04 - Enumeration

Enumeration is the process of extracting usernames, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted in an intranet environment.

Module Objective

The objective of this lab is to provide expert knowledge on network enumeration and other responsibilities that include:

  • Username and user groups
  • Lists of computers, their operating systems, and ports
  • Machine names, network resources, and services
  • Lists of shares on individual hosts on the network
  • Policies and passwords

Scenario

Penetration testing is much more than just running exploits against vulnerable systems like we learned in the previous module. In fact, a penetration test begins before penetration testers have even made contact with the victim systems.

As a security expert and penetration tester, you must know how to enumerate target networks and extract lists of computers, user names, user groups, ports, operating systems, machine names, network resources, and services using various enumeration techniques.

I. Enumerating NetBIOS Using the SuperScan Tool

During enumeration, information is systematically collected and individual systems are identified. The pen testers examine the systems in their entirety; this allows evaluating security weaknesses. In this lab, we extract the information of NetBIOS information, user and group accounts, network shares, trusted domains, and services, which are either running or stopped. SuperScan detects open TCP and UDP ports on a target machine and determines which services are running on those ports; by using this, an attacker can exploit the open port and hack your machine. As an expert ethical hacker and penetration tester, you need to enumerate target networks and extract lists of computers, user names, user groups, machine names, network resources, and services using various enumeration techniques.

Lab Objectives

The objective of this lab is to help students learn and perform NetBIOS enumeration. NetBIOS enumeration is carried out to obtain:

  • List of computers that belong to a domain
  • List of shares on the individual hosts on the network
  • Policies and passwords