Footprinting
Enumeration
Overview
Gather information about target infrastructure including DNS, SMTP, FTP, SMB, NFS, SNMP, and more.
5
Exercises
5
Flashcards
1
Mind Maps
Cheatsheet
DNS
dig axfr @ns.domain.com domain.com # Attempt DNS Zone Transfer dnsenum domain.com # Enumerate DNS info and subdomains subfinder -d domain.com # Passive subdomain enumeration
SMB
smbclient -L //10.10.10.5 -N # List shares with null session smbmap -H 10.10.10.5 # Map shares and permissions enum4linux -a 10.10.10.5 # Run all enumeration checks (users, shares, groups)
SNMP
snmpwalk -v2c -c public 10.10.10.5 # Walk MIB tree with community string 'public' onesixtyone -c community.txt 10.10.10.5 # Brute force community strings
NFS
showmount -e 10.10.10.5 # Show exported NFS shares mount -t nfs 10.10.10.5:/share /mnt # Mount the share locally
Command Examples
Common Pitfalls
- Ignoring low-hanging fruit like anonymous FTP/SMB
- Not trying default credentials
Exam Survival Tips
- Always check for null sessions
- Look for config files in shares
Exercises
View All
multiple choice
easy
Which tool is used to enumerate SMB shares?...
fill command
medium
Write the command to list SMB shares on 10.10.10.5 using a null session with smbclient:...
case file
hard
<pre>smbclient -L //10.10.10.5 -N
Sharename Type Comment
--------- ---- ------...
multiple choice
easy
What port does SNMP typically use?...
fill command
medium
Write the snmpwalk command to enumerate 10.10.10.5 with community string 'public':...