1. Info to be collect due enumaration
1.1. Username, group names
1.2. hostname
1.3. network share and services
1.4. ip table and routing tables
1.5. Services setting and audit configuration
1.6. application and banners
1.7. SNMP and DNS details
2. Enumeration classification
2.1. NetBios Enumeration
2.2. SNMP Enumeration
2.3. LDAP Enumeration
2.4. NTP Enumeration
2.5. SMTP Enumeration
2.6. DNS Enumeration
2.7. Windows Enumeration
2.8. UNIX /Linux Enumeration
3. types of scanning
3.1. a. Port scanning
3.1.1. The act of systematically scanning a computer's ports.
3.1.2. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer
3.1.3. Port scanning is when you send carefully crafted messages or packets to a target computer with the intent of learning more about it.
3.1.4. similar to a thief going through your neighborhood and checking every door and window on each house to see which ones are open and which ones are locked
3.1.5. Each of these has ports 0 through 65535 available so essentially there are more than 65,000 doors to lock.
3.2. b. Network scanning
3.2.1. to the use of a computer network to gather information regarding computing systems.
3.2.2. mainly used for security assessment, system maintenance, and also for performing attacks by hackers
3.2.3. designed to locate all the live hosts on a network (the hosts that are running).
3.2.4. will identify those systems that may be attacked later or those that may be scanned a little more closely
3.3. c. Vulnerability scanning
3.3.1. is used to identify weaknesses or vulnerabilities on a target system
3.3.2. proactive measure with the goal of catching problems internally before an attacker is able to locate those same vulnerabilities and act on them
4. Scanning methodology
4.1. a. Checking for live system
4.2. b. Checking for open ports
4.3. c. Service identification
4.4. d. Banner grabbing/OS fingerprinting
4.5. e. Vulnerability scanning
4.6. f. Draw network diagrams of vulnerable hosts
4.6.1. example of tools: lucidchart, LANssurveyor
4.7. g. Prepare proxies
4.8. h. Attack
5. Enumaration
5.1. Process extract information from a target system in organisation & methodical manner
5.2. Able to extract:
5.2.1. username, machine names, shares
5.3. Use active connection to the system to perform more aggressive information gathering
5.4. Assess the strength and weaknesses of system
6. Enumeration with SNMP (Simple Network Management Protocol)
6.1. used to assist in the management of devices such as routers, hubs and switches
6.2. application layer protocol that functions using UDP
6.3. protocol works across platforms, meaning it can be accessed on most modern operating systems including Windows, Linux, and Unix
6.4. for the ethical hacker consists of leveraging the weaknesses in the protocol to reveal user accounts and devices on a target running the protocol
6.5. The following can be extracted through SNMP:
6.5.1. ■ Network resources such as hosts, routers, and devices
6.5.2. ■ File shares
6.5.3. ■ ARP tables
6.5.4. ■ Routing tables
6.5.5. ■ Device-specific information
6.5.6. ■ Traffic statistics
6.6. Commonly used SNMP enumeration tools include
6.6.1. SNMPUtil
6.6.2. SolarWinds’ IP Network Browser
7. null sessions
7.1. The problem is that they are also a source of potential abuse as well.
7.2. NULL session can reveal a wealth of information.
7.3. NULL session is something that occurs when a connection is made to a Windows system without credentials being provided.
7.4. NULL sessions are designed to facilitate a connection between systems on a network to allow one system to enumerate the process and shares on the other.
7.5. Information that may be obtained during this process includes:
7.5.1. ■ List of users and groups
7.5.2. ■ List of machines
7.5.3. ■ List of shares
7.5.4. ■ Users and host SIDs