É uma das principais técnicas de levantamento de informação (de forma ativa) que é realizada por um pentester antes que o mesmo comece a realizar de fato os ataques em seu alvo.
Uma das funções dessa técnica é identificar a versão e distribuição do Sistema Operacional, portas abertas, serviços, banners etc. Sendo assim, essa técnica é extremamente importante para que o atacante consiga desenvolver de maneira mais precisa e menos ruidosa seu ataque.
Enumeração de Usuário na Microsoft
Copy GET /rst2.srf HTTP/2
Host: login.microsoftonline.com
Cache-Control: max-age= 0
Sec-Ch-Ua: " Not A;Brand" ;v = "99" , "Chromium" ;v = "101" , "Google Chrome" ;v = "101"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0 ; Win64 ; x64 ) AppleWebKit/537.36 ( KHTML, like Gecko ) Chrome/101.0.4951.54 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml ;q = 0.9,image/avif,image/webp,image/apng,*/* ;q = 0.8,application/signed-exchange ;v = b3 ;q = 0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: pt-BR,pt ;q = 0.9,en-US ;q = 0.8,en ;q = 0.7,ja ;q = 0.6
Content-Length: 1421
<?xml version="1.0" encoding="UTF-8"?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"><S:Header><wsa:Action S:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action><wsa:To S:mustUnderstand="1">https://login.microsoftonline.com/rst2.srf</wsa:To><ps:AuthInfo xmlns:ps="http://schemas.microsoft.com/LiveID/SoapServices/v1" Id="PPAuthInfo"><ps:BinaryVersion>5</ps:BinaryVersion><ps:HostingApp>Managed IDCRL</ps:HostingApp></ps:AuthInfo><wsse:Security><wsse:UsernameToken wsu:Id="user"><wsse:Username>{{user@domain.com}}</wsse:Username><wsse:Password>{{pass}}</wsse:Password></wsse:UsernameToken></wsse:Security></S:Header><S:Body><wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" Id="RST0"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>online.lync.com</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wsp:PolicyReference URI="MBI"></wsp:PolicyReference></wst:RequestSecurityToken></S:Body></S:Envelope> 