Skill Blitz Sale-mobile

HomeBlogSecurityWhat Is Enumeration in Ethical Hacking? Types and Techniques

What Is Enumeration in Ethical Hacking? Types and Techniques

Published
02nd May, 2024
Views
view count loader
Read it in
7 Mins
In this article
    What Is Enumeration in Ethical Hacking? Types and Techniques

    In this article we will understand the key concepts of Enumeration from an ethical hacking point of view. We will learn about the fundamentals of penetration testing, and how enumeration forms a part of it. We will also explore the other concepts - types of Enumeration, Techniques to perform enumeration and tools to support the process. We will be discussing the goals and services and the process of NetBIOS enumeration and Scanning enumeration.  

    What is penetration testing? 

    Penetration testing or  Ethical hacking is a simulation of cyber-attacks to a computer system or application or infrastructure to detect vulnerabilities, if any. Penetration testing provides great insights on the list of vulnerabilities which we can categorize and rank as high, medium and low. We fix these vulnerabilities depending on the business requirement and timelines. 

    Let us understand the various phases of penetration testing 

    Phases of Penetration Testing
    Description of Enumeration 

    Enumeration is the phase 3 of the Penetration Testing or Ethical Hacking. It is a process of gaining complete access to the system by compromising the vulnerabilities identified in the first two phases. The Scanning stage only helps to identify the vulnerabilities to a certain extentbut  Enumeration helps us learn the complete details such as users, groups and even system level details – routing tables. This phase of the Ethical hacking is to gain end-to-end knowledge of what will be tested in the target environment. Tools are deployed to gain complete control over the system. 

    Significance of Enumeration 

    Enumeration is the most critical aspect of Ethical hacking. The metrics, outcomes, results are used directly in testing the system in the next steps of penetration testing.  Enumeration helps us to decipher the detailed information – Hostnames, IP tables, SNMP and DNS, Application, Banners, Audit configurations and service settings. The significance of Enumeration is that it systematically collects details. This allows pentesters to completely examine the systems.  The pentesters collect information about the weak links during the enumeration phase of ethical hacking.  

    Enumeration helps in finding the attack Vectors and threats. 

    Enumeration Classification 

    We can perform enumeration on the following: 

    Enumeration Classification

    Enumeration and its types – Tool box 

    Enumeration as a process extracts the user names, machine names, network resources, shares and services from the ecosystem.  There is a robust toolbox that helps the enumeration process become scalable. This is a mix of software and hardware systems.  There are free and commercial software tools for the enumeration. The hardware tools are mainly the key loggers and special wireless hardware. The pentesters find the right and optimum way to reach the various components of the systems. 

    Techniques for Enumeration 

    Techniques for Enumeration

    Types of information enumerated by intruders: 

    The types of the information enumerated by intruders are the following: 

    1. Network source 

    1. Users and groups 

    1. Routing tables 

    1. Audit settings 

    1. Service configuration settings 

    1. The various machine names 

    1. Applications 

    1. Banners 

    1. SNMP details 

    1. DNS details 

    Services and Port to Enumerate 

    Services and Port to Enumerate

    What are the goals of the Enumeration? 

    Goal 1 – To map the end-to-end details that we need to check after the enumeration step 

    Goal 2  - The ways to execute the attacks in the upcoming phases 

    Goal 3 – Identify all the information we need to do the execution in future testing 

    Goal 4 – Compile a list of devices with configuration for testing 

    Goal 5 – Complete the network map to finalize the steps for testing 

    Goal 6 – Compile the list of people who support the testing 

    Goal 7 – Collect even irrelevant information that might still be significant in the future 

    Process of Enumeration 

    Process of Enumeration
    Tools supporting Enumeration

    ToolUseService
    NmapNetwork mapperUsed to discover port and service information on a target
    NessusService and vulnerability scanner.Used to identify vulnerable services
    WPScanWordPress vulnerability scannerUsed to identify vulnerable WordPress applications
    SearchsploitCLI tool for exploit.db for exploitsUsed to look up exploits for services.
    GoBusterWeb directory brute forcerUsed to discover directories on web servers.
    DigDomain Information GroperUsed to query DNS servers
    NmblookupSMB share lookup.Used to find any open and exposed SMB shares  
    Dnsenum  
    Used to enumerate DNS information  

    Port – Scanning Enumeration 

    Port scanning is the most common form of enumeration. This is used to discover the various services which can exploit the systems. This includes all the systems that are connected to LAN or accessing the network via the modem which runs the services.  We can find out what services are running, who are the owners of these services and if any of them  requires a separate authentication

    Port scanning techniques 

    S.No  Technique  Process  
    1.Address Resolution Protocol (ARP) scan
    • Series of ARP broadcasts are sent, and the value for the target IP address field is incremented in each broadcast packet to discover active devices on the local network segment
    • This scan helps us to map out the entire network 
    2.Vanilla TCP connect scanBasic scanning that uses system call of an operating system to open a connection to every port
    3.TCP SYN (Half Open) scan
    • Most common type of scan
    • a technique that a malicious hacker uses to determine the state of a communications port without establishing a full connection
    4.TCP FIN ScanThis scan can remain undetected through most firewalls, packet filters, and other scan detection programs
    5.STEALTH SCANNING – NULL, X-MASThis scan crafts the packets flags in a way as if we are trying to induce some type of response from the target without actually going through the handshaking process and establishing a connection
    6.UDP ICMP Port ScanThis scan is used to find high number ports, especially in Solaris systems. The scan is slow and unreliable.
    7.TCP Reverse Ident ScanThis scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open ports

    NetBIOS Enumeration 

    Net BIOS – Network Basic Input Output System 

    NetBIOS helps in computer communication with LAN for sharing files and printers. 

    They are primarily used for identifying the network devices. 

    The naming is 16 characters – 15 characters for the device and the 16th denotes the service it runs. 

    Attackers use the NetBIOS for scanning the list of computers per domain, policies and passwords and other shares in the network. 

    Tools used – Nbtstatsuperscan, Net View, Hyena 

    Looking to enhance your IT skills? Discover the power of ITIL v4 Specialist courses. Elevate your career with expert guidance. Join now!

    Conclusion 

    Enumeration is defined as the process of extracting usernames, machine names, network information and other services. Enumeration forms a critical step in the ethical hacking process, as obtaining the complete information is needed for the further steps – maintaining access and covering tracks. There are many techniques of enumeration which we have covered in this article. There are various tools depending on the use case available for enumeration including port scanning and NetBIOS. 

    Profile

    Vitesh Sharma

    Blog Author

    Vitesh Sharma, a distinguished Cyber Security expert with a wealth of experience exceeding 6 years in the Telecom & Networking Industry. Armed with a CCIE and CISA certification, Vitesh possesses expertise in MPLS, Wi-Fi Planning & Designing, High Availability, QoS, IPv6, and IP KPIs. With a robust background in evaluating and optimizing MPLS security for telecom giants, Vitesh has been instrumental in driving large service provider engagements, emphasizing planning, designing, assessment, and optimization. His experience spans prestigious organizations like Barclays, Protiviti, EY, PwC India, Tata Consultancy Services, and more. With a unique blend of technical prowess and management acumen, Vitesh remains at the forefront of ensuring secure and efficient networking solutions, solidifying his position as a notable figure in the cybersecurity landscape.

    Share This Article
    Ready to Master the Skills that Drive Your Career?

    Avail your free 1:1 mentorship session.

    Select
    Your Message (Optional)

    Upcoming Cyber Security Batches & Dates

    NameDateFeeKnow more
    Course advisor icon
    Course Advisor
    Whatsapp/Chat icon