Muhammad Daffa Blog

Disclaimer: My post is for academic purposes only, How to use this information is the visitor’s responsibility.

This week, I have Learned about enumerating target. In this post, I will tell you tools that are used to enumerate target for windows servers such as Ldapsearch, enum4linux, and rpcclient.

The ldapsearch tool issues search requests to an Lightweight Directory Access Protocol (LDAP) directory and displays the result as LDAP Data Interchange Format (LDIF) text. Its many options allow you to perform different types of search operations, from simple entry retrieval to advanced searches that involve security or directory referrals. The simplest way to use ldapsearch is by using -x on the command which mean for simple authentication.

Enum4linux is used to extract information from Windows and samba hosts. Personally, I used enum4linux to search for share directories on a windows server and check the server if anonymous login is enabled on the server. In enum4linux, you can search share directories, groups, usernames, etc.

rpcclient is a tool initially developed to test MS-RPC functionality in Samba itself. in rpcclient, there are many commands that are useful for getting information on the target like enumusers, enumgroup, and many more. depending on the credentials that you use, not all rpcclient functions are going to work and some functions might be denied because the credential doesn’t have the authorization to use it.