enum4linux چیست؟

ابزار enum4linux جایگزینی برای enum.exe در ویندوز است که جهت استخراج اطلاعات از سیستم عامل ویندوز و هاست (سیستم) های سامبا مورد استفاده قرا می گیرد. این ابزار به زبان Perl نوشته شده و با ابزار های سامبا از جمله smbclient, rpclient, net ,nmblookup دستورات مشابه ای دارد.


قابلیت های کلیدی این ابزار:


    RID cycling (When RestrictAnonymous is set to 1 on Windows 2000)
    User listing (When RestrictAnonymous is set to 0 on Windows 2000)
    Listing of group membership information
    Share enumeration
    Detecting if host is in a workgroup or a domain
    Identifying the remote operating system
    Password policy retrieval (using polenum)


لینک منبع: https://labs.portcullis.co.uk/tools/enum4linux/
لایسنس: GPLv2
سازنده: Mark Lowe


نمونه دستور:

[email protected]:~# enum4linux -h
enum4linux v0.8.9 (http://labs.portcullis.co.uk/application/enum4linux/)
Copyright (C) 2011 Mark Lowe ([email protected])

Simple wrapper around the tools in the samba package to provide similar
functionality to enum.exe (formerly from www.bindview.com).  Some additional
features such as RID cycling have also been added for convenience.

Usage: ./enum4linux.pl [options] ip

Options are (like "enum"):
    -U        get userlist
    -M        get machine list*
    -S        get sharelist
    -P        get password policy information
    -G        get group and member list
    -d        be detailed, applies to -U and -S
    -u user   specify username to use (default "")
    -p pass   specify password to use (default "")

The following options from enum.exe aren't implemented: -L, -N, -D, -f

Additional options:
    -a        Do all simple enumeration (-U -S -G -P -r -o -n -i).
              This opion is enabled if you don't provide any other options.
    -h        Display this help message and exit
    -r        enumerate users via RID cycling
    -R range  RID ranges to enumerate (default: 500-550,1000-1050, implies -r)
    -K n      Keep searching RIDs until n consective RIDs don't correspond to
              a username.  Impies RID range ends at 999999. Useful
          against DCs.
    -l        Get some (limited) info via LDAP 389/TCP (for DCs only)
    -s file   brute force guessing for share names
    -k user   User(s) that exists on remote system (default: administrator,guest,krbtgt,domain admins,root,bin,none)
              Used to get sid with "lookupsid known_username"
              Use commas to try several users: "-k admin,user1,user2"
    -o        Get OS information
    -i        Get printer information
    -w wrkg   Specify workgroup manually (usually found automatically)
    -n        Do an nmblookup (similar to nbtstat)
    -v        Verbose.  Shows full commands being run (net, rpcclient, etc.)

RID cycling should extract a list of users from Windows (or Samba) hosts
which have RestrictAnonymous set to 1 (Windows NT and 2000), or "Network
access: Allow anonymous SID/Name translation" enabled (XP, 2003).

NB: Samba servers often seem to have RIDs in the range 3000-3050.

Dependancy info: You will need to have the samba package installed as this
script is basically just a wrapper around rpcclient, net, nmblookup and
smbclient.  Polenum from http://labs.portcullis.co.uk/application/polenum/
is required to get Password Policy info.

طریقه استفاده:

[email protected]:~# enum4linux -U -o
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Aug 17 12:17:32 2014

|    Target Information    |
Target ...........
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none

|    Enumerating Workgroup/Domain on   |
[+] Got domain/workgroup name: KALI

نکته: با فلگ U اطلاعات کاربرها، با فلگ o اطلاعات سیستم عامل از هاست استخراج می گردد.

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

19 + چهارده =