- Blog Categories
- Project Management
- Agile Management
- IT Service Management
- Cloud Computing
- Business Management
- Business Intelligence
- Quality Engineer
- Cyber Security
- Career
- Big Data
- Programming
- Most Popular Blogs
- PMP Exam Schedule for 2024: Check PMP Exam Date
- Top 60+ PMP Exam Questions and Answers for 2024
- PMP Cheat Sheet and PMP Formulas To Use in 2024
- What is PMP Process? A Complete List of 49 Processes of PMP
- Top 15+ Project Management Case Studies with Examples 2024
- Top Picks by Authors
- Top 170 Project Management Research Topics
- What is Effective Communication: Definition
- How to Create a Project Plan in Excel in 2024?
- PMP Certification Exam Eligibility in 2024 [A Complete Checklist]
- PMP Certification Fees - All Aspects of PMP Certification Fee
- Most Popular Blogs
- CSM vs PSM: Which Certification to Choose in 2024?
- How Much Does Scrum Master Certification Cost in 2024?
- CSPO vs PSPO Certification: What to Choose in 2024?
- 8 Best Scrum Master Certifications to Pursue in 2024
- Safe Agilist Exam: A Complete Study Guide 2024
- Top Picks by Authors
- SAFe vs Agile: Difference Between Scaled Agile and Agile
- Top 21 Scrum Best Practices for Efficient Agile Workflow
- 30 User Story Examples and Templates to Use in 2024
- State of Agile: Things You Need to Know
- Top 24 Career Benefits of a Certifed Scrum Master
- Most Popular Blogs
- ITIL Certification Cost in 2024 [Exam Fee & Other Expenses]
- Top 17 Required Skills for System Administrator in 2024
- How Effective Is Itil Certification for a Job Switch?
- IT Service Management (ITSM) Role and Responsibilities
- Top 25 Service Based Companies in India in 2024
- Top Picks by Authors
- What is Escalation Matrix & How Does It Work? [Types, Process]
- ITIL Service Operation: Phases, Functions, Best Practices
- 10 Best Facility Management Software in 2024
- What is Service Request Management in ITIL? Example, Steps, Tips
- An Introduction To ITIL® Exam
- Most Popular Blogs
- A Complete AWS Cheat Sheet: Important Topics Covered
- Top AWS Solution Architect Projects in 2024
- 15 Best Azure Certifications 2024: Which one to Choose?
- Top 22 Cloud Computing Project Ideas in 2024 [Source Code]
- How to Become an Azure Data Engineer? 2024 Roadmap
- Top Picks by Authors
- Top 40 IoT Project Ideas and Topics in 2024 [Source Code]
- The Future of AWS: Top Trends & Predictions in 2024
- AWS Solutions Architect vs AWS Developer [Key Differences]
- Top 20 Azure Data Engineering Projects in 2024 [Source Code]
- 25 Best Cloud Computing Tools in 2024
- Most Popular Blogs
- Company Analysis Report: Examples, Templates, Components
- 400 Trending Business Management Research Topics
- Business Analysis Body of Knowledge (BABOK): Guide
- ECBA Certification: Is it Worth it?
- How to Become Business Analyst in 2024? Step-by-Step
- Top Picks by Authors
- Top 20 Business Analytics Project in 2024 [With Source Code]
- ECBA Certification Cost Across Countries
- Top 9 Free Business Requirements Document (BRD) Templates
- Business Analyst Job Description in 2024 [Key Responsibility]
- Business Analysis Framework: Elements, Process, Techniques
- Most Popular Blogs
- Best Career options after BA [2024]
- Top Career Options after BCom to Know in 2024
- Top 10 Power Bi Books of 2024 [Beginners to Experienced]
- Power BI Skills in Demand: How to Stand Out in the Job Market
- Top 15 Power BI Project Ideas
- Top Picks by Authors
- 10 Limitations of Power BI: You Must Know in 2024
- Top 45 Career Options After BBA in 2024 [With Salary]
- Top Power BI Dashboard Templates of 2024
- What is Power BI Used For - Practical Applications Of Power BI
- SSRS Vs Power BI - What are the Key Differences?
- Most Popular Blogs
- Data Collection Plan For Six Sigma: How to Create One?
- Quality Engineer Resume for 2024 [Examples + Tips]
- 20 Best Quality Management Certifications That Pay Well in 2024
- Six Sigma in Operations Management [A Brief Introduction]
- Top Picks by Authors
- Six Sigma Green Belt vs PMP: What's the Difference
- Quality Management: Definition, Importance, Components
- Adding Green Belt Certifications to Your Resume
- Six Sigma Green Belt in Healthcare: Concepts, Benefits and Examples
- Most Popular Blogs
- Latest CISSP Exam Dumps of 2024 [Free CISSP Dumps]
- CISSP vs Security+ Certifications: Which is Best in 2024?
- Best CISSP Study Guides for 2024 + CISSP Study Plan
- How to Become an Ethical Hacker in 2024?
- Top Picks by Authors
- CISSP vs Master's Degree: Which One to Choose in 2024?
- CISSP Endorsement Process: Requirements & Example
- OSCP vs CISSP | Top Cybersecurity Certifications
- How to Pass the CISSP Exam on Your 1st Attempt in 2024?
- Most Popular Blogs
- Best Career options after BA [2024]
- Top Picks by Authors
- Top Career Options & Courses After 12th Commerce in 2024
- Recommended Blogs
- 30 Best Answers for Your 'Reason for Job Change' in 2024
- Recommended Blogs
- Time Management Skills: How it Affects your Career
- Most Popular Blogs
- Top 28 Big Data Companies to Know in 2024
- Top Picks by Authors
- Top Big Data Tools You Need to Know in 2024
- Most Popular Blogs
- Web Development Using PHP And MySQL
- Top Picks by Authors
- Top 30 Software Engineering Projects in 2024 [Source Code]
- More
- Tutorials
- Practise Tests
- Interview Questions
- Free Courses
- Agile & PMP Practice Tests
- Agile Testing
- Agile Scrum Practice Exam
- CAPM Practice Test
- PRINCE2 Foundation Exam
- PMP Practice Exam
- Cloud Related Practice Test
- Azure Infrastructure Solutions
- AWS Solutions Architect
- AWS Developer Associate
- IT Related Pratice Test
- ITIL Practice Test
- Devops Practice Test
- TOGAF® Practice Test
- Other Practice Test
- Oracle Primavera P6 V8
- MS Project Practice Test
- Project Management & Agile
- Project Management Interview Questions
- Release Train Engineer Interview Questions
- Agile Coach Interview Questions
- Scrum Interview Questions
- IT Project Manager Interview Questions
- Cloud & Data
- Azure Databricks Interview Questions
- AWS architect Interview Questions
- Cloud Computing Interview Questions
- AWS Interview Questions
- Kubernetes Interview Questions
- Web Development
- CSS3 Free Course with Certificates
- Basics of Spring Core and MVC
- Javascript Free Course with Certificate
- React Free Course with Certificate
- Node JS Free Certification Course
- Data Science
- Python Machine Learning Course
- Python for Data Science Free Course
- NLP Free Course with Certificate
- Data Analysis Using SQL
What Is Enumeration in Ethical Hacking? Types and Techniques
Updated on Nov 03, 2020 | 7 min read | 13.9k views
Share:
Table of Contents
In this article we will understand the key concepts of Enumeration from an ethical hacking point of view. We will learn about the fundamentals of penetration testing, and how enumeration forms a part of it. We will also explore the other concepts - types of Enumeration, Techniques to perform enumeration and tools to support the process. We will be discussing the goals and services and the process of NetBIOS enumeration and Scanning enumeration.
What is penetration testing?
Penetration testing or Ethical hacking is a simulation of cyber-attacks to a computer system or application or infrastructure to detect vulnerabilities, if any. Penetration testing provides great insights on the list of vulnerabilities which we can categorize and rank as high, medium and low. We fix these vulnerabilities depending on the business requirement and timelines.
Let us understand the various phases of penetration testing
Master Right Skills & Boost Your Career
Avail your free 1:1 mentorship session
Description of Enumeration
Enumeration is the phase 3 of the Penetration Testing or Ethical Hacking. It is a process of gaining complete access to the system by compromising the vulnerabilities identified in the first two phases. The Scanning stage only helps to identify the vulnerabilities to a certain extent, but Enumeration helps us learn the complete details such as users, groups and even system level details – routing tables. This phase of the Ethical hacking is to gain end-to-end knowledge of what will be tested in the target environment. Tools are deployed to gain complete control over the system.
Significance of Enumeration
Enumeration is the most critical aspect of Ethical hacking. The metrics, outcomes, results are used directly in testing the system in the next steps of penetration testing. Enumeration helps us to decipher the detailed information – Hostnames, IP tables, SNMP and DNS, Application, Banners, Audit configurations and service settings. The significance of Enumeration is that it systematically collects details. This allows pentesters to completely examine the systems. The pentesters collect information about the weak links during the enumeration phase of ethical hacking.
Enumeration helps in finding the attack Vectors and threats.
Enumeration Classification
We can perform enumeration on the following:
Enumeration and its types – Tool box
Enumeration as a process extracts the user names, machine names, network resources, shares and services from the ecosystem. There is a robust toolbox that helps the enumeration process become scalable. This is a mix of software and hardware systems. There are free and commercial software tools for the enumeration. The hardware tools are mainly the key loggers and special wireless hardware. The pentesters find the right and optimum way to reach the various components of the systems.
Techniques for Enumeration
Types of information enumerated by intruders:
The types of the information enumerated by intruders are the following:
- Network source
- Users and groups
- Routing tables
- Audit settings
- Service configuration settings
- The various machine names
- Applications
- Banners
- SNMP details
- DNS details
Services and Port to Enumerate
What are the goals of the Enumeration?
Goal 1 – To map the end-to-end details that we need to check after the enumeration step
Goal 2 - The ways to execute the attacks in the upcoming phases
Goal 3 – Identify all the information we need to do the execution in future testing
Goal 4 – Compile a list of devices with configuration for testing
Goal 5 – Complete the network map to finalize the steps for testing
Goal 6 – Compile the list of people who support the testing
Goal 7 – Collect even irrelevant information that might still be significant in the future
Process of Enumeration
Tools supporting Enumeration
| Tool | Use | Service |
|---|---|---|
| Nmap | Network mapper | Used to discover port and service information on a target |
| Nessus | Service and vulnerability scanner. | Used to identify vulnerable services |
| WPScan | WordPress vulnerability scanner | Used to identify vulnerable WordPress applications |
| Searchsploit | CLI tool for exploit.db for exploits | Used to look up exploits for services. |
| GoBuster | Web directory brute forcer | Used to discover directories on web servers. |
| Dig | Domain Information Groper | Used to query DNS servers |
| Nmblookup | SMB share lookup. | Used to find any open and exposed SMB shares |
| Dnsenum | Used to enumerate DNS information |
Port – Scanning Enumeration
Port scanning is the most common form of enumeration. This is used to discover the various services which can exploit the systems. This includes all the systems that are connected to LAN or accessing the network via the modem which runs the services. We can find out what services are running, who are the owners of these services and if any of them requires a separate authentication
Port scanning techniques
| S.No | Technique | Process |
|---|---|---|
| 1. | Address Resolution Protocol (ARP) scan |
|
| 2. | Vanilla TCP connect scan | Basic scanning that uses system call of an operating system to open a connection to every port |
| 3. | TCP SYN (Half Open) scan |
|
| 4. | TCP FIN Scan | This scan can remain undetected through most firewalls, packet filters, and other scan detection programs |
| 5. | STEALTH SCANNING – NULL, X-MAS | This scan crafts the packets flags in a way as if we are trying to induce some type of response from the target without actually going through the handshaking process and establishing a connection |
| 6. | UDP ICMP Port Scan | This scan is used to find high number ports, especially in Solaris systems. The scan is slow and unreliable. |
| 7. | TCP Reverse Ident Scan | This scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open ports |
NetBIOS Enumeration
Net BIOS – Network Basic Input Output System
NetBIOS helps in computer communication with LAN for sharing files and printers.
They are primarily used for identifying the network devices.
The naming is 16 characters – 15 characters for the device and the 16th denotes the service it runs.
Attackers use the NetBIOS for scanning the list of computers per domain, policies and passwords and other shares in the network.
Tools used – Nbtstat, superscan, Net View, Hyena
Looking to enhance your IT skills? Discover the power of ITIL v4 Specialist courses. Elevate your career with expert guidance. Join now!
Conclusion
Enumeration is defined as the process of extracting usernames, machine names, network information and other services. Enumeration forms a critical step in the ethical hacking process, as obtaining the complete information is needed for the further steps – maintaining access and covering tracks. There are many techniques of enumeration which we have covered in this article. There are various tools depending on the use case available for enumeration including port scanning and NetBIOS.
221 articles published
Get Free Consultation
By submitting, I accept the T&C and
Privacy Policy