CHAPTER-3
ENUMERATION
Enumeration is the first attack on target network; Enumeration is a process to gather the information about user names, machine names, network resources, shares and services ; Enumeration makes a fixed active connection to a system
Tools and techniques using for Enumeration
CMD Command :
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT : http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
http://www.mcafee.com/us/downloads/free-tools/superscan.aspx
Download from : http://www.ks-soft.net/ip-tools.eng/downpage.htm
3.softperfect network scanner
Features::
>Pings computers and displays those alive.
>Detects hardware MAC-addresses, even across routers.
>Detects hidden shared folders and writable ones.
>Detects your internal and external IP addresses.
>Scans for listening TCP ports, some UDP and SNMP services.
>Retrieves currently logged-on users, configured user accounts, uptime, etc.
>You can mount and explore network resources.
>Can launch external third party applications.
>Exports results to HTML, XML, CSV and TXT
>Supports Wake-On-LAN, remote shutdown and sending network messages.
>Retrieves potentially any information via WMI.
>Retrieves information from remote registry, file system and service manager.
Download from:http://www.softperfect.com/products/networkscanner/
4.Dumpsec
SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Download from : http://www.systemtools.com/cgi-bin/download.pl?DumpAcl
5.Enumerate systems using default password
Many devices like router, switches, hubs,.......... uses default password; in this website its a collection of default passwords
Visit: http://www.phenoelit-us.org/dpl/dpl.html
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT : http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
http://www.mcafee.com/us/downloads/free-tools/superscan.aspx
2.IP Tools
It gave information about
Download from : http://www.ks-soft.net/ip-tools.eng/downpage.htm
3.softperfect network scanner
Features::
>Pings computers and displays those alive.
>Detects hardware MAC-addresses, even across routers.
>Detects hidden shared folders and writable ones.
>Detects your internal and external IP addresses.
>Scans for listening TCP ports, some UDP and SNMP services.
>Retrieves currently logged-on users, configured user accounts, uptime, etc.
>You can mount and explore network resources.
>Can launch external third party applications.
>Exports results to HTML, XML, CSV and TXT
>Supports Wake-On-LAN, remote shutdown and sending network messages.
>Retrieves potentially any information via WMI.
>Retrieves information from remote registry, file system and service manager.
Download from:http://www.softperfect.com/products/networkscanner/
4.Dumpsec
SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Download from : http://www.systemtools.com/cgi-bin/download.pl?DumpAcl
5.Enumerate systems using default password
Many devices like router, switches, hubs,.......... uses default password; in this website its a collection of default passwords
Visit: http://www.phenoelit-us.org/dpl/dpl.html
Post a Comment