Enum4Linux

Image Source:https://www.kali.org/tools/enum4linux/

Disclaimer / Ethical Use Statement

This content and examples are for educational, research, and ethical cybersecurity purposes only. The Proof of Concept (PoC) code and vulnerability tests shown here should not be used to cause unauthorized access or damage.
The author disclaims any legal, financial, or criminal liability arising from the unauthorized application of this content to third-party systems. Users are responsible for testing these materials only on their own systems or in environments where explicit permission is granted.
This content is intended to raise information security awareness and encourage secure software development practices.

Use what I’m about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses.

Enum4Linux is a tool used to collect information from Windows and Samba systems. Some information that Enum4Linux can collect;

->Shared files and directories of the target system,
->Working users and groups of the target system,
->NetBIOS name and IP address of the target system,
->Operating system version of the target system,
->Security settings of the target system.

Enum4linux is a tool written in Perl language used in collecting information in penetration tests. So let’s talk about how we can use it.

Requirements

-> Kali Linux ->Metasploitable

First of all, deploy Metasploitable, a vulnerable Linux variant, to your environment. Metasploitable’s default username and password is “msfadmin“. Log in with this information.

Metasploitable Terminal

Metasploitable does not have a graphical interface by default and I used Metasploitable in one of my previous articles, “Exploiting the Shellshock Vulnerability and Protecting Yourself against It“, where I explained another vulnerability, the Shellshock vulnerability.

Let’s see which ports are open by starting an nmap scan from our Attacker machine.

Bash
nmap -Pn <Target-IP>

As we see, our SMB ports are open on the target machine. This means that we can continue to look for vulnerabilities in these ports with enum4linux.

The -U parameter is used to list the users on the target.

Bash
enum4linux -U <Target-IP>
Kali Terminal

We can see the status of shared environments by using the -S parameter.

Bash
enum4linux -S <Target-IP>
Kali Terminal

As you can see, we understand that we have access to the <Target-IP>/tmp directory and have permission to list it.

We can see the status of password policy informations by using the -P parameter.

Bash
enum4linux -P <Target-IP>
Kali Terminal

We can check the status of NetBIOS services using the -n parameter.

Bash
enum4linux -n <Target-IP>
Kali Terminal

We can check the all SIDs using the -r parameter.

Bash
enum4linux -r <Target-IP>
Kali Terminal

What needs to be done to avoid such scanning and information acquisition attacks;

->Turn off unused services, ->Staying away from vulnerable protocols, ->Use strong passwords, ->Delete unnecessary users from the system,

Resources Used

-> https://null-byte.wonderhowto.com/how-to/enumerate-smb-with-enum4linux-smbclient-0198049/


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *