Skip to content

Enumeration


🚩 CTFs & Labs 🧪


❔ Quizzes

Port Scanning with Auxiliary Modules

Question Answer
Why might you choose to use an auxiliary module for port scanning during a penetration test if you already have Nmap results? Auxiliary modules can be run during the post-exploitation phase on internal networks
When setting up a port scan using Metasploit’s auxiliary modules, what is an important option you often need to configure? Hosts and port range
What is an auxiliary module in the Metasploit framework primarily used for? Scanning and network discovery

FTP Enumeration

Question Answer
What might cause an FTP brute force attempt to temporarily disable the service? Overwhelming the server with too many login attempts
What is the primary purpose of the FTP protocol? To facilitate file sharing between a server and client
Which port is FTP typically hosted on? Port 21
What type of information can be gathered using FTP auxiliary modules in Metasploit? FTP version and user credentials
Which Metasploit auxiliary module is used to check the FTP version? auxiliary/scanner/ftp/ftp_version

SMB Enumeration

Question Answer
What port is primarily used by SMB on modern Windows systems? Port 445
What is the main purpose of enumerating SMB versions? To identify vulnerabilities and the target operating system
Which Linux utility allows Windows systems to access Linux shares and devices? Samba
In SMB enumeration, why might it be useful to access shares on a target system? To access potentially sensitive files
Which Metasploit auxiliary module is used to enumerate SMB users? auxiliary/scanner/smb/smb_enumusers

Web Server Enumeration

Question Answer
Which web server technology commonly uses port 80 for HTTP communication? All of the these
What does a 401 HTTP response code indicate? Unauthorized
Which HTTP request method is used to retrieve HTTP headers for enumeration purposes? HEAD
Why is the robots.txt file significant in web server enumeration? It lists directories that should not be indexed by search engines.

MySQL Enumeration

Question Answer
Why might a company change the default MySQL port from 3306 to another port? To avoid detection during attacks
What is the default TCP port used by MySQL? 3306
Which Metasploit module can be used to enumerate the version of MySQL running on a target? mysql_version

SSH Enumeration

Question Answer
Why is SSH preferred over Telnet for remote server connections? SSH encrypts the communication channel, preventing man-in-the-middle attacks.
What is the advantage of using SSH key-based authentication over clear-text passwords? Keys provide a more secure method of authentication.
How can Metasploit's SSH enum users module be helpful in the enumeration phase? It finds and lists all usernames on the target system.

SMTP Enumeration

Question Answer
What information does the SMTP enum module provide? User accounts
Which TCP port is used by default for SMTP? 25
What does SMTP stand for? Simple Mail Transfer Protocol
Which ports might SMTP use if SSL/TLS is configured for encryption? 465 and 587