Scribd
Upload
22 views1 page

Module04 Enumeration

This document outlines various methods for network enumeration, including tools like Nmap, Advanced IP Scanner, and Enum4linux. It details specific commands for enumerating resources, services, and SNMP information on target machines. Additionally, it covers techniques for accessing shared folders and extracting information from Windows and Samba hosts.

Uploaded by

Aamir Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
22 views1 page

Module04 Enumeration

This document outlines various methods for network enumeration, including tools like Nmap, Advanced IP Scanner, and Enum4linux. It details specific commands for enumerating resources, services, and SNMP information on target machines. Additionally, it covers techniques for accessing shared folders and extracting information from Windows and Samba hosts.

Uploaded by

Aamir Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

Module 04: Enumeration

NetBIOS Enumeration Using Global Network Inventory (Hosts, Ports, Services)

Enumerating Network Resources Using Advanced IP Scanner (shutdown, radmin)

Performing Network Enumeration Using SuperScan

Enumerating Resources in a Local Machine Using Hyena

Performing Network Enumeration Using NetBIOS Enumerator

Enumerating a Network Using SoftPerfect Network Scanner

Enumerating a Target Network using Nmap and Net Use


nmap -O [Link]
You see that ports 135, 139, 445, etc. are open, and port 139 is using
NetBIOS.
Windows 2012, nbtstat –A [Link]
net use (to view the created null sessions/shared folders from your host)
net use \\[Link]\e ““\user:”” (create a null session)
net use \\[Link]\e ““/user:””

Enumerating Services on a Target Machine with Nmap


nmap -sP [Link]/24 (ping sweep scan)
nmap -sS [Link] (stealthy SYN scan)
nmap -sSV -O [Link] (stealthy SYN scan with version detection along with
OS detection)
nmap -sSV -O [Link] -oN [Link]

SNMP Enumeration Using snmp_enum with Nmap & Metasploit


nmap –sU –p 161 [Link]
nmap -sU -p 161 --script=snmp-brute [Link] (snmp-brute script will
extract the SNMP community string from the target machine)
msfconsole
use auxiliary/scanner/snmp/snmp_login
show options
set RHOSTS [Link]
exploit
use auxiliary/scanner/snmp/snmp_enum
set RHOSTS [Link]
exploit

LDAP Enumeration Using Active Directory Explorer (ADExplorer)

Enumerating information from Windows and Samba host using Enum4linux


enum4linux -u martin -p apple -U [Link] (user list)
enum4linux -u martin -p apple -o [Link] (Operating System details)
enum4linux -u martin -p apple -P [Link] (Password Policy Information)
enum4linux -u martin -p apple -G [Link] (Groups details)
enum4linux -u martin -p apple -S [Link] (Share Policy Information)

You might also like