From the course: Penetration Testing and Ethical Hacking

Enumeration concepts

From the course: Penetration Testing and Ethical Hacking

Start my 1-month free trial Buy for my team

Enumeration concepts

- [Instructor] Enumeration. In this lesson, we are going to be talking about enumeration. So in the next few lessons, we're going to look at different ways that a hacker or a certified ethical hacker can enumerate different targets and different ways of performing enumeration. So let's go and get started. So in our earlier sections, we talked about footprinting. We talked about scanning, and these were ways of collecting information about a target. We also discussed several tools that can help collect that information as well. So now we're moving closer to the target and getting more detailed information. Now this includes sensitive information, such as network information, network resources, routing paths, SNMP, DNS, other protocol-related information. So Enumeration concepts. Now, in the enumeration phase, the attacker's actually initiating active connections with the target system. So now we have done already the passive. Now we're more into the active because you're actually touching that target. Through this act of connection, direct queries are generated to gain more information, and this information helps to identify the system's attack points. So this is some of the information that you can gather in this phase, routing information, SNMP, DNS, machine names, you know, of course, the names of the host that's on the network, user information, group information, application and banners, network sharing information, and network resources. So, again, you're really starting to get closer to your target because now you're peering into some very sensitive information that's on the network. And you do this through enumeration. Now there's a lot of different techniques for enumeration. We're going to cover some here in the following slides, but also, we're going to talk about some others as well. So, enumeration using email ID. You know, email can be used to extract information, and it can be useful, such as the usernames or domain names. Since email addresses usually contains the username and the domains, that's a good way to get that information. Enumeration using default password, this is another way of performing enumeration by using default passwords. I mean, that is a weak security concept, meaning if an administrator is leaving default passwords on there, that's not good practice. But however, we can perform enumeration on a device when they have default passwords. SNMP. Using SNMP is a process of collection information through this process as well, The attacker uses the default community strings or guesses the strings, and you're able to get information about those devices that's using SNMP. And SNMP is a Simple Network Management Protocol. Basically, that protocol communicates with devices on the network, and you're able to get valuable information about the devices and the type of services that's running on those devices through SNMP. Brute force attack on an Active Directory. Active Directory provides centralized command and control of domain users, computers, and other resources. So brute forcing or generating queries to the LDAP services can help gather this information as well. Or you can use enumeration through the DNS zone transfer. The DNS zone transfer process, it includes extracting information, such as the DNS server's location, DNS records, and other valuable information. By enumerating this information, you can gain valuable information, and the information that it carries that can benefit the attack. Okay, so in this lesson, we started off our Enumeration lessons. We looked at the Introduction to Enumeration, talked about enumeration and different techniques that we can do as far as enumerating different targets. We talked about enumeration concepts, why you would do it, why are you looking for, what you're looking for, and what information are you looking to gain, as well as different techniques. All right, that is it for this lesson, and I'll see you in the next lesson.

Contents