Enumeration is the process of establishing an active connection to the target host to discover potential attack vectors in the computer system, information gained at this phase can be used for further exploitation of the system. It is often considered as a critical phase because few pieces of information gathered in this phase can help us directly exploit the target computer.
NetBIOS stands for Network Basic Input Output System. It allows computers to communicate over a LAN to share files and devices like printers. NetBIOS names are used to identify network devices over TCP/IP.
Name | NetBIOS code | NetBIOS code | Information Obtained |
<host name> | <00> | UNIQUE | Hostname |
<domain> | <00> | GROUP | Domain name |
<host name> | <03> | UNIQUE | Messenger service running for that computer |
<user name> | <03> | UNIQUE | Messenger service running for that individual logged-in user |
<host name> | <20> | UNIQUE | Server service running |
<domain> | <1D> | GROUP | Master browser name for the subnet |
<domain> | <1B> | UNIQUE | Domain master browser name, identifies the PDC for that domain |
SMB stands for Server Message Block. It is mainly used for providing shared access to files, printers and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism.
DNS enumeration retrieves information regarding all the DNS servers and their corresponding records related to an organization. DNS enumeration will yield usernames, computer names, and IP addresses of potential target systems.
The Internet equivalent of the phone book. They maintain the directory of domain names & translate them to internet protocol addresses.
The list of DNS records provides an overview of types of resource records stored in the zone files of the domain name system. The DNS implements a distributed, hierarchical and redundant database for information associated with internet domain names & addresses.
-A (Address) maps hostnames to IPv4 address. |
-SOA (Start of Authority) identifies the DNS server responsible for the domain information. |
-CNAME (Canonical Name) Provides additional names or aliases for the address. |
-AAAA (Address) maps hostnames to IPv6 address. |
-MX (Mail exchange) Identifies the mail server for the domain |
-SRV (Service) Identifies services such as directory services |
-PTR (Pointer) Maps IP address to hostnames |
-NS (Nameserver) Identifies other name servers for the domain |
NTP (Network Time Protocol) utilizes UDP port 123. Through NTP enumeration you can gather information such as a list of hosts connected to NTP server, IP addresses, system names, and operating systems running on the client system in a network. All this information can be enumerated by querying the server.
Simple Network Management Protocol is an application layer protocol which uses UDP protocol to maintain and manage routers, hubs, switches and other network devices. SNMP is a popular protocol found enabled on a variety of operating systems like Windows Server, Linux & UNIX servers as well as network devices.
SMTP enumeration allows us to determine valid users on the SMTP server. With the help of built-in SMTP commands, we can gather useful information.