Enumeration: A Comprehensive Guide (April 2025)
This course provides an in-depth understanding of Enumeration, a critical phase in penetration testing and ethical hacking. Participants will explore various enumeration techniques, tools, and methodologies used to extract valuable information from systems, networks, and services. The course includes practical …
This course provides an in-depth understanding of Enumeration, a critical phase in penetration testing and ethical hacking. Participants will explore various enumeration techniques, tools, and methodologies used to extract valuable information from systems, networks, and services. The course includes practical hands-on exercises covering services like NetBIOS, FTP, SSH, MSSQL, VNC, LDAP, and more. By the end, learners will be able to effectively conduct enumeration and implement countermeasures against potential threats
Course Outline:
Module 1: Fundamentals of Enumeration
- What is Enumeration?
- Techniques for Enumeration
- Services and Ports to Enumerate
Module 2: NetBIOS Enumeration
- NetBIOS Enumeration Tools
- Enumerating User Accounts
- Enumerate Systems Using Default Passwords
Module 3: FTP Enumeration
- Banner Grabbing
- TFTP Enumeration
- Metasploit Modules for FTP
Module 4: SSH Enumeration
- Version Scanning
- Banner Grabbing
- Scripts for Enumeration
- Brute-force Techniques
Module 5: MSSQL Enumeration
- Information Gathering
- SQL Users Enumeration
- MSSQL Brute-forcing Techniques
- Interactive Database Shell Usage
Module 6: VNC Enumeration
- Cracking VNC Passwords
- Connecting to VNC Services
Module 7: SNMP Enumeration
- Understanding SNMP (Simple Network Management Protocol)
- How SNMP Works
- Management Information Base (MIB)
- SNMP Enumeration Tools
Module 8: UNIX/Linux Enumeration
- UNIX/Linux Enumeration Commands
- Linux Enumeration Tools
Module 9: LDAP Enumeration
- LDAP Enumeration Tools and Techniques
Module 10: Telnet Enumeration
- Script Scanning Techniques
- Banner Grabbing
- Brute-forcing Telnet
Module 11: Web Enumeration
- HTTP Method Enumeration
- HTTP Basic Authentication
- Checking Running Service Versions
Module 12: MySQL Enumeration
- Basic MySQL Enumeration Commands
- MySQL Brute-forcing Techniques
Module 13: NTP Enumeration
- NTP Enumeration Commands
Module 14: SMTP Enumeration
- SMTP Enumeration Tools and Techniques
Module 15: DNS Enumeration
- DNS Zone Transfer Enumeration using NSLookup
- DNS Enumeration Tools
Module 16: SMB Enumeration
- SMB Enumeration Tools
- Understanding Null Sessions
- Syntax for Null Sessions
- Viewing Shared Resources
Module 17: NFS Enumeration
- Script Scanning for NFS
- Enumerating NFS Shares
- Privilege Escalation using NFS
Module 18: Remote Desktop Enumeration
- Logging in with Known Credentials
- Nmap Scripts for RDP Enumeration
- Brute-force Techniques for RDP
- Adding Users to the RDP Group
- 7 Sections
- 68 Lessons
- 10 Weeks
- DNS Enumeration10
- 1.1DNS Enumeration1 Hour
- 1.2Passive Subdomain Enumeration1 Hour
- 1.3amass1 Hour
- 1.4dnsx1 Hour
- 1.5Internet Archives and Subdomain Enumeration1 Hour
- 1.6Zone Transfer Attack1 Hour
- 1.7Sublist3r – Subdomain Enumeration Tool1 Hour
- 1.8massdns and puredns1 Hour
- 1.9Subdomain Enumeration using wfuzz (VHost Fuzzing)1 Hour
- 1.10Subdomain Takeover1 Hour
- Web Enumeration33
- 2.1HTTP Server Version Detection1 Hour
- 2.2CVE-2019-16278 Exploit (Python Reverse Shell)1 Hour
- 2.3Hack The Box1 Hour
- 2.4Nmap Scan Scripts1 Hour
- 2.5HttpFileServer (HFS) HTTPd 2.3 Exploit1 Hour
- 2.6PHP Version Detection1 Hour
- 2.7Cve-2019-11043 – PHP-FPM Remote Code Execution1 Hour
- 2.8Http Methods1 Hour
- 2.9SickOs 1.2 Machine1 Hour
- 2.10WebDAV Enumeration1 Hour
- 2.11Nmap HTTP NSE Scripts1 Hour
- 2.12Hydra HTTP Basic Authentication Brute Force1 Hour
- 2.13Web Server Scanner1 Hour
- 2.14Shellshock Vulnerability Exploitation – CGI-Bin1 Hour
- 2.15Shellshock Remote Command Injection (CVE-2014-6271)1 Hour
- 2.16Apache mod_ssl 2.8.71 Hour
- 2.17Directory Brute Force1 Hour
- 2.18Dirsearch – Directory Brute Forcing1 Hour
- 2.19Feroxbuster1 Hour
- 2.20Gobuster1 Hour
- 2.21IIS Tilde Shortname Enumeration1 Hour
- 2.22CMS Enumeration1 Hour
- 2.23Wpscan – WordPress Security Scanner1 Hour
- 2.24Xmlrpc Vulnerability1 Hour
- 2.25Mail Masta 1.01 Hour
- 2.26Ad Manager WD 1.0.11 – Arbitrary File Download1 Hour
- 2.27Reverse Shell Plugin1 Hour
- 2.28Joomla Enumeration1 Hour
- 2.29Joomla Exploit – CVE-2015-85621 Hour
- 2.30Joomla Exploit – CVE-2015-8562 – 21 Hour
- 2.31Drupal 7 RCE Exploit (CVE-2018-7600)1 Hour
- 2.32My Tomcat Host1 Hour
- 2.33Tiki Wiki CMS Groupware 21.1 Authentication Bypass (CVE-2020-15906)1 Hour
- FTP Enumeration5
- TFTP Enumeration3
- RPC Enumeration3
- SMB Enumeration13
- 6.1SMB Enumeration1 Hour
- 6.2Null Session (Anonymous SMB Access)1 Hour
- 6.3SMB Version Detection1 Hour
- 6.4smbmap – SMB Enumeration Tool1 Hour
- 6.5SMB Nmap Scripts1 Hour
- 6.6MS08-067 (NetAPI) – Remote Code Execution1 Hour
- 6.7MS17-010 (EternalBlue) Exploit1 Hour
- 6.8MS17-010 (EternalBlue) Exploit on Server 2012 R21 Hour
- 6.9Samba 2.2.8 (Linux BSD)1 Hour
- 6.10Command Execution Tool from the Impacket1 Hour
- 6.11Impacket Secretsdump1 Hour
- 6.12Pass-The-Hash (PtH) Attack1 Hour
- 6.13Samba on CentOS with NTLM Hash Access1 Hour
- NFS Enumeration1
You might be intersted in
-
63 Students
-
24 Weeks
-
85 Students
-
10 Weeks
-
88 Students
-
24 Weeks
-
32 Students
-
16 Weeks