CHAPTER-3
ENUMERATION
Enumeration is the first attack on
target network; Enumeration is a process to gather the information about user
names, machine names, network resources, shares and services ; Enumeration
makes a fixed active connection to a system
Tools and techniques using for Enumeration
CMD Command :
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT :en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
www.mcafee.com/us/downloads/free-tools/superscan.aspx
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT :en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
www.mcafee.com/us/downloads/free-tools/superscan.aspx
2.IP
Tools
It gave information about
local
info
|
-
examines the local host and shows info about processor, memory, Winsock data,
etc
|
||||
Connection
Monitor
|
-
displays information about current TCP and UDP network connections
|
||||
NetBIOS
Info
|
- gets
NetBIOS information about network interfaces (local and remote computers)
|
||||
NB
Scanner
|
-
shared resources scanner
|
||||
SNMP
Scanner
|
- scans
network(s) for SNMP enabled devices
|
||||
Name
Scanner
|
- scans
all hostnames within a range of IP addresses
|
||||
Port
Scanner
|
- scans
network(s) for active TCP based services
|
||||
UDP
Scanner
|
- scans
network(s) for active UDP based services
|
||||
Ping
Scanner
|
- pings
a remote hosts over the network
|
||||
Trace
|
-
traces the route to a remote host over the network
|
||||
WhoIs
|
-
obtains information about a Internet host or domain name from the NIC
(Network Information Center)
|
||||
Finger
|
-
retrieves information about user from a remote host
|
||||
LookUp
|
- looks
for domain names according to its IP address or an IP address from its domain
name
|
||||
GetTime
|
- gets
time from time servers (also it can set correct time on local system)
|
||||
Telnet
|
-
telnet client
|
||||
HTTP
|
- HTTP
client
|
||||
IP-Monitor
|
- shows
network traffic in real time (as a set of charts)
|
||||
Host
Monitor
|
-
monitors up/down status of selected hosts.
|
||||
Trap
Watcher
|
-
allows you to receive and process SNMP Trap messages.
|
Download from : www.ks-soft.net/ip-tools.eng/downpage.htm
3.softperfect network scanner
Features::
>Pings computers and displays those alive.
>Detects hardware MAC-addresses, even across routers.
>Detects hidden shared folders and writable ones.
>Detects your internal and external IP addresses.
>Scans for listening TCP ports, some UDP and SNMP services.
>Retrieves currently logged-on users, configured user accounts, uptime, etc.
>You can mount and explore network resources.
>Can launch external third party applications.
>Exports results to HTML, XML, CSV and TXT
>Supports Wake-On-LAN, remote shutdown and sending network messages.
>Retrieves potentially any information via WMI.
>Retrieves information from remote registry, file system and service manager.
Download from:www.softperfect.com/products/networkscanner/
4.Dumpsec
SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Download from : www.systemtools.com/cgi-bin/download.pl?DumpAcl
5.Enumerate systems using default password
Many devices like router, switches, hubs,.......... uses default password; in this website its a collection of default passwords
Visit: www.phenoelit-us.org/dpl/dpl.html
