Protected by Copyscape Duplicate Content Software

Enumeration is the first attack on target network; Enumeration is a process to gather the information about user names, machine names, network resources, shares and services ; Enumeration makes a fixed active connection to a system

Tools and techniques using for Enumeration
CMD Command :
There are many cmd commands are there but sorry to say its not working for all windows os(tried but failed)
But it is so EFFECTIVE in local area connections :)

1. net use : (Works only in xp and 2000) (tested not worked)
syntax : net use \\<ip address>\IPC$ ""/u:""
Example : net use \\\IPS$ ""/u:""
Defn : It connects to its hidden inner process communication (IPS$) of with build in anonymous user (u:) with a null password ("")

2.nbtstat   : (tested and worked )
Syntax : nbtstat -A<ip address>
Example : nbtstat -A<>
Use : Will get the NetBIOS information and MAC address of the system

3.FTP Enumeration
syntax : ftp <ftp servername>
Example : ftp

4. telnet 
Syantax : telnet <URL/IP> <port number>
Example : telnet 80 (http port number)
Use : connect to a server
PORT              NUMBER
http                       80
ftp                          21
telnet                    23
smtp                     25
dns                        53
tftp                        69
finger                    79
NetBios                137

Tools using for Enumeration

1.Super scan
We are familiar with the tool Super scan in chapter 2

2.IP Tools
It gave information about 

local info- examines the local host and shows info about processor, memory, Winsock data, etc

Connection Monitor- displays information about current TCP and UDP network connections

NetBIOS Info- gets NetBIOS information about network interfaces (local and remote computers)

NB Scanner- shared resources scanner

SNMP Scanner- scans network(s) for SNMP enabled devices

Name Scanner- scans all hostnames within a range of IP addresses

Port Scanner- scans network(s) for active TCP based services

UDP Scanner- scans network(s) for active UDP based services

Ping Scanner- pings a remote hosts over the network 

Trace- traces the route to a remote host over the network

WhoIs- obtains information about a Internet host or domain name from the NIC (Network Information Center)

Finger- retrieves information about user from a remote host

LookUp- looks for domain names according to its IP address or an IP address from its domain name

GetTime- gets time from time servers (also it can set correct time on local system)

Telnet- telnet client

HTTP- HTTP client

IP-Monitor- shows network traffic in real time (as a set of charts)

Host Monitor- monitors up/down status of selected hosts.

Trap Watcher- allows you to receive and process SNMP Trap messages.

Download from :

3.softperfect network  scanner
>Pings computers and displays those alive.
>Detects hardware MAC-addresses, even across routers.
>Detects hidden shared folders and writable ones.
>Detects your internal and external IP addresses.
>Scans for listening TCP ports, some UDP and SNMP services.
>Retrieves currently logged-on users, configured user accounts, uptime, etc.
>You can mount and explore network resources.
>Can launch external third party applications.
>Exports results to HTML, XML, CSV and TXT
>Supports Wake-On-LAN, remote shutdown and sending network messages.
>Retrieves potentially any information via WMI.
>Retrieves information from remote registry, file system and service manager.

Download from:

SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.

Download from :

5.Enumerate systems using default password
Many devices like router, switches, hubs,.......... uses default password; in this website its a collection of default passwords


Reference: CEH slides 5th and 6th edition,
                   McGraw.hill, hacking exposed network security secrets and solution 6th edition 
                  This can be downloaded from torrent or mail me :