Enumeration is the first attack on target network; Enumeration is a process to gather the information about user names, machine names, network resources, shares and services ; Enumeration makes a fixed active connection to a system
Tools and techniques using for Enumeration
CMD Command :
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT :en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
www.mcafee.com/us/downloads/free-tools/superscan.aspx
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)
1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\192.168.2.2\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of 192.168.2.2 with build in anonymous user (u:) with a null password ("")
2.nbtstat : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<192.168.2.4>
Use : Will get the NetBIOS information and MAC address of the system
3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp ftp.gnuplot.info
4. telnet
Syantax : telnet <URL/IP> <port number>
Example : telnet www.csice.edu.in 80 (http port number)
Use : connect to a server
PORT NUMBER
http 80
ftp 21
telnet 23
smtp 25
dns 53
tftp 69
finger 79
NetBios 137
TO VIEW FULL ABOUT PORT :en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Tools using for Enumeration
1.Super scan
We are familiar with the tool Super scan in chapter 2
www.mcafee.com/us/downloads/free-tools/superscan.aspx
2.IP Tools
It gave information about
local info
|
- examines the local host and shows info about processor, memory, Winsock data, etc
| ||||
Connection Monitor
|
- displays information about current TCP and UDP network connections
| ||||
NetBIOS Info
|
- gets NetBIOS information about network interfaces (local and remote computers)
| ||||
NB Scanner
|
- shared resources scanner
| ||||
SNMP Scanner
|
- scans network(s) for SNMP enabled devices
| ||||
Name Scanner
|
- scans all hostnames within a range of IP addresses
| ||||
Port Scanner
|
- scans network(s) for active TCP based services
| ||||
UDP Scanner
|
- scans network(s) for active UDP based services
| ||||
Ping Scanner
|
- pings a remote hosts over the network
| ||||
Trace
|
- traces the route to a remote host over the network
| ||||
WhoIs
|
- obtains information about a Internet host or domain name from the NIC (Network Information Center)
| ||||
Finger
|
- retrieves information about user from a remote host
| ||||
LookUp
|
- looks for domain names according to its IP address or an IP address from its domain name
| ||||
GetTime
|
- gets time from time servers (also it can set correct time on local system)
| ||||
Telnet
|
- telnet client
| ||||
HTTP
|
- HTTP client
| ||||
IP-Monitor
|
- shows network traffic in real time (as a set of charts)
| ||||
Host Monitor
|
- monitors up/down status of selected hosts.
| ||||
Trap Watcher
|
- allows you to receive and process SNMP Trap messages.
|
Download from : www.ks-soft.net/ip-tools.eng/downpage.htm
3.softperfect network scanner
Features::
>Pings computers and displays those alive.
>Detects hardware MAC-addresses, even across routers.
>Detects hidden shared folders and writable ones.
>Detects your internal and external IP addresses.
>Scans for listening TCP ports, some UDP and SNMP services.
>Retrieves currently logged-on users, configured user accounts, uptime, etc.
>You can mount and explore network resources.
>Can launch external third party applications.
>Exports results to HTML, XML, CSV and TXT
>Supports Wake-On-LAN, remote shutdown and sending network messages.
>Retrieves potentially any information via WMI.
>Retrieves information from remote registry, file system and service manager.
Download from:www.softperfect.com/products/networkscanner/
4.Dumpsec
SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Download from : www.systemtools.com/cgi-bin/download.pl?DumpAcl
5.Enumerate systems using default password
Many devices like router, switches, hubs,.......... uses default password; in this website its a collection of default password
No comments:
Post a Comment