Blog - Page 23 of 50 - Hackercool Magazine

Posted on September 9, 2023September 9, 2023 by kanishka10

LDAP enumeration for beginners

Hello, aspiring Ethical Hackers. In our previous blogpost, you learnt what is enumeration, why it is important in pen testing and what are the various types of enumeration. In this blogpost, you will learn about LDAP enumeration.

What is LDAP?

Lightweight Directory Access Protocol (LDAP) is a protocol that enables users to locate data about the organization, users and other resources like files and devices in a network. LDAP is also used as a central server for authentication. LDAP runs on port 389. Learn how LDAP works.

What information does LDAP enumeration reveal?

By enumerating LDAP, attackers can gather important information like valid usernames, addresses and other data about organization that can help as the hack progresses.

How to perform LDAP enumeration?

There are many tools that can be used to enumerate LDAP. For this article, let’s see how to perform it using a Nmap script. The script we use is “ldap and not brute”.

Posted on September 7, 2023September 7, 2023 by kanishka10

SNMP enumeration for beginners

Hello aspiring Ethical Hackers. In our previous blogpost, you learnt what is enumeration, why it is important and various types of enumeration. In this blogpost, you will learn about SNMP enumeration.

What is SNMP?

SNMP stands for Simple Network Management Protocol. It is a protocol that is used to monitor devices in the network. These devices include routers, switches, bridges, computers and printers etc. This protocol really helpful for organizations with thousands of devices in is network. Learn more about how SNMP works. SNMP contains 3 main components. They are SNMP manager, SNMP agent and Management Information Base (MIB). SNMP runs on UDP ports 161,162.

What information does SNMP enumeration reveal?

SNMP enumeration can reveal information about all the devices on the target network and user accounts on the target system with SNMP server running. Apart from this, SNMP enumeration reveals information about hosts, routers, network information, network interfaces, active TCP and UDP ports on the target system, services running on the network and network shares etc.

How to perform SNMP enumeration?

Simple Network Management Protocol (SNMP) consists of a manager and an agent. Agents are embedded on each and every network device and the manager is installed on a separate computer. SNMP consists of two passwords that are used to access and configure the SNMP agents from the management station. They are, Read community string, Read/write community string.

Read community string: By default Public, it allows attackers to view device/system configuration.
Read/write: It is private by default and allows remote editing of configuration.

Tools use these default community strings to extract information about the target. There are many tools that can be used to perform SNMP enumeration. Let’s see one of them.

1. snmp-check

SNMP-check is a tool that is installed by default in Kali Linux. Here’s how we can enumerate the default community string of “public” of SNMP.

Here are the user accounts on the target system.

Here the network information is revealed.

We can see that the target is a Dual-homed system.

Here are the active TCP and UDP ports.

It also reveals other system information about the target.

You can see that SNMP enumeration reveals a lot of information about the target system and network which can prove very helpful as the hack progresses.

Posted on September 6, 2023September 6, 2023 by kanishka10

NetBIOS enumeration for beginners

Hello, aspiring Ethical Hackers. In our previous blogpost, you learnt what is Enumeration, what are its uses, why it is used and types of enumeration. In this blogpost, you will learn about NetBIOS enumeration.

What is NetBIOS service?

NetBIOS stands for Network Basic Input/Output System. It is used to allow applications and programs on separate computers to communicate with each other and establish sessions. This can be used to access shared resources.

NetBIOS can be used to provide three distinct services. They are NetBIOS Name Service, (NetBIOS-NS), NetBIOS Datagram distribution services (NetBIOS-DGM) and NetBIOS Session service (NetBIOS-SSN). These services run on ports 137,138 and 139 respectively.

What information does NetBIOS enumeration reveal?

It can provide information such as list of computers belonging to a particular domain, list of shares on target systems and sometimes even policies and passwords etc.

How to perform NetBIOS enumeration?

There are many tools that can be used to perform NetBIOS enumeration. Let’s see some of them.

1. nmblookup

The nmblookup command in Linux allows users to query NetBIOS names and maps them to IP addresses in a network using NetBIOS over TCP/IP queries.

2. NBTscan

NBTscan is a program that is used to scan IP networks for NetBIOS name information. It works by sending a NetBIOS status query to target system and lists received information in human readable form.

Posted on September 5, 2023September 8, 2023 by kanishka10

NTP enumeration for beginners

What is NTP?

NTP stands for Network Time Protocol. Network Time protocol is used to synchronize clocks of networked computers. In simple words, NTP is used to maintain same time on all the computers of the same network. NTP runs on UDP port 123.

What information does NTP enumeration reveal?

NTP enumeration can reveal valuable information such as list of hosts connected to the NTP server, their IP addresses, system names, target server’s operating system etc.

How to perform NTP enumeration?

There are many tools to perform enumerate NTP but for this article, let’s see how to perform it using Nmap scripting engine. Yes, Nmap has specific scripts to enumerate NTP. One such script is “ntp-info.nse”. The “ntp-info.nse” script reveals time and configuration variables from the NTP server. Let’s see how to use it.

As you can see, the above script gives us information not only about the target server’s operating system but also the version of the kernel running etc. Another script “ntp-monlist.nse” can be used to retrieve NTP server’s monitor data.

Posted on September 4, 2023February 23, 2024 by kanishka10

DNS enumeration for beginners

Hello, aspiring Ethical Hackers. In this blogpost, you will learn about DNS enumeration. In our previous blogpost, you learnt what is enumeration and why is it performed, what are its uses and types of enumeration.

What is DNS enumeration?

DNS enumeration is the process of locating the DNS server and viewing its records. By performing this enumeration, an attacker can collect valuable information about the network such as DNS server names, hostnames, machine names, user names, IP addresses etc. You can learn more about the importance of DNS server in DNS Footprinting.

How to perform DNS enumeration?

There are a number of tools that can be used to perform this enumeration. Let’s see some of them.

1. Linux host command

The host command in Linux can be used to perform DNS lookup of a domain. It can be used to retrieve IP address information from domain name and vice versa. See the image below.

We can also query for specific types of records from the DNS server using ‘host’ command. Here are the various records of a DNS server.

Let’s query for mail servers and name servers as shown below.

2. dig

The dig (Domain Information Groups) command is tool for interrogating DNS servers. Just like host command, Dig can be used to perform DNS lookups and query DNS servers. For example, if we want to query for the name servers of a particular domain, we can do this as shown below.