The process of obtaining usernames, machine names, shares, network resources, and services from a system or network is known as enumeration. During this phase, the attacker establishes active connections with the system to learn more about the target and sends targeted requests. The attacker uses the information gathered by enumeration to find security flaws, allowing them to exploit the target system.
IPsec Enumeration
To secure
communication between virtual private network (VPN) endpoints, IPsec
uses Internet Key Exchange (IKE), Authentication Header (AH), and
Encapsulation Security Payload (ESP). To create, negotiate, alter, and remove
Security Associations (SA) and cryptographic keys in a VPN environment, the
majority of IPsec-based VPNs employ the Internet Security Association and Key
Management Protocol (ISAKMP), a component of IKE. A straightforward UDP port
500 checks for ISAKMP can reveal the existence of a VPN gateway.
Attackers can probe further using a tool, such as
ike-scan, to enumerate sensitive
information, including encryption and hashing algorithm, authentication type,
key distribution algorithm, and SA LifeDuration.
VoIP Enumeration
VoIP allows voice and video communications over an IP network by utilising the
Session Initiation Protocol (SIP) protocol. Typically,
UDP/TCP ports 2000, 2001, 5050, and 5061 are used by SIP services.
Sensitive information is provided by VoIP enumeration, including
IP-PBX systems, VoIP phones and gateways, client software, user-agent
IP addresses, and user extensions. Numerous VoIP attacks, including
Denial-of-Service (DoS), Session Hijacking, Caller ID spoofing, Eavesdropping,
Spamming over Internet Telephony (SPIT), and VoIP phishing (Vishing), can be
launched using this information. Tools like
svmap can be used to identify SIP devices
and PBX servers. Metaspolit's SIP username enumerator (auxiliary/scanner/sip/enumerator) can used as well.
RPC Enumeration
Remote Procedure Call (RPC) allows clients and servers to communicate in
distributed client/server programs. The port mapper service listens on TCP and
UDP port 111 to detect endpoints and present clients. Enumerating RPC
endpoints enabled attackers to identify vulnerable services on these service
ports. Attackers use the following Nmap scan commands to identify the RCP
service running on the network:
nmap -sR <target IP/network> or
nmap -T4 -A <target IP/network>.
NetScanTools Pro can be used too to capture RPC information.
Unix/Linux User Enumeration
Unix/Linux user enumeration is one of the crucial enumeration processes. A
list of users is produced by the Unix/Linux user enumeration process, which
also includes information on each user's start date, time, hostname, and
username. The following command-line utility can be used to perform Unix/Linux
user enumeration.
- /usr/bin/rusers: Displays a list of users who are logged on to remote machines or machines on a local network.
- rwho: Displays a list of users who are logged on to hosts on the local network.
- finger: Displays information about system users, such as login name, real name, terminal name, idle time, login time, office location, and office phone numbers. Command: finger @<IP>. Once you get usernames. finger <username>@<IP>.
IPv6 Enumeration
The IPv6 addressing protocol helps to identify computer systems by providing
their location and other details. It also helps to route data between
computers on a network. Attackers enumerate target hosts using IPv6 to gain
their IPv6 addresses. They then scan the list of IP addresses to find
different security issues. By using this information attackers can launch
various attacks such as SYN flood attacks, DNS amplification attacks, and
DDoS attacks.
Tools
- Enyx (github.com) is an enumeration tool that fetches the IPv6 address of a machine through SNMP. Command: python enyx.py 2c public <target IP>.
- IPv6 Hackit (ipv6hackit.sourceforge.net)
BGP Enumeration
A routing protocol called Border Gateway Protocol (BGP) is used to
communicate reachability and routing data across various autonomous systems
(AS) connected to the Internet. utilising tools like
Nmap and BGP Toolkit, attackers execute BGP enumeration to find the
IPv4 prefixes published by the AS number and the routing path that the
victim is utilising. Attackers perform a variety of attacks against the
target using this information, including DoS attacks, BGP hijacking attacks,
and man-in-the-middle assaults.
You might be interested in,
- Phases of Hacking
- Introduction to Enumeration
- NetBIOS Enumeration
- SNMP Enumeration
- LDAP Enumeration
- NTP, NFS and SMTP Enumeration
- DNS Enumeration
- Telnet, SMB, FTP and TFTP Enumeration
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
No comments:
Post a Comment