🕹️
Ali Rodoplu
  • 👋Who am I?
  • ARTICLES
  • 🧨Offensive
    • Enum4Linux
    • How to Perform SSH Brute Force Attack and How Can We Protect Our Systems from It?
    • Dictionary Attack via HashCat
    • Credential Dumping via Pypykatz
    • Exploiting the Shellshock Vulnerability and Protecting Yourself against It
    • What is Buffer Overflow Attack and How to Obtain Reverse Shell Using Buffer Overflow Attack
    • How to Kill Microsoft Defender’s Process
    • Getting Reverse Shell with Powercat
    • Creating Backdoor payload and Obtain Reverse Shell via Ngrok and MetaSploit Framework
    • Kiterunner
  • ⚙️Defensive
    • 📺Static Analysis
      • Finding Malwares by Performing Static Analysis with PeStudio
    • 📌Dynamic Analysis
      • Find Malwares using Process Explorer
      • Find Malwares Using Sysmon
      • Malware Hunting using Procmon and Procexp
      • Linux Sysmon
    • 📀Reverse Engineering
      • ILSPY ile Zararlı bir .NET PE'sine Reverse Engineering.
  • 🔥CVE Explotation
    • CVE-2023-48795 Zafiyeti ve Bazı Mitigation Adımlarının Gerçekleştirilmesi
    • Heap Buffer Overflow in libwebp in Google Chrome - CVE-2023-4863
    • HTTP/2 ‘Rapid Reset’ DDoS atağı CVE-2023-44487
    • Exploit the Log4J Vulnerability - CVE-2021-44228
    • Exploit the WinRAR - CVE-2023-38831
  • 🔗OSINT
    • Maltego the OSINT Tool
  • 🎯Attack Simulation
    • Caldera Installation and Simulating an Attack with Caldera
    • How to Install Atomic Red Team, Which is an Attack Simulation Tool?
  • 💻Cyber Security
    • Dolandırıcıların Yeni Dolandırıcılık Yöntemlerinden biri: Youtube Reklamları
    • OWASP And OWASP Top Ten Project
    • Understanding the MITRE ATT&CK Framework and the Relationship Between MITRE and Security Products
    • Machine Learning and CyberSecurity
  • 💿Cyber Security Products
    • Trellix(FireEye)
      • Creating HX Policy And Host Set then Binding Them To Each Other
      • What is Helix and some example about Index Search Inside Data Lake
      • Installation of FireEye HX(currently Trellix HX)
    • CrowdStrike
      • CrowdStrike’s FileVantage Feature and How to Set Policy.
      • CrowdStrike Prevention Policy’s Features and Assigning Policy to the Host Group
  • 💾General
    • What is PrivateGPT and How to Install It
Powered by GitBook
On this page
  • Requirements
  • What needs to be done to avoid such scanning and information acquisition attacks;
  • Resources Used
  1. Offensive

Enum4Linux

PreviousOffensiveNextHow to Perform SSH Brute Force Attack and How Can We Protect Our Systems from It?

Last updated 1 year ago

Use what I'm about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses.

Enum4Linux is a tool used to collect information from Windows and Samba systems. Some information that Enum4Linux can collect;

->Shared files and directories of the target system, ->Working users and groups of the target system, ->NetBIOS name and IP address of the target system, ->Operating system version of the target system, ->Security settings of the target system.

Enum4linux is a tool written in Perl language used in collecting information in penetration tests. So let's talk about how we can use it.

Requirements

-> Kali Linux ->Metasploitable

First of all, deploy Metasploitable, a vulnerable Linux variant, to your environment. Metasploitable's default username and password is "msfadmin". Log in with this information.

Let's see which ports are open by starting an nmap scan from our Attacker machine.

nmap -Pn <Target-IP>

As we see, our SMB ports are open on the target machine. This means that we can continue to look for vulnerabilities in these ports with enum4linux.

The -U parameter is used to list the users on the target.

enum4linux -U <Target-IP>

We can see the status of shared environments by using the -S parameter.

enum4linux -S <Target-IP>

As you can see, we understand that we have access to the <Target-IP>/tmp directory and have permission to list it.

We can see the status of password policy informations by using the -P parameter.

enum4linux -P <Target-IP>

We can check the status of NetBIOS services using the -n parameter.

enum4linux -n <Target-IP>

We can check the all SIDs using the -r parameter.

enum4linux -r <Target-IP>

What needs to be done to avoid such scanning and information acquisition attacks;

->Turn off unused services, ->Staying away from vulnerable protocols, ->Use strong passwords, ->Delete unnecessary users from the system,

Resources Used

Metasploitable does not have a graphical interface by default and I used Metasploitable in one of my previous articles, "", where I explained another vulnerability, the Shellshock vulnerability.

🧨
Exploiting the Shellshock Vulnerability and Protecting Yourself against It
https://null-byte.wonderhowto.com/how-to/enumerate-smb-with-enum4linux-smbclient-0198049/
Metasploitable Terminal
Kali Terminal
Kali Terminal
Kali Terminal
Kali Terminal
Kali Terminal
Image Source:
https://www.kali.org/tools/enum4linux/