Enumeration is defined as the process of extracting user names, machine names, network resources, shares and services from a system. In this phase, the attacker creates an active connection to the system and performs directed queries to gain more information about the target.
The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit in the System gaining phase.
In this article, we’ll discuss some useful commands for Local Enumeration:
With the help of this command, you can easily view the home directory of a user along with login time and idle time.
2. Uname -a
This command will displays the OS Name, Version and some other details about the current machine and the OS running on it.
This command will show all the environmental variables information.
4. sudo -l
The above command will displays all sudo information for the current user.
Pwd (Present working directory) outputs the current working directory path.
6. ls -al
It lists all the files and their permissions (Including Hidden Files) in the current directory.
7. find / -perm /6000 2>/dev/null;
Lists out all the SUID and SGID files.
8. cat /etc/passwd
This command will list all the users on the system.
9. cat /etc/group
It will list all the groups on the system.
10. cat /etc/shadow
This command will displays all the users and their password hashes.
This command displays the current’s user and group ID’s.
It outputs the name of current user.
Enumeration also depends upon the services that the systems offers. They can be ?
- DNS enumeration
- NTP enumeration
- SNMP enumeration
- Linux/Windows enumeration
- SMB enumeration
With the help of LinEnum, which is an open source script for Local Linux Enumeration and also checks for Privilege Escalation.
Other Popular Enumeration Scripts –
Here are some common services and Port to Enumerate:
- TCP 53: DNS Zone transfer
- TCP 135: Microsoft RPC Endpoint Mapper
- TCP 137: NetBIOS Name Service
- TCP 139: NetBIOS session Service (SMB over NetBIOS)
- TCP 445: SMB over TCP (Direct Host)
- UDP 161: SNMP
- TCP/UDP 389: LDAP
- TCP/UDP 3368: Global Catalog Service
- TCP 25: Simple Mail Transfer Protocol (SMTP)