Scribd
Upload
3 views23 pages

EHCP Lec 10 Enumeration

The document discusses ethical hacking concepts and practices, specifically focusing on enumeration techniques and the services and ports that can be enumerated. It highlights various protocols such as SMTP, RPC, LDAP, and SMB, explaining their roles in user enumeration and data access. Additionally, it mentions the importance of countermeasures against enumeration attacks and provides resources for further learning.

Uploaded by

Makeit Up
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
3 views23 pages

EHCP Lec 10 Enumeration

The document discusses ethical hacking concepts and practices, specifically focusing on enumeration techniques and the services and ports that can be enumerated. It highlights various protocols such as SMTP, RPC, LDAP, and SMB, explaining their roles in user enumeration and data access. Additionally, it mentions the importance of countermeasures against enumeration attacks and provides resources for further learning.

Uploaded by

Makeit Up
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 23

Ethical Hacking Concepts

& Practices
Enumeration

resentation includes contents available online including images copied from Google search and contents of presentations of other professors. I don’t claim any image or text to be my own. All the credit goes to the




6
Techniques for Enumeration
9
Services and Ports to
Enumerate
Ports and Enumeration
• Zone transfers: Are typically used to replicate DNS data across a number of DNS servers, or
to back up DNS files. A user or server will perform a specific zone transfer request from a name
server.

• SMTP: Service has two internal commands that allow the enumeration of users: VRFY
(confirming the names of valid users) and EXPN (which reveals the actual address of users aliases
and lists of e-mail (mailing lists)).

• Remote Procedure Call (RPC): Is a mechanism that allows Windows processes to


communicate with one another, either between a client and server across a network or within a
single system (Username & Passwords)

11
Ports and Enumeration
• Global catalog server: Is a distributed data storage that is stored in domain controllers
(also known as global catalog servers) and is used for faster searching. It provides a searchable
catalog of all objects in every domain in a multi-domain Active Directory Domain Services (AD
DS).

• NetBIOS: (Network Basic Input/Output System) is a network service that enables


applications on different computers to communicate with each other across a local area network
(LAN).

12
Ports and Enumeration
• Lightweight Directory Access Protocol: LDAP is a protocol used to access
directory listings within Active Directory or from other Directory Services. Valid usernames,
addresses, departmental details that could be utilized in a brute force or social engineering
attack.

• SMB Server Message Block: With the help of SMB, a user or any application or
software that is authorized can access files or other resources on a remote server. Actions that
can be performed include reading data, creating data, and updating data. The communication
between clients and servers is done with the help of something called SMB client request.

13



This is simple powerful security tool shows you who has what access to directories, files and Registry keys
on your systems.
Enumeration Countermeasures
Note: for demonstrations of services like NetBIOS, SNMP, LDAP, NTP, NFS, SMTP, DNS, IPsec, VoIP, RPC, SMB, etc. check course book and lab manual (module 04)
20
21
22
Thankyou

You might also like