Enumeration is the process of using various techniques that query a device or service for information about its configuration and resources. It is a common step in active reconnaissance and crucial to penetration testing. Once you have connected to a host, you can interrogate it for details that will reveal additional attack vectors. The outcome of enumeration can often be used to directly exploit the system and penetrate deeper into the network. Often, enumeration can be done remotely. Although some enumeration can be done without a credential, it is usually much more successful if you can first log in. In many cases, the credential can be that of an average user, and need not be privileged. Techniques that perform enumeration can help you discover information that includes, but is not limited to:
- Operating system details
- User and group names
- Email addresses and contact information
- Password hashes (and sometimes passwords)
- Host names, domain information, and IP addresses
- Volumes and shares
- Services
- Policies and audit settings
- Configuration settings
- Routing, MAC, and neighbor tables
- Installed applications
- Patch levels
- Components and drivers
- Printers and print jobs
- Running processes
- Registry keys
- Event log records
- DNS and SNMP information