Enumeration Techniques

DISCLAIMER!
This content is intended solely for educational and ethical purposes. The tested IP that is revealed is created by our lecturer and this activity is conducted with permission. IPs that are not created by our lecturer will be represented by xx.xx.xx.xx here. All activities related to cybersecurity must comply with available regulations. The author (me) is not responsible for any misuse or illegal activities performed using the knowledge shared here. Any actions taken by the readers using this info are at the reader’s own risk.  


Enumeration Techniques

From previous weeks, we already learned a lot of cybersecurity concepts and techniques, especially for gathering information about our target. Today, we will review some of the techniques and also the vital information that we can gather using these techniques.

First, I would like to introduce shodan.io, a search engine that finds and monitors devices connected to the internet so that we can monitor network exposure and conduct vulnerability assessments.

In the picture below, we will find devices that are in Indonesia and have port 445. Port 445 is a Microsoft networking port that allows systems on the same network to share files and printers.

From here, we can gather some information of the public IP address. For ethical purposes, I changed the IP address into xx.xx.xx.xx. Please do not try to hack into the system without the owner’s permission.

Next, we will review some of the enumeration techniques used to gather information about an IP address.


1.     The owner of the IPs

For this purpose, we can use the simplest command, which is whois [IP]. From here, we can know the owner of the IP is PT Royal Audrey Megah in Kelapa Gading, Jakarta.


2.     The IP-hosted location

There are two methods to get this. The first one is to use the IP lookup in the web and type the IP address.


The second one is to use the Kali Linux terminal and type curl http://ipinfo.io/[IP]/json. 

 

From both methods, we know that IP 120.89.92.15 is hosted in Jakarta, Indonesia.

 

 

3.     OS and Services Version

For OS and services version, we can use nmap to get it. We will use nmap -A -Pn -T4 -v [IP] to get it (-A means aggressive and get all detailed information, -Pn (no ping) means that treats all hosts as online, -T4 means that we set scan speed to aggressive rather than the default T3, and -v (verbose) means that we print the detailed logs when scanning). To only get the OS version, we can use -O instead of -A.

Below is some crucial information that we got from the scanning.

We got the information about the ports that are open in the system.

We get the OS and services version of the IP.

 

 

4.     Files and Folders Shared

For this purpose, we can use smbclient -L [IP] to get the information.

We can see the shared files and folders of this IP address. The word $ means that it is hidden.

 


Additional Info

We can also get NetBIOS information using nbtscan [IP]. From here, we can retrieve the MAC address of the IP address, too.



I think that’s all for this page. Thank you for reading!



Comments

Post a Comment

Popular Posts