Ethical Hacking 简明教程

Ethical Hacking - Enumeration

枚举属于道德黑客的第一阶段,即“信息收集”。这是一项攻击者与受害者建立主动连接并尝试发现尽可能多的攻击向量的过程,可用于进一步利用这些系统。

枚举可用于获取信息,例如 −

  1. Network shares

  2. SNMP 数据,如果它们未被正确保护

  3. IP tables

  4. Usernames of different systems

  5. Passwords policies lists

枚举取决于系统提供的服务。它们可以是 −

  1. DNS enumeration

  2. NTP enumeration

  3. SNMP enumeration

  4. Linux/Windows enumeration

  5. SMB enumeration

让我们现在讨论一些广泛用于枚举的工具。

NTP Suite

NTP 套件用于 NTP 枚举。这很重要,因为在网络环境中,您可以找到其他主服务器,帮助主机更新它们的时间,并且您可以在不验证系统的情况下完成此操作。

Take a look at the following example.

ntpdate 192.168.1.100 01 Sept 12:50:49 ntpdate[627]:
adjust time server 192.168.1.100 offset 0.005030 sec

or
ntpdc [-ilnps] [-c command] [hostname/IP_address]

root@test]# ntpdc -c sysinfo 192.168.1.100
***Warning changing to older implementation
***Warning changing the request packet size from 160 to 48
system peer: 192.168.1.101

system peer mode: client
leap indicator: 00
stratum: 5

precision: -15
root distance: 0.00107 s
root dispersion: 0.02306 s
reference ID: [192.168.1.101]
reference time: f66s4f45.f633e130, Sept 01 2016 22:06:23.458
system flags: monitor ntp stats calibrate
jitter: 0.000000 s
stability: 4.256 ppm
broadcastdelay: 0.003875 s
authdelay: 0.000107 s

enum4linux

enum4linux is used to enumerate Linux systems. Take a look at the following screenshot and observe how we have found the usernames present in a target host.

enum4linux

smtp-user-enum

smtp-user-enum tries to guess usernames by using SMTP service. Take a look at the following screenshot to understand how it does so.

smtp

Quick Fix

It is recommended to disable all services that you don’t use. It reduces the possibilities of OS enumeration of the services that your systems are running.