Network Enumeration with Nmap - Enumeration

#readwise # Network Enumeration with Nmap - Enumeration ![rw-book-cover](https://academy.hackthebox.com/images/favicon.ico) ## Metadata - Author: [[Hack The Box]] - Full Title: Network Enumeration with Nmap - Enumeration - URL: https://academy.hackthebox.com/module/19/section/99 ## Summary Enumeration is a crucial step in network security that involves gathering information about a target system. It focuses on understanding how services work and identifying potential vulnerabilities. Tools can help, but knowledge and attention to detail are essential for effective enumeration. By actively engaging with services, we can discover valuable information that leads to successful access. ## Highlights `Enumeration` is the most critical part of all. The art, the difficulty, and the goal are not to gain access to our target computer. Instead, it is identifying all of the ways we could attack a target we must find. It is not just based on the tools we use. They will only do much good if we know what to do with the information we get from them. The tools are just tools, and tools alone should never replace our knowledge and our attention to detail. Here it is much more about actively interacting with the individual services to see what information they provide us and what possibilities they offer us. ([View Highlight](https://read.readwise.io/read/01jp02ysqt5gwgphdp1pzs751p)) --- It's not hard to get access to the target system once we know how to do it. Most of the ways we can get access we can narrow down to the following two points: - `Functions and/or resources that allow us to interact with the target and/or provide additional information.` - `Information that provides us with even more important information to access our target.` When scanning and inspecting, we look exactly for these two possibilities. Most of the information we get comes from misconfigurations or neglect of security for the respective services. Misconfigurations are either the result of ignorance or a wrong security mindset. For example, if the administrator only relies on the firewall, Group Policy Objects (GPOs), and continuous updates, it is often not enough to secure the network. ([View Highlight](https://read.readwise.io/read/01jp032gxrawnemf5kgep4mev3)) --- `Manual enumeration` is a `critical` component. Many scanning tools simplify and accelerate the process. However, these cannot always bypass the security measures of the services. The easiest way to illustrate this is to use the following example: Most scanning tools have a timeout set until they receive a response from the service. If this tool does not respond within a specific time, this service/port will be marked as closed, filtered, or unknown. In the last two cases, we will still be able to work with it. However, if a port is marked as closed and Nmap doesn't show it to us, we will be in a bad situation. This service/port may provide us with the opportunity to find a way to access the system. Therefore, this result can take much unnecessary time until we find it. ([View Highlight](https://read.readwise.io/read/01jp036z11pzae6psyb5w7fk4n)) ---