What is Enumeration in Ethical Hacking? Top Enumeration Techniques and Countermeasures
If you know what is ethical hacking, then having an idea of what is enumeration in ethical hacking and the different techniques is important. It is because this concept is a crucial part of every ethical hacker’s life.
In this write-up (part of our comprehensive Ethical Hacking Tutorial for Beginners), we are going to talk about:
What is enumeration in ethical hacking?
Important terms and concepts of enumeration
Primary countermeasures to enumeration
Top enumeration techniques in cyber security
What is Enumeration in Ethical Hacking?
This is the stage where the attacker begins compromising the vulnerabilities in the target system. Here, the details of the victim are extracted from open ports.
These details can include usernames, user groups, network sources, routing tables, machine names, banners, SNMP details, DNS details, applications, etc. \
To know in detail about what is ethical hacking and what are different types of hacking attacks are, check the linked write-ups.
Information That You Can Extract With Enumeration Ethical Hacking
Hackers use enumeration in hacking to extract information from SNMP data, IP tables, usernames of systems, lists of password policies, etc.
Below is the type of information that can be extracted with enumeration:
Service configuration settings
Groups in a network
Names of machines
What is Enumeration & How to Avoid it? | Types of Enumeration
Let's understand practically what enumeration is, and the countermeasures you can take to avoid it:
Main Countermeasures to Enumeration in Cyber Security
Now that you have a clear idea of what is enumeration in ethical hacking, let’s know some of the main countermeasures to it.
Use ‘Additional restrictions for anonymous connections’. It is a Group Policy security feature.
Restrict the access to null session shares, null session pipes, and IPsec filtering.
Turn the SNMP service off or remove the SNMP agent.
Modify the name of the default community string name if you can’t turn off the SNMP.
Use SNMPV3. It is more secure and encrypts messages and passwords.
Don’t allow the DNS zone transfers to hosts that are not trusted.
Avoid publishing the private hosts and IP addresses into DNS zone files on a public server.
Utilize premium DNS registration services that can help you hide confidential information.
Disable the open relay option in SMTP servers.
Use an SSL certificate for traffic encryption.
Enumeration Methods and Techniques in Ethical Hacking
In addition to having knowledge of what is enumeration in cyber security, you also need to be skilled at various methods and techniques of enumeration.
1. NetBIOS Enumeration
The full form of NetBIOS is Network Basic Input Output System. The communication between devices on a LAN is enabled using NetBIOS.
Hackers can enumerate NetBIOS to find the list of computers, individual hosts, policies and passwords, etc., on the network.
Poisoning attacks are the primary way to enumerate NetBIOS. Here, the hacker accesses the network and spoofs the devices to gain control and misdirect traffic. He can also get the hashed passwords of users to crack these later.
For NetBIOS enumeration in ethical hacking, NBTScan is one of the prominent command-line tools in use. It scans the networks and finds NetBIOS shares and name information. NBTScan is available for Windows, Unix, and Kali Linux.
2. SNMP Enumeration
The full form of SNMP is a Simple Network Management Protocol. Based on the UDP protocol, SNMP is used to manage the devices on the IP network, including routers, hubs, and switches.
The authentication method of the SNMP is weak and prone to spoofing. Hackers can use it to enumerate the accounts of the users, groups, systems, as well as devices on the network.
3. SMTP Enumeration
The full form of SMTP is the Simple Mail Transport Protocol. Its role is to send emails. Mail Exchange servers are used by SMTP to direct and send emails.
SMTP enumeration can be used to get access to usernames using EXPN and VRFY commands (unless disabled by the network admins). EXPN shows the list of emails and the address of the user, whereas VRFY confirms the names of valid users.
4. NFS Enumeration
Network File System (NFS) is used to enable remote data sharing between systems on a network. These systems are based on Unix. The communication between machines on a network makes use of server-client architecture.
Hackers perform NFS enumeration using Nmap scan. The Nmap scan helps in finding the NFS ports that are open and can be targeted.
5. DNS Enumeration
DNS enumeration means finding the DNS servers and related records of the target company or system. Hackers can enumerate usernames, computer names, and IP addresses.
With DNS enumeration, they can get an idea about the database records in use, zone files of the domain name system, etc.