What Is Enumeration? 129
During this phase you use techniques such as:■ Pings
■ Ping sweeps
■ Port scans
■ Tracert
Processes unmask varying levels of detail about services. Inverse scanning techniques
allow you to determine which IP addresses from the ranges you uncover in the footprinting
phase do not have a corresponding live host “behind” them.
Now you are ready to move into the next phase: enumeration.
What Is Enumeration?
Enumeration is the process of extracting information from a target system in an organized
and methodical manner. During enumeration you should be able to extract information
such as usernames, machine names, shares, and services from a system as well as other
information depending on the operating environment. Unlike with previous phases, you
are initiating active connections to a system in an effort to gather the information you are
seeking. Consequently you should consider this phase a high-risk process. Take extra effort
to be precise lest you risk detection.
During this phase you are using active connections to the system to perform more
aggressive information gathering. The active connections allow you to perform directed
queries at the system to extract more information about the target environment. Having
retrieved sufficient information, you can assess the strengths and weaknesses of the system.
Information gathered during this phase generally falls into the following types:
■ Network resources and shares
■ Users and groups
■ Routing tables
■ Auditing and service settings
■ Machine names
■ Applications and banners
■ SNMP and DNS details
In previous chapters you were not concerned with the legal issues too
deeply. However, at this point you need to understand that you may be
crossing legal boundaries.