IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [enumeration]

Pre-attack is a phase where an attacker attempts to discover information about their target. This can involve network reconnaissance, operational intelligence, historical information, etc.

52 questions
0
votes
1 answer

AutoRecon is taking too long to complete

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g.…
Wolf
  • 347
  • 2
  • 3
  • 15
0
votes
0 answers

Username enumeration with multiple inputs

Consider the case of username enumeration, where a hacker is able to determine a username based on UI feedback being different from a successful entry vs a failed entry. For example, a website's forgot password page asks for a username. If upon…
AgentOrange90
  • 1
  • 2
0
votes
1 answer

Enumerating hosts running Elastic Stack

I am currently working on a project where I need to find a host running a SIEM solution. From my research I am fairly confident that the host is running Elastic Stack, probably within another solution such as SIEMonster, but nonetheless Elastic…
ficabj5
  • 23
  • 3
0
votes
1 answer

How to determine all public IP adresses from within an organization?

I can determine a single public IP address from within the organization (using NAT) by sending a HTTP request to one of the publically available services: curl ipinfo.io/ip However, if my request always takes the same route, then I will always get…
Shuzheng
  • 1,097
  • 4
  • 22
  • 37
0
votes
1 answer

how to do internal subdomain enumerations in corp network?

I need to figure out a good way to do internal subdomain enumerations in corp network? My goal is to find the list of internal subdomains in my organizations. I tried https://github.com/TheRook/subbrute but this is for external domains only. What…
Jenny B
  • 41
  • 3
0
votes
0 answers

How to enumerate DCE services on open port 135?

I did a vulnerability scan on a machine and found a DCE Services Enumeration vulnerability. This is described as: Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the…
123
  • 235
  • 1
  • 6
  • 13
0
votes
1 answer

Subdomain Bruteforcing when every request gets resolved?

Is it possible for an attacker to get a list of the subdomains configured for my server, if every subdomain request gets resolved? In the case of a subdomain that doesn't exist, the server simply resolves to a standard page. In my case it is the…
Tim
  • 41
  • 3
1 2 3
4