Ethical Hacking 简明教程

Ethical Hacking - Enumeration

枚举属于道德黑客的第一阶段,即“信息收集”。这是一项攻击者与受害者建立主动连接并尝试发现尽可能多的攻击向量的过程,可用于进一步利用这些系统。

Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further.

枚举可用于获取信息,例如 −

Enumeration can be used to gain information on −

  1. Network shares

  2. SNMP data, if they are not secured properly

  3. IP tables

  4. Usernames of different systems

  5. Passwords policies lists

枚举取决于系统提供的服务。它们可以是 −

Enumerations depend on the services that the systems offer. They can be −

  1. DNS enumeration

  2. NTP enumeration

  3. SNMP enumeration

  4. Linux/Windows enumeration

  5. SMB enumeration

让我们现在讨论一些广泛用于枚举的工具。

Let us now discuss some of the tools that are widely used for Enumeration.

NTP Suite

NTP 套件用于 NTP 枚举。这很重要,因为在网络环境中,您可以找到其他主服务器,帮助主机更新它们的时间,并且您可以在不验证系统的情况下完成此操作。

NTP Suite is used for NTP enumeration. This is important because in a network environment, you can find other primary servers that help the hosts to update their times and you can do it without authenticating the system.

请看以下示例。

Take a look at the following example.

ntpdate 192.168.1.100 01 Sept 12:50:49 ntpdate[627]:
adjust time server 192.168.1.100 offset 0.005030 sec

or
ntpdc [-ilnps] [-c command] [hostname/IP_address]

root@test]# ntpdc -c sysinfo 192.168.1.100
***Warning changing to older implementation
***Warning changing the request packet size from 160 to 48
system peer: 192.168.1.101

system peer mode: client
leap indicator: 00
stratum: 5

precision: -15
root distance: 0.00107 s
root dispersion: 0.02306 s
reference ID: [192.168.1.101]
reference time: f66s4f45.f633e130, Sept 01 2016 22:06:23.458
system flags: monitor ntp stats calibrate
jitter: 0.000000 s
stability: 4.256 ppm
broadcastdelay: 0.003875 s
authdelay: 0.000107 s

enum4linux

enum4linux 用于枚举 Linux 系统。查看以下屏幕截图并观察我们如何在目标主机中发现用户名。

enum4linux is used to enumerate Linux systems. Take a look at the following screenshot and observe how we have found the usernames present in a target host.

enum4linux

smtp-user-enum

smtp-user-enum 尝试使用 SMTP 服务猜测用户名。查看以下屏幕截图了解它是如何执行此操作的。

smtp-user-enum tries to guess usernames by using SMTP service. Take a look at the following screenshot to understand how it does so.

smtp

Quick Fix

建议禁用所有不使用的服务。这减少了操作系统枚举您系统正在运行的服务的可能性。

It is recommended to disable all services that you don’t use. It reduces the possibilities of OS enumeration of the services that your systems are running.