Techniques for Enumeration

Subscribe to my newsletter and never miss my upcoming articles

Listen to this article

° Enumeration Using Email ID

Extraction of information using Email ID can provide useful information like username, domain name, etc. An Email address contains username and domain name in it.

° Enumeration using Default Password

Another way of enumeration is using default passwords. Every device and software has its default credentials and settings. This default setting and configuration are recommended to be changed. Some administrators keep using default passwords and settings. It became so easy for an attacker to gain unauthorized access using default credentials. Finding default settings, configuration and password of a device is not a big deal.

° Enumeration using SNMP

Enumeration using SNMP is a process of gaining information through SNMP. The attacker uses default community strings or guesses the string to extract information about a device. SNMP protocol was developed to allow the manageability of devices by the administrator, such as servers, routers, switches, workstations on an IP network. It allows the network administrators to manage network performance of a network, finds, troubleshoots and solve network problems, design, and plan for network growth. SNMP is an application layer protocol. It provides communication between managers and agents. The SNMP system is consisting of three elements:

° SNMP manager

SNMP agents (managed node) Management Information Base (MIB) Brute Force Attack on Active Directory Active Directory (AD) provides centralized command and control of domain users, computers, and network printers. It restricts the access to network resources only to the defined users and computers. The AD is a big target, a greater source of sensitive information for an attacker. Brute force attack to exploit, or generating queries to LDAP services are performed to gather information such as username, address, credentials, privileges information, etc.

° Enumeration through DNS Zone Transfer

Enumeration through DNS zone transfer process includes extracting information like locating DNS Server, DNS Records, Other valuable network related information such as hostname, IP address, username, etc. A zone transfer is a process to update DNS servers; Zone file carries valuable information which is retrieved by the attacker. UDP 53 is used for DNS requests from DNS servers. TCP 53 is used for DNS zone transfers to ensure the transfer went through.

Services and Ports to Enumerate Services


DNS Zone Transfer

TCP 53

DNS Queries

UDP 53


UDP 161



Microsoft RPC Endpoint Mapper





UDP 137

Global Catalog Service

TCP/UDP 3268


TCP 139


TCP 25

Share this