Search

What Is Enumeration in Ethical Hacking?

In this article we will understand the key concepts of Enumeration from an ethical hacking point of view. We will learn about the fundamentals of penetration testing, and how enumeration forms a part of it. We will also explore the other concepts - types of Enumeration, Techniques to perform enumeration and tools to support the process. We will be discussing the goals and services and the process of NetBIOS enumeration and Scanning enumeration.  What is penetration testing? Penetration testing or  Ethical hacking is a simulation of cyber-attacks to a computer system or application or infrastructure to detect vulnerabilities, if any. Penetration testing provides great insights on the list of vulnerabilities which we can categorize and rank as high, medium and low. We fix these vulnerabilities depending on the business requirement and timelines. Let us understand the various phases of penetration testing Description of Enumeration Enumeration is the phase 3 of the Penetration Testing or Ethical Hacking. It is a process of gaining complete access to the system by compromising the vulnerabilities identified in the first two phases. The Scanning stage only helps to identify the vulnerabilities to a certain extent, but  Enumeration helps us learn the complete details such as users, groups and even system level details – routing tables. This phase of the Ethical hacking is to gain end-to-end knowledge of what will be tested in the target environment. Tools are deployed to gain complete control over the system. Significance of Enumeration Enumeration is the most critical aspect of Ethical hacking. The metrics, outcomes, results are used directly in testing the system in the next steps of penetration testing.  Enumeration helps us to decipher the detailed information – Hostnames, IP tables, SNMP and DNS, Application, Banners, Audit configurations and service settings. The significance of Enumeration is that it systematically collects details. This allows pentesters to completely examine the systems.  The pentesters collect information about the weak links during the enumeration phase of ethical hacking.  Enumeration helps in finding the attack Vectors and threats. Enumeration Classification We can perform enumeration on the following: Enumeration and its types – Tool box Enumeration as a process extracts the user names, machine names, network resources, shares and services from the ecosystem.  There is a robust toolbox that helps the enumeration process become scalable. This is a mix of software and hardware systems.  There are free and commercial software tools for the enumeration. The hardware tools are mainly the key loggers and special wireless hardware. The pentesters find the right and optimum way to reach the various components of the systems. Techniques for Enumeration Types of information enumerated by intruders: The types of the information enumerated by intruders are the following: Network source Users and groups Routing tables Audit settings Service configuration settings The various machine names Applications Banners SNMP details DNS details Services and Port to Enumerate What are the goals of the Enumeration? Goal 1 – To map the end-to-end details that we need to check after the enumeration step Goal 2  - The ways to execute the attacks in the upcoming phases Goal 3 – Identify all the information we need to do the execution in future testing Goal 4 – Compile a list of devices with configuration for testing Goal 5 – Complete the network map to finalize the steps for testing Goal 6 – Compile the list of people who support the testing Goal 7 – Collect even irrelevant information that might still be significant in the future Process of Enumeration Tools supporting EnumerationToolUseServiceNmapNetwork mapperUsed to discover port and service information on a targetNessusService and vulnerability scanner.Used to identify vulnerable servicesWPScanWordPress vulnerability scannerUsed to identify vulnerable WordPress applicationsSearchsploitCLI tool for exploit.db for exploitsUsed to look up exploits for services.GoBusterWeb directory brute forcerUsed to discover directories on web servers.DigDomain Information GroperUsed to query DNS serversNmblookupSMB share lookup.Used to find any open and exposed SMB shares  Dnsenum  Used to enumerate DNS information  Port – Scanning Enumeration Port scanning is the most common form of enumeration. This is used to discover the various services which can exploit the systems. This includes all the systems that are connected to LAN or accessing the network via the modem which runs the services.  We can find out what services are running, who are the owners of these services and if any of them  requires a separate authenticationPort scanning techniques S.No  Technique  Process  1.Address Resolution Protocol (ARP) scanSeries of ARP broadcasts are sent, and the value for the target IP address field is incremented in each broadcast packet to discover active devices on the local network segmentThis scan helps us to map out the entire network 2.Vanilla TCP connect scanBasic scanning that uses system call of an operating system to open a connection to every port3.TCP SYN (Half Open) scanMost common type of scana technique that a malicious hacker uses to determine the state of a communications port without establishing a full connection4.TCP FIN ScanThis scan can remain undetected through most firewalls, packet filters, and other scan detection programs5.STEALTH SCANNING – NULL, X-MASThis scan crafts the packets flags in a way as if we are trying to induce some type of response from the target without actually going through the handshaking process and establishing a connection6.UDP ICMP Port ScanThis scan is used to find high number ports, especially in Solaris systems. The scan is slow and unreliable.7.TCP Reverse Ident ScanThis scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open portsNetBIOS Enumeration Net BIOS – Network Basic Input Output System NetBIOS helps in computer communication with LAN for sharing files and printers. They are primarily used for identifying the network devices. The naming is 16 characters – 15 characters for the device and the 16th denotes the service it runs. Attackers use the NetBIOS for scanning the list of computers per domain, policies and passwords and other shares in the network. Tools used – Nbtstat, superscan, Net View, Hyena Conclusion Enumeration is defined as the process of extracting usernames, machine names, network information and other services. Enumeration forms a critical step in the ethical hacking process, as obtaining the complete information is needed for the further steps – maintaining access and covering tracks. There are many techniques of enumeration which we have covered in this article. There are various tools depending on the use case available for enumeration including port scanning and NetBIOS. 

What Is Enumeration in Ethical Hacking?

11K
  • by Anand V
  • 02nd Nov, 2020
  • Last updated on 17th Mar, 2021
  • 7 mins read
What Is Enumeration in Ethical Hacking?

In this article we will understand the key concepts of Enumeration from an ethical hacking point of view. We will learn about the fundamentals of penetration testing, and how enumeration forms a part of it. We will also explore the other concepts - types of Enumeration, Techniques to perform enumeration and tools to support the process. We will be discussing the goals and services and the process of NetBIOS enumeration and Scanning enumeration.  

What is penetration testing? 

Penetration testing or  Ethical hacking is a simulation of cyber-attacks to a computer system or application or infrastructure to detect vulnerabilities, if any. Penetration testing provides great insights on the list of vulnerabilities which we can categorize and rank as high, medium and low. We fix these vulnerabilities depending on the business requirement and timelines. 

Let us understand the various phases of penetration testing 

Phases of Penetration Testing Description of Enumeration 

Enumeration is the phase 3 of the Penetration Testing or Ethical Hacking. It is a process of gaining complete access to the system by compromising the vulnerabilities identified in the first two phases. The Scanning stage only helps to identify the vulnerabilities to a certain extentbut  Enumeration helps us learn the complete details such as users, groups and even system level details – routing tables. This phase of the Ethical hacking is to gain end-to-end knowledge of what will be tested in the target environment. Tools are deployed to gain complete control over the system. 

Significance of Enumeration 

Enumeration is the most critical aspect of Ethical hacking. The metrics, outcomes, results are used directly in testing the system in the next steps of penetration testing.  Enumeration helps us to decipher the detailed information – Hostnames, IP tables, SNMP and DNS, Application, Banners, Audit configurations and service settings. The significance of Enumeration is that it systematically collects details. This allows pentesters to completely examine the systems.  The pentesters collect information about the weak links during the enumeration phase of ethical hacking.  

Enumeration helps in finding the attack Vectors and threats. 

Enumeration Classification 

We can perform enumeration on the following: 

Enumeration Classification

Enumeration and its types – Tool box 

Enumeration as a process extracts the user names, machine names, network resources, shares and services from the ecosystem.  There is a robust toolbox that helps the enumeration process become scalable. This is a mix of software and hardware systems.  There are free and commercial software tools for the enumeration. The hardware tools are mainly the key loggers and special wireless hardware. The pentesters find the right and optimum way to reach the various components of the systems. 

Techniques for Enumeration 

Techniques for Enumeration

Types of information enumerated by intruders: 

The types of the information enumerated by intruders are the following: 

  1. Network source 

  1. Users and groups 

  1. Routing tables 

  1. Audit settings 

  1. Service configuration settings 

  1. The various machine names 

  1. Applications 

  1. Banners 

  1. SNMP details 

  1. DNS details 

Services and Port to Enumerate 

Services and Port to Enumerate

What are the goals of the Enumeration? 

Goal 1 – To map the end-to-end details that we need to check after the enumeration step 

Goal 2  - The ways to execute the attacks in the upcoming phases 

Goal 3 – Identify all the information we need to do the execution in future testing 

Goal 4 – Compile a list of devices with configuration for testing 

Goal 5 – Complete the network map to finalize the steps for testing 

Goal 6 – Compile the list of people who support the testing 

Goal 7 – Collect even irrelevant information that might still be significant in the future 

Process of Enumeration 

Process of Enumeration Tools supporting Enumeration

ToolUseService
NmapNetwork mapperUsed to discover port and service information on a target
NessusService and vulnerability scanner.Used to identify vulnerable services
WPScanWordPress vulnerability scannerUsed to identify vulnerable WordPress applications
SearchsploitCLI tool for exploit.db for exploitsUsed to look up exploits for services.
GoBusterWeb directory brute forcerUsed to discover directories on web servers.
DigDomain Information GroperUsed to query DNS servers
NmblookupSMB share lookup.Used to find any open and exposed SMB shares  
Dnsenum  
Used to enumerate DNS information  

Port – Scanning Enumeration 

Port scanning is the most common form of enumeration. This is used to discover the various services which can exploit the systems. This includes all the systems that are connected to LAN or accessing the network via the modem which runs the services.  We can find out what services are running, who are the owners of these services and if any of them  requires a separate authentication

Port scanning techniques 

S.No  Technique  Process  
1.Address Resolution Protocol (ARP) scan
  • Series of ARP broadcasts are sent, and the value for the target IP address field is incremented in each broadcast packet to discover active devices on the local network segment
  • This scan helps us to map out the entire network 
2.Vanilla TCP connect scanBasic scanning that uses system call of an operating system to open a connection to every port
3.TCP SYN (Half Open) scan
  • Most common type of scan
  • a technique that a malicious hacker uses to determine the state of a communications port without establishing a full connection
4.TCP FIN ScanThis scan can remain undetected through most firewalls, packet filters, and other scan detection programs
5.STEALTH SCANNING – NULL, X-MASThis scan crafts the packets flags in a way as if we are trying to induce some type of response from the target without actually going through the handshaking process and establishing a connection
6.UDP ICMP Port ScanThis scan is used to find high number ports, especially in Solaris systems. The scan is slow and unreliable.
7.TCP Reverse Ident ScanThis scan discovers the username of the owner of any TCP connected process on the targeted system. It helps an attacker to use the ident protocol to discover who owns the process by allowing connection to open ports

NetBIOS Enumeration 

Net BIOS – Network Basic Input Output System 

NetBIOS helps in computer communication with LAN for sharing files and printers. 

They are primarily used for identifying the network devices. 

The naming is 16 characters – 15 characters for the device and the 16th denotes the service it runs. 

Attackers use the NetBIOS for scanning the list of computers per domain, policies and passwords and other shares in the network. 

Tools used – Nbtstatsuperscan, Net View, Hyena 

Conclusion 

Enumeration is defined as the process of extracting usernames, machine names, network information and other services. Enumeration forms a critical step in the ethical hacking process, as obtaining the complete information is needed for the further steps – maintaining access and covering tracks. There are many techniques of enumeration which we have covered in this article. There are various tools depending on the use case available for enumeration including port scanning and NetBIOS. 

Anand

Anand V

Blog Author

Anand V is an independent consultant with more than 23 plus years of experience. He is currently working in areas of Artificial  Intelligence ,Cybersecurity, Blockchain and IoT. 

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

Learning Ethical Hacking Can Be A Disaster If You Neglect These 7 Rules

Attacking one’s own self defence systems to check for vulnerabilities was considered to be a major war strategy even 1500 years ago. Attacking one’s own systems to check for resilience against attacks may have helped many of our ancestors win wars by fortifying their weak spots. The trend continues to this day in the name of ‘ethical hacking’ where in vulnerabilities in cyber systems are sniffed out and systems are fortified against attacks. A new kind of battle is being waged upon us this day, not in the battlefield but in the digital world. Cybercrime is the fastest growing area of crime and nobody is safe. The internet has brought a lot of anonymity to its users and hackers and cyber criminals take advantage of this anonymity to perpetrate crime. Ethical hacking was created out of a need to proactively counter cyber threat, and improve defences to protect the interests of vulnerable parties. Ethical Hacking is big business today. Google, Facebook, Twitter and other big companies spend millions on ‘white hat hacking’ to sniff out vulnerabilities in their systems. Bug bounty programs, where hackers will be compensated for reporting vulnerabilities, will be a norm in the future. Organizations trust individuals who have been certified as Ethical Hackers as they are aware of the code of conduct to be followed during ethical hacking courses. But even the sincerest ethical hacker may stumble and get into situations that may harm the hacker or the organization. Even certified ethical hackers need to understand some rules before practising white hat hacking. • You are a white hat hacker but you still need permission before hacking into a user’s system: White hat hacking may be ethical but hacking into a user’s system without explicit permission from them will land you in trouble. In fact hacking, even for ethical purposes without explicit permission from the owners is a criminal offence in most countries. • Understand your client’s business and organizational set up: Before you start off on ethical hacking it is important that you understand your client organisation’s business and system. This will give you a background on the sensitivities of their network and how you need to handle any sensitive information that you might encounter. • Do not exceed limits imposed by the client: Even if your client has given you full access to their network, there might still be a limit to how much you can dig. Do not dig deeper than you have been told to as you might be breaching client trust. • Make sure you do your job properly so that you do not compromise the client’s defence systems: Your job is to sniff out holes and ensure that those holes are fixed to strengthen the IT security system. Give a detailed report of your findings and ensure that you do not overstep any limits or violate any laws or regulations.Plan out before you perform ethical hacking tests as time and patience are of utmost importance for sensitive results. • Be transparent with your clients: Open communication with your client will not only help your client but also you, by increasing your trustworthiness. You must disclose all discoveries that you have made to your client so that they can take necessary precautions to safeguard their systems. Your client should be aware of what’s going on at all times. • Be confidential and ethical: You should maintain confidentiality during and even after the job is done. You are an ethical hacker and work ethics come topmost for you and this includes client confidentiality. Disclosing secrets of your clients to third parties will defeat the very purpose of ethical hacking. Uphold the values and goals of the company and respect their privacy. • Cover your tracks: You have penetrated the systems and you have suggested detailed clean-ups. But as you exit, you must ensure that you do not leave any footprints and thus protect the system from future attacks. Ethical hacking is a sensitive and sometimes dangerous job. But every ethical hacker must follow the commandments of ethical hacking as there is a very thin line between black hat and white hat hacking. Stay focused and true to yourself and you will be successful
21674
Learning Ethical Hacking Can Be A Disaster If You ...

Attacking one’s own self defence systems to chec... Read More

How To Get Knowledge About The Certified Ethical Hacker

Certified ethical hacker training is commonly denoted as the course that teaches you to break through your own or your company’s computer/s in a legitimate and official manner to find out the existent vulnerabilities and to assess the safety bearing of the target system. Certified ethical hackers use the same tools and knowledge that malicious attackers exploit and execute the indicated defensive, counteractive and protective actions to protect the system from any breach in future. The ethical hacking course is vendor-neutral certification, so you would be able to safeguard different systems irrespective of their make. The course gives you an opportunity to delve into various hacking approaches and techniques. Globally, CEH certification is provided by EC-council through their authorized training centres. Several universities and private computer colleges offer courses and programs featuring CEH training that align with the certified ethical curriculum prescribed by EC-Council. Knowledge about Certified ethical hacker training The course is a combination of academic material and practical skills enabling you to discover the working and activities of a hacker. The training commences with theoretical explanations of particular techniques incorporated in the subject followed by a hands-on illustration in the art lab. The objective of the ethical hacking course is to: Ascertain and administer basic standards for licensing professional information security experts in the ethical hacking process. Notify the agencies or employers that certified individuals fulfil or surpass the basic standards. Strengthen awareness about ethical hacking as a self-governing and distinctive profession. Train students to classify and break several kinds of passwords, and successfully neutralize password hacking. Teach encryption and cryptography techniques, and confidential/communal key infrastructure. Inform about widespread cyber-attacks, for instance, phishing, social engineering, identity breach, URL obfuscation, insider attacks, Trojans, dumpster pitching, etc. Instruct learners to abide by the code of ethics regulating professional demeanour and the correctness of hacking. What are the prerequisites for this certification? The ethical hacker training certification is aimed at fortifying the functional knowledge of security officials, auditors, site managers, and professionals who are involved in maintaining the integrity of the infrastructure network. Although there are no prerequisites for this certification but, basic knowledge of telecommunications, networking and computer systems is greatly recommended. The minimum age for appearing for the exam or applying for the training is restricted to no less than 18 years. Thus, candidates who fall in the right age category and possess relevant networking knowledge can apply for the course and complete their certification. The ethical hacking credential is one of the most sought-after certifications of EC-Council. The certified experts can seek a wide scope of job titles including network security specialist, penetration tester, ethical hacker, security specialist, site manager and auditor. In addition to the important business job opportunities, CEH certification opens gateways to rewarding security recruitments to the government run IT sector positions. The credential is an acknowledgement of your skills to work as an ethical hacker independently or with companies by having privileged access to vulnerable information.
How To Get Knowledge About The Certified Ethical H...

Certified ethical hacker training is commonly deno... Read More

How much do Ethical Hackers Earn?

Technology has flourished at break neck speed in the past decade. Inventions and innovations have transformed the way we live and work. We live in an interconnected world where everything is online. While this has made our lives easier, it has also made us vulnerable to sophisticated cyber criminals, who at their malicious best attack not just an individual but even a company, and in more brazen attacks even a nation's security and financial health.According to the latest report by Verizon, 70% of cybercrimes were caused by malicious hackers and outsiders. With a lot of sensitive data now being present online, the perception threat has steadily grown over the years.One of the foremost methods to prevent cybercrime is to reinforce the security of IT systems. Moreover, adding a dedicated team of ethical hackers to the workforce can help fix loopholes and prevent malicious attacks. With the surge in cybercrime, the need for cybersecurity has increased. This in turn has led to a rise in the demand for skilled ethical hackers and information security professionals.What is the CEH certification?The CEH(Certified Ethical Hacking) credential from EC-Council demonstrates that you have hands-on knowledge of niche techniques used by security professionals and hackers to prevent cyber-attacks. CEH also provides skills to assess the security aspects, scan the infrastructure, and detect vulnerabilities in the organizations. With the CEH course, you can:Enter into the industry as a security professionalLearn the hacker mentality to get a step ahead of cybercriminalsBoost your career in IT securityImprove your skills and knowledge which is a primary requirement for career advancementThe demand for Ethical HackersAccording to Forbes, "in this current year of 2020-21, the Global security market is worth $173 billion and within the next 5 years this will grow to around $270 billion." Statistics by the Australian Cyber Security Growth Network show that organizations across the globe are expected to raise their security budget by 8% annually.Source: austcyber.comMalicious cyber activities are increasing around the world, as cybercriminals are using sophisticated strategies for infiltration of systems and networks. Therefore, the demand for cybersecurity experts or ethical hackers will continue to increase.Opportunities for an ethical hackerIn India alone, more than 20,000 websites faced defacement, DDoS, or ransomware attacks just in 2019 as per the report of CERT(Indian Computer Emergency Response Team).Therefore, from private organizations to government entities, everyone needs an ethical hacker or security professional to counter unauthorized hacking and strengthen their security needs. As per the NASSCOM report, there will be 72000 security professionals in the coming years.Types of roles and responsibilities of an Ethical HackerCybersecurity experts will get various types of work opportunities from small scale organizations to giant tech corporations, government agencies, research organizations, and many others.The work of ethical hackers will differ and is not limited to the size and requirement of the organization, but also the skills and experience of hackers. However, here are some overall responsibilities expected from ethical hackers.To protect IT infrastructures, networks, devices, and data from cybercriminalsMonitor application and network performanceTo perform security tests to validate the strength of application, devices, and networkImplement information security management system to be followed by the entire organizationTo set detection and prevention facilities and make a barrier from outer /unauthorized accessTo stay connected with top management with updated risk management and business continuity plans.To perform all the above tasks and operations there are multiple designations hired by organizations, ranging from entry-level security personnel to CISO (Chief Information Security Officer). This pyramid shows the various levels of roles for cyber security professionals.Job roles and salariesEthical hackers can take on a variety of roles.Consulting - As explained earlier, almost all organizations require security professionals to secure their network,  data, devices, etc. Some organizations prefer to outsource the security solution rather than hire on their own.  In this case, the organization expects customized security solutions and suggestions and advice on protection of their assets against cyber-attacks.Bug bounty - Many organizations and tech giants organize bounty programs for hackers to find out vulnerabilities in their applications or websites and offer attractive cash prices.Training - Ethical hackers can provide training to professionals and students for advancement in their careers. These types of training also help to spread awareness in the society against cybercrime and to keep them secure from any potential fraud.Events - Tech giants like Tesla invites hackers to hack their cars. There are similar events for hackers to perform their skills and earn prizes, or in some cases jobs with handsome packages.The salary range for ethical hackersLucrative salaries are the most attractive part of this profession. Salaries in this field vary based on location, designation, skill, and experience. As we have seen in the pyramid earlier, there are multiple roles in the security field, with packages increasing from bottom to top. All organizations value their security, and are ready to pay top dollar for qualified candidates.As per a survey, the average salary of an ethical hacker or information security officer is INR 12,00,000 per annum with 3-5 years of experience. This is just an average figure. In some cases in New Delhi & Mumbai, suitable candidates got paid as much as up to INR 18,00,000 p.a. even without work experience.The package information mentioned above was just for India. Let's have a look at the below table to understand the worldwide salary ratio based on designation and experience.Do you have the skills for it?Before you decide to pursue ethical hacking as a profession, here are some skills you have to master:FocusPatienceStrategy making abilityGood CommunicationCuriosityDisciplineZest for learningThinking out of the boxPositive attitudeTop 10 technical skills:-Excellent computer skills  LinuxNetworking & InfrastructureProgramming skillsDatabase management systemsCryptographyCloud technologiesWeb applicationWireless technologiesPenetration TestingImportance of ethicsHave you heard the term 'Royal Guards'?  It refers to an elite group of highly skilled warriors who act as a monarch’s personal security guards. The monarch and the kingdom trust them and feel safe while surrounded by royal guards.In this field as well, an ethical hacker or a team of security professionals act as royal guards of the organization. Organizations trust the security professionals expecting security and implicit loyalty. Security professionals must be highly ethical, as they can have access to the most vital information systems, data, or any other assets. An ethical hacker must follow ethical /genuine practices during the entire employment term (and even after leaving a company) and uphold the trust of the management.EC-Council has written 19 steps of  'Code - of - Ethics' which must be followed by all ethical hackers to maintain the dignity of the profession.Below is a sample:As an ethical hacker, you must keep private and confidential information gained in your professional work (in particular as it pertains to client lists and client personal information). You should not collect, give, sell, or transfer any personal information (such as name, e-mail address, Social Security number, or another unique identifier) to a third party without the client's prior consent.ConclusionHighly skilled hackers will always be in demand because in the digital age, all organizations need to stay protected from hackers at any cost. This is a career that is surely future-proof!
2442
How much do Ethical Hackers Earn?

Technology has flourished at break neck speed in t... Read More