█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Penetration Testing/Scanning and Enumeration
50 minIntermediate

Scanning and Enumeration

After this lesson, you will be able to: Enumerate services in depth, versions, configs, vulnerabilities.

Scanning shows what's open. Enumeration shows what's exploitable. This lesson goes deep on service-specific enumeration: SMB shares, web directories, SSH banners, SNMP communities.

Prerequisites:Reconnaissance and Information Gathering

Enumeration by service

Web (80/443), gobuster/feroxbuster for hidden paths, nikto for known issues. SMB (139/445), `smbclient -L //target -N` lists shares. SSH (22), banner reveals version → search exploit-db. SNMP (161), `snmpwalk` with `public` community often spills configs. FTP (21), anonymous login often allowed in CTFs.

Web directory brute force

Find hidden admin pages, backup files, configs:

tsx
# Gobuster (most common in CTFs)
gobuster dir -u http://10.10.10.10 -w /usr/share/wordlists/dirb/common.txt
# With extensions
gobuster dir -u http://10.10.10.10 -w wordlist.txt -x php,html,bak,old

💡 Banner grabbing

`nc target 22` shows SSH banner like `OpenSSH_7.4`. Look it up, old OpenSSH has known CVEs. Same with Apache, Nginx, FTP daemons. Versions are gold.

Enumeration mindset

  1. 1

    1. Map every service to a version.

  2. 2

    2. Search exploit-db, GitHub, CVE database for that version.

  3. 3

    3. Check default credentials (admin/admin, root/toor).

  4. 4

    4. Look for misconfigurations (anonymous FTP, public SMB shares).

  5. 5

    5. Document everything before exploiting.

Quick Check

First thing to do with `OpenSSH 7.4`?

Pick.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Reconnaissance and Information Gathering
Back to Penetration Testing
Exploitation Basics→