CHAPTER-3
ENUMERATION
Enumeration is the first attack on target network; Enumeration is a process to gather the information about user names, machine names, network resources, shares and services ; Enumeration makes a fixed active connection to a system
Tools and techniques using for Enumeration
CMD Command :
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT : http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
http://www.mcafee.com/us/downloads/free-tools/superscan.aspx
Download from : http://www.ks-soft.net/ip-tools.eng/downpage.htm
3.softperfect network scanner
Features::
>Pings computers and displays those alive.
>Detects hardware MAC-addresses, even across routers.
>Detects hidden shared folders and writable ones.
>Detects your internal and external IP addresses.
>Scans for listening TCP ports, some UDP and SNMP services.
>Retrieves currently logged-on users, configured user accounts, uptime, etc.
>You can mount and explore network resources.
>Can launch external third party applications.
>Exports results to HTML, XML, CSV and TXT
>Supports Wake-On-LAN, remote shutdown and sending network messages.
>Retrieves potentially any information via WMI.
>Retrieves information from remote registry, file system and service manager.
Download from:http://www.softperfect.com/products/networkscanner/
4.Dumpsec
SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Download from : http://www.systemtools.com/cgi-bin/download.pl?DumpAcl
5.Enumerate systems using default password
Many devices like router, switches, hubs,.......... uses default password; in this website its a collection of default passwords
Visit: http://www.phenoelit-us.org/dpl/dpl.html
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT : http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
http://www.mcafee.com/us/downloads/free-tools/superscan.aspx
2.IP Tools
It gave information about
Download from : http://www.ks-soft.net/ip-tools.eng/downpage.htm
3.softperfect network scanner
Features::
>Pings computers and displays those alive.
>Detects hardware MAC-addresses, even across routers.
>Detects hidden shared folders and writable ones.
>Detects your internal and external IP addresses.
>Scans for listening TCP ports, some UDP and SNMP services.
>Retrieves currently logged-on users, configured user accounts, uptime, etc.
>You can mount and explore network resources.
>Can launch external third party applications.
>Exports results to HTML, XML, CSV and TXT
>Supports Wake-On-LAN, remote shutdown and sending network messages.
>Retrieves potentially any information via WMI.
>Retrieves information from remote registry, file system and service manager.
Download from:http://www.softperfect.com/products/networkscanner/
4.Dumpsec
SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Download from : http://www.systemtools.com/cgi-bin/download.pl?DumpAcl
5.Enumerate systems using default password
Many devices like router, switches, hubs,.......... uses default password; in this website its a collection of default passwords
Visit: http://www.phenoelit-us.org/dpl/dpl.html
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon