Enumeration
In the phase of Enumeration, An attacker initiates active connections with the target system. With this active connection,
direct queries are generated to gain more information. These information helps to identify the system attack points. Once
attacker discovers attack points, it can gain unauthorized access using this collected information to reach assets. Information
that is enumerated in this phase are: -
1. Routing Information
2. SNMP Information
3. DNS Information
4. Machine Name
5. User Information
Techniques for Enumeration
1. Enumeration Using Email ID
Extraction of information using Email ID can provide useful information like username, domain name, etc. An Email address
contains username and domain name in it.
2. Enumeration using Default Password
Another way of enumeration is using default passwords. Every device and software has its default credentials and settings. This
default setting and configuration are recommended to be changed. Some administrators keep using default passwords and settings.
It became so easy for an attacker to gain unauthorized access using default credentials. Finding default settings, configuration
and password of a device is not a big deal.
3. Enumeration using SNMP
Enumeration using SNMP is a process of gaining information through SNMP. The attacker uses default community strings or guesses
the string to extract information about a device. SNMP protocol was developed to allow the manageability of devices by the
administrator, such as servers, routers, switches, workstations on an IP network. It allows the network administrators to manage
network performance of a network, finds, troubleshoots and solve network problems, design, and plan for network growth. SNMP is
an application layer protocol. It provides communication between managers and agents.
The SNMP system is consisting of three elements:
1. SNMP manager
2. SNMP agents (managed node)
3. Management Information Base (MIB)
4. Brute Force Attack on Active Directory
Active Directory (AD) provides centralized command and control of domain users, computers, and network printers. It restricts
the access to network resources only to the defined users and computers. The AD is a big target, a greater source of sensitive
information for an attacker. Brute force attack to exploit, or generating queries to LDAP services are performed to gather
information such as username, address, credentials, privileges information, etc.
5. Enumeration through DNS Zone Transfer
Enumeration through DNS zone transfer process includes extracting information like locating DNS Server, DNS Records, Other
valuable network related information such as hostname, IP address, username, etc. A zone transfer is a process to update DNS
servers; Zone file carries valuable information which is retrieved by the attacker. UDP 53 is used for DNS requests from DNS
servers. TCP 53 is used for DNS zone transfers to ensure the transfer went through.
Services Ports
DNS Zone Transfer TCP 53
DNS Queries UDP 53
SNMP UDP 161
SNMP Trap TCP/UDP 162
