be detected. SMTP generally runs on port 25.

This is accomplished with the use of the built-in SMTP commands, such

 User validation is done via the VRFY command.


 EXPN - This command displays the real delivery address for mailing
lists and aliases.
 RCPT TO - This specifies the message's recipients.

12/22 https://www.careerera.com
FTP Enumeration

A way to access and distribute files online is using FTP. The


protocol is a mechanism for computers on a TCP/IP network to
connect with one another. FTP is a client-server protocol that only
uses TCP for server-side communication.

"File Transfer Protocol," can transfer files between any computers


that have an Inter communication, and also works between
computers using totally different operating systems.

With anonymous FTP, users can access files and other data
without providing an ID or password. Transferring files from a
client computer to a server computer is called "uploading“
Whereas Transferring from a server to a client is "downloading".

13/22 https://www.careerera.com
DNS Enumeration
A technique used for reconnaissance to better understand the target
systems' surface area is DNS enumeration (i.e. IP addresses).

This process returns various important information about the target


like DNS record types, host names, IP addresses and much more
depending upon the configuration of that target system.

Nmap, DNS recon, and other open source tools and scripts are
available to do DNS enumeration.

14/22 https://www.careerera.com
LAB-1
SNMP Enumeration
 Enumerating Simple Network Management Protocol

13/22 https://www.careerera.com
LAB-2
NetBIOS Enumeration
 Enumeration Network Basic Input Output System

13/22 https://www.careerera.com
LAB-3
LDAP Enumeration
 Enumerating Lightweight directory access protocol

13/22 https://www.careerera.com
LAB-4
NTP Enumeration
 Enumerating Network Time Protocol

13/22 https://www.careerera.com
LAB-5
SMTP Enumeration
 Enumerating Simple Mail Transfer Protocol

13/22 https://www.careerera.com
LAB-6
FTP Enumeration
 Enumerating File Transfer Protocol

13/22 https://www.careerera.com
LAB-7
DNS Enumeration
 Enumerating Domain Name System

13/22 https://www.careerera.com
THANK YOU
If You Have Questions, Criticisms Or Suggestions,
Please Connect with Us Directly

Phone- +1-844-889-4054
Email- [email protected]

22/22 https://www.careerera.com

You might also like