# Enum4Linux

Image Source:https://www.kali.org/tools/enum4linux/

{% hint style="warning" %} Use what I'm about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses. {% endhint %} Enum4Linux is a tool used to collect information from Windows and Samba systems. Some information that Enum4Linux can collect; ->Shared files and directories of the target system, \ ->Working users and groups of the target system, \ ->NetBIOS name and IP address of the target system, \ ->Operating system version of the target system, \ ->Security settings of the target system. Enum4linux is a tool written in Perl language used in collecting information in penetration tests. So let's talk about how we can use it. ### Requirements -> Kali Linux\ ->Metasploitable First of all, deploy ***Metasploitable***, a vulnerable Linux variant, to your environment. Metasploitable's default username and password is "***msfadmin***". Log in with this information.

Metasploitable Terminal

Metasploitable does not have a graphical interface by default and I used Metasploitable in one of my previous articles, "[***Exploiting the Shellshock Vulnerability and Protecting Yourself against It***](https://alirodoplu.gitbook.io/ali-rodoplu/offensive/exploiting-the-shellshock-vulnerability-and-protecting-yourself-against-it)", where I explained another vulnerability, the Shellshock vulnerability. Let's see which ports are open by starting an nmap scan from our Attacker machine. ```bash nmap -Pn ```
As we see, our SMB ports are open on the target machine. This means that we can continue to look for vulnerabilities in these ports with enum4linux. The ***-U*** parameter is used to list the users on the target. ```bash enum4linux -U ```

Kali Terminal

We can see the status of shared environments by using the ***-S*** parameter. ```bash enum4linux -S ```

Kali Terminal

As you can see, we understand that we have access to the ***\/tmp*** directory and have permission to list it. We can see the status of password policy informations by using the ***-P*** parameter. ```bash enum4linux -P ```

Kali Terminal

We can check the status of NetBIOS services using the ***-n*** parameter. ```bash enum4linux -n ```

Kali Terminal

We can check the all SIDs using the ***-r*** parameter. ```bash enum4linux -r ```

Kali Terminal

### **What needs to be done to avoid such scanning and information acquisition attacks;** ->Turn off unused services,\ ->Staying away from vulnerable protocols,\ ->Use strong passwords,\ ->Delete unnecessary users from the system, ### **Resources Used**