Introduction

What?

System enumeration is a process of connecting to and interrogating a network or system to retrieve information about that network or system. Take information already gathered during reconnaissance (like IP addresses) and during scanning (open ports) and gather as much data about the targets and services running on the targets, using a variety of techniques and tools.

Why?

To discover potential attack vectors in the system, and further exploitation of the system. Items of great interest:

• Network services that are running but not in use.

• Default user accounts that have no passwords.

• User accounts that have a revealed password.

• Guest accounts that are active.

• Security tokens.

How?

• NetBios enumeration

• SNMP enumeration

• LDAP enumeration

• NTP enumeration

• SMTP enumeration

• DNS enumeration

• macOS enumeration

• Linux enumeration

• Windows enumeration

• Scanning virtualised systems

• Scanning cloud infrastructure