Sunny Jovita – 2301939046
Week 6
Disclaimer: This blog is for educational purposes only.
Enumerating target is a process that is used to find and collect information about ports, operating systems, valid usernames, folder shared, and services available on the target machines.
Enumeration Techniques
There are some techniques in enumeration that can be used to gather the target’s information:
- Extracting user names using email ID’s
- Extract information using the default password
- Brute Force Active Directory
- Extract user names using SNMP
- Extract user groups from Windows
- Extract information using DNS Zone transfer
Some tools that can be used for enumeration:
NBTScan
– NBTScan: this tool is usually utilized for finding the remote devices’ IP address.
- nbtscan -r ipaddress/24
- nbtscan -v -s -r ipaddress/24
Brute force password
- Hydra
Hydra is a parallelized network login cracker built in various operating systems like Kali Linux, Parrot and other major penetration testing environments. Hydra works by using different approaches to perform brute-force attacks in order to guess the right username and password combination.
Hydra -L userfile -P password.txt ftp://ipaddress
Hydra -l username -p password smb://ipaddress
- Medusa
Medusa is an online password-cracking tool similar to THC Hydra. It claims to be a speedy parallel, modular and login brute-forcing tool.
medusa -h hostname -u username -p password -M ssh -n port
medusa -h hostname -U userfile -P password.txt -M ssh -n port
