Week 5 (Enumerating Target)

Posted on April 2, 2018 by kevindjoni

In this week’s session, we were introduced to enumeration. It is the phase which allows us to extract useful information from users such as the usernames, passwords, last login time, resources or materials shared on the network and etc from a network. It is later continued with the exercise by using linux to install the NBT application which is used for enumeration. In order to make our job easier, it is advised to study the operating system history of your target as attacks which work on the older OS version may still work on the newer version.

We also practiced on using the NetBIOS Enumerating Tools. Commands in NetBIOS such as the “nbstat” and “net view” commands are used for displaying the NetBIOS table and shows whether any resources or materials have been shared on the network respectively. By using the “net use” command, we can connect to a computer with shared files or folders. Furthermore, we are also introduced to other enumeration tools such as the NetScanTools Pro, Hyena, and etc.

Before we are dismissed, we are given an exercise on enumeration and also a quiz at the end of the session.

Below is a demonstration of target enumeration using wpscan which can be used only for wordpress site.

Firstly, we use wpscan to enumerate the list of user(s) of the wordpress site. However, the site refused as it sees us as a threat, therefore it returns a 403 error code. In order to overcome this problem, we can add “–user-agent” or “–random-agent” in our command to outsmart our target to think that we are a random user of the site.

Once the process is finished, we will get the username of the user.

 

Then create a text file containing of the list of possible password which can be possibly used along with the username. To create .txt file, use the “nano” command followed by the name of the .txt file.

Once we are done with creating the .txt file, To get the correct password from the wordlist, we should type “wpscan –url jo1.pentest.id –wordlist /root/Desktop/possiblePswd –username adminjo –random-agent”. The reason behind stating “–wordlist” in the command is to let kali linux to choose the word from the wordlist regarding the correct password, it is also followed with the path to the txt file and the username of the corresponding password.

This entry was posted in Ethical Hacking and Penetration Test. Bookmark the permalink.

Comments are closed.